Leading CISOs shared best practices for managing cyber risks at the ISC2 Security Congress 2023 in Nashville [1] [2], Tennessee [2]. They highlighted the importance of utilizing appropriate cybersecurity frameworks based on company size and sector [1]. Additionally, understanding regulatory and contractual obligations and striking a balance between compliance and business impact were emphasized [1].


Andrew Smeaton [2], CISO at Affiniti [2], and Greg Rogers [2], CISO for the State of Maryland [2], provided insights on sustainable cyber risk management in a complex threat and regulatory environment [2]. They emphasized the need to prioritize critical vulnerabilities specific to each organization when creating a sustainable vulnerability management program. Basic cybersecurity measures, such as implementing multi-factor authentication (MFA) and patching, were also highlighted. Furthermore, consolidating security toolkits and effectively communicating risks were identified as key strategies.


The discussions at the ISC2 Security Congress shed light on the impacts of cyber risks and the importance of proactive risk management. By implementing the recommended best practices, organizations can mitigate vulnerabilities and protect their assets. Looking ahead, it is crucial for CISOs to stay updated on evolving threats and adapt their strategies accordingly to ensure effective cyber risk management in the future.


[1] https://www.infosecurity-magazine.com/news/ciso-best-practices-for-managing/
[2] https://osintcorp.net/ciso-best-practices-for-managing-cyber-risk/