The CIO Cyber & Risk Network Mandate:
To provide CIOs in Australian organisations with a forum in which to share their issues and approaches to cyber security and risk. The intended outcome is that organisations make better informed decisions to help protect their organisations, staff, customers and the economy.
Not all Australian organisations are fortunate enough to have a Chief Information Security Officer. But not having a CISO doesn’t mean the challenge of managing cyber risk goes away. IBRS clients have been telling us that the frequency with which they are being asked to report on cyber security to their boards has increased. Now, four times a year is the minimum, and the board members are asking better, more in-depth, questions. The CIO Cyber and Risk Network is a vendor independent forum for CIOs to share with and learn from each other.
Who can participate?
The CIO Cyber & Risk Network is a service for CIOs who are accountable for cyber security as part of their role.
To ensure that trusted relationships can develop, and provide an experience of continuity within the group, CIOs invited to participate will not exceed 20
The CIO Cyber & Risk Network is an invitation only forum. This is to ensure that the forum is not swayed by vested interests, and that the participating CIOs are assured of the confidentiality of the discussion.
4 gatherings per year. Each gathering will be for 4 hours; 2 hours as a formal facilitated discussion and a 2 hour informal session which is an opportunity for the CIOs to have the 1:1 and small group conversations to follow up to the formal session.
IBRS will facilitate each gathering.
IBRS will also coordinate any external guests.
All gatherings are closed door, and held under the Chatham House Rule.
A summary of findings is distributed after each gathering
Participate in a distribution list of like minded CIOs
Should a CIO not be available to attend a gathering, sending a direct report is possible but discouraged. If direct reports are sent too often, as determined by the group, the CIOs’ invitation to participate may be withdrawn and no refund will be offered.
CIO Cyber & Risk Network August 2018
The Cyber and Risk Network August gathering focused on four areas;
Incident Response & GDPR
Maturing Cyber Security functions - participants highlighted four very different approaches
Scaling Cyber Security functions - participants discussed six different strategies
Validation of Controls
Technical sharing among the participants provided some good market insights into new and established vendors offering security solutions