ATLSECCON 2025

In an era where technology permeates every facet of organizational operations, the development and implementation of comprehensive policy is paramount. However, maintaining these policies becomes problematic when technology (especially Cyber Security) constantly changes, organization’s need a better approach. This session outlines the methodology and strategic approach to creating and implementing the Technology Use Manual (TUM), which encapsulates all policies, practices, and standards required for compliance with the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).

As cyber threats like ransomware and data breaches continue to rise, understanding the role of cyber insurance is essential for CISOs and infosec specialists. This presentation will explore the critical intersection between cyber insurance and cybersecurity strategies, highlighting its importance in mitigating financial risks and enhancing organizational resilience. Attendees will gain insights into the current cyber threat landscape and learn how to integrate cyber insurance with proactive risk management. Participants will leave with actionable strategies to strengthen their organization’s defenses against evolving cyber threats.

As cyber threats like ransomware and data breaches continue to rise, understanding the role of cyber insurance is essential for CISOs and infosec specialists. This presentation will explore the critical intersection between cyber insurance and cybersecurity strategies, highlighting its importance in mitigating financial risks and enhancing organizational resilience. Attendees will gain insights into the current cyber threat landscape and learn how to integrate cyber insurance with proactive risk management. Participants will leave with actionable strategies to strengthen their organization’s defenses against evolving cyber threats.

In today’s ever changing digital landscape, higher education institutions continue to strive to protect their technology assets and data from cyber risks. As stewards of corporate governance - management and the board of trustees partner together to navigate through these enterprise risks and build a sustainable culture of cyber responsibility. 
 
In this informal conversation, Kevin Magee, Board of Trustee at Brock University and former Chief Security Officer for Microsoft Canada and Gemma Ahn, AVP and Head of ITS Brock University share practical insights on how to build a mutual understanding of cyber-related risk, foster accountability and ensure strategic alignment.

This presentation will cover digital risk measurement, monitoring and reporting digital risks by employing automation. The below topics will be covered:

1) Risk Appetite as a Foundation for Risk Metrics
2) The What, Why and How of Risk Metrics 
3) The Essence of Risk Reporting 
4) Making Risk Reporting Effective 
5) Automation Case Study

The Learning Objectives will be to:
1. Get familiar with Risk Appetite
2. Understand the what and why of Risk Measures / Metrics
3. Understand the Metric build process