What are you looking for?

CISO Round-Table – Empowering the C(I)SO with Enterprise Security Risk Management

CISO Round-Table – Empowering the C(I)SO with Enterprise Security Risk Management

Enterprise level security management is becoming the indispensable, next generation approach to shaping the security function’s strategy, risk and compliance mandates; and an efficacious aid in avoiding control gaps by interlocking an enterprise’s security organization, people and processes.

As headlines in the news amply point to, such an approach commends itself to both private and public organizations. Hence, the management convergence of all security disciplines – cyber, information, physical, personnel, event, executive/board room/TSCM, travel, awareness and others – will be key in mastering today’s and tomorrow’s multi-vector and increasingly interdisciplinary security challenges. Pursuant to ASIS’ Enterprise Security Risk Management (ESRM) philosophy and best practice, the point of departure on the road to ensconcing a comprehensive security management system is an organization’s maturity vis-à-vis the ESRM approach and the convergence of security disciplines that lies at its core. For not only are organizations likely to open up new attack vectors between the figurative cracks of individual security disciplines in, at times, quasi-autonomous silos, but are the driver in the creation of an undue imbalance between individual security disciplines. Such a state of affairs also has demonstrably created new attack surfaces for internal and external adversaries. In Switzerland and other advanced economies, it is typically highly mature IT-security functions that exercise their mandates adjacent to, and relatively ignorant of, other security disciplines, the existence of which they may have only noted on their respective organizational chart. This ubiquitous imbalance between security disciplines in silos, and of at times wildly differing maturity levels between, and complete lack of coordination amongst, themselves, offers uncounted opportunities that can be exploited by a perturbing array of malicious actors.


About The Speakers

Doron Zimmermann PhD

Accomplished and results driven senior security manager with national security background at cabinet level in government and board level in private sector leading full spectrum of cyber, information, and corporate security domains for finance, energy, logistics, and telecommunication industries. Proven ability in information security conception/architecture, threat intelligence analysis, editing/streamlining of products, and balancing various contact and interest groups; cross-departmental security stakeholder management in private sector, federal administration, and in research/teaching. Adept at establishing security standards for numerous regulated industries and in critical (information) infrastructure protection (e.g. ISO 27001/2; ISACA Implementation Guide for 27001; NIST; BSI Standard 100-1; ASIS Enterprise Security Risk Management). Demonstrated history of success in corporate security risk management and cooperation with authorities at federal, EU (ENISA), and professional/specialist associations (ASIS, ECSA, ISACA).
Lead Security Strategy, Risk and Compliance at Pragmatica AG

Event will take place at