Using Information Security and Privacy Metrics to Bridge The Disconnect Between Management and Boards

With the increasing cyber threat landscape, boards are facing mounting pressure concerning their oversight of data security and privacy risks. Metrics should support business goals and regulatory requirements. This will automatically connect metrics to the business which can help with stakeholder buy-in and bridge the gap as well as ensuring resources are efficiently used. This proposal seeks to address the following questions:

What Metrics and Why?
Whom to report to and How?
When to report?

Slide Desk

Speakers

Deidre Brocklehurst

Advisor, Information Access & Privacy | British Columbia Institution of Technology

Deidre has over 20 years of public sector experience working in archives, records management, and privacy. In the role of Advisor for Information Access and Privacy at BCIT, she conducts privacy impact assessments, provides advice on privacy issues to all levels of administration, and builds awareness of privacy and access to information concerns through employee training. Deidre holds a Master of Arts degree from UVIC, a Master of Archival Studies degree from UBC, and is a Certified Information and Privacy Professional, Canada (CIPP/C).

Nthusi Kaisara

Senior Cyber Security Analyst | British Columbia Institute of Technology

Nthusi is a Cyber Threat, IT Risk Governance & Compliance professional who is experienced in Information Security (9 years), Business Analysis (7 years), Privacy Risk (1.5 years), and Assurance (2 years). She currently holds ITIL, COBIT®5, NIST Cyber Security Framework Implementation using COBIT®5 certifications and has strong cyber security standards expertise. Prior to joining BCIT, Nthusi contributed immense value to client’s business by performing various consulting services such as Implementation of IT Strategy, IT Consulting, Business Process Reengineering\Improvement, IT Governance, IT Risk Assessments, Privacy Impact Assessments, compliance (SOC 2 Type 1\2, ISO27001\2, PCIDSS) IT Consulting Engagements. Nthusi is a client focused professional with in-depth experience in working with various clients in different industry such as Public Sector, Financial Services, Banking, Transport & Tourism, Life Sciences & Health Care, Energy & Resources, and Technology, Education Telecommunication industry in North America, UK and Africa.