This month of CISO Stories will look at the findings of a cross-sector task force of CISOs and staff who shared details of their incident management best practices, including incident response plans, playbooks, metrics, and business continuity plans.
The Incident Management Best Practices Guide presents a framework and components for the incident management program, including executive support, resources, stakeholder engagement, documented requirements and procedures (plans, playbooks), support systems and tools, training and testing, and continuous improvement metrics and actions. The Business Continuity Best Practices Guide includes sample BIA templates, a business continuity plan template, and guidance for tabletop exercises.
Practitioners will also connect the dots on how effective incident response and business continuity planning can continuously help to improve identity, application, cloud and network security, anti-ransomware efforts, zero trust, email security, threat intelligence, AI and third-party risk management.
I have been at the University for just over 1 yr. Prior to joining the University I spent roughly 15 yrs. working in Corporate America I worked in the insurance, utility, and banking industries. All of my professional roles have been in some form of Information technology.
Isaac is a risk practitioner with over 15 years of experience in risk management, crisis management, and business continuity across various sectors in the LATAM and USA regions. Isaac previously worked at the consultancy firm PricewaterhouseCoopers, and recently joined Constellation Brands to spearhead the implementation of their risk and BC strategy.
Suyesh Karki is Domo’s chief information security officer and vice president of enterprise IT. He leads the company’s worldwide security team, corporate IT team and operations, and is in charge of customer trust, risk management, compliance, application security and cloud security engineering . Suyesh also oversees Domo’s Security Operations Center (SOC) and IT Service Management and Orchestration teams. At Domo, he has lead efforts in implementing a data classification model and zero trust access principle, deploying SIEM and GRC solutions, and obtaining security certifications including ISO27001, ISO27018, HITRUST, HIPAA and SOC2. Suyesh also works with customers to tailor security models that ensure security, compliance, privacy and governance requirements in highly regulated industries. Prior to Domo, Suyesh led the Ernst & Young LLP IT Advisory practice for the Utah region.
Gregory Wilson is a global business leader, trusted strategic advisor and leading expert in digital and cybersecurity risk oversight and governance risk and compliance.
Dr. Dustin Sachs is the Chief Technologist and Sr. Director of Programs at CyberRisk Collaborative. He is a highly accomplished cybersecurity professional with a proven track record in risk management, compliance, incident response, and threat mitigation. He is CISSP-certified and holds a Doctor of Computer Science (DCS) degree in Cybersecurity and Information Assurance. Dr. Sachs has worked in various industries, including public utilities, food distribution, and oil and gas. He is a respected thought leader in the cybersecurity community.