GOVERNANCE TRACK | Oct. 11 • 2:45 pm • Room 22–23
Practical Cybersecurity Risk and Control Maturity Assessments
Brian Fricke, CISO, Bank OZK
Learn about a new tool developed using the Critical Security Control (CSC) Framework’s 149 sub-controls that empowers an assessor to communicate with control owners to document how control objectives are being met within the organization. The tool goes further, asking four key measurement questions to establish the overall maturity for each control family. The output of the exercise provides an executive dashboard for reporting over all status, as well as a road map of what is needed to get to higher maturity levels. A secondary outcome is a dashboard of the overall risk posed in each control family, considering Inherent and Residual Risk.
About Brian Fricke
Formerly a civil servant as the CISO and Cyber Security Branch Manager at the US Navy’s Military Sealift Command (MSC) at the Washington Navy Yard in Washington, DC, Brian is a Certified Information Systems Security Professional (CISSP) and holds a variety of relevant certifications (CISM, CCSP, CSSLP etc.). In his role at MSC he was responsible for planning, organizing and managing the implementation of cyber security industry best practice as well as Department of Defense and federal cyber security mandates. A former active duty Marine, he has worked at the Joint Chiefs of Staff in the Pentagon, the US Agency for International Development (USAID), the Securities Exchange Commission (SEC) in Manhattan, and was an officer of the board of directors at the Servicemembers Legal Defense Network (SLDN), a 501(c)(3) nonprofit. He holds a master’s degree in business administration as well as a graduate certificate in strategic cybersecurity enforcement and was class president of The George Washington University School of Business World Executive MBA Class of 2013.