Speaker:
Nick Sturgeon
IU Health & IU School of Medicine

Abstract: How does an organization know which security controls, applications, or programs to implement, when everything is a threat and every system is vulnerable? Looking at cybersecurity through a risk management lens is one way of reducing the noise of the threat environment. This presentation will discuss why having a Cyber Risk Management (CRM) program is a critical piece to an effective cybersecurity program. This presentation discuss the various Cyber Risk Management frameworks, the building blocks of an effective CRM program, regulatory & standards bodies driving cyber-risk management, metrics, CRM life cycle, and finally, how CRM fits into the overall Enterprise Risk Management program. At the end of the presentation the attendees will have the building blocks to start building a Cyber Risk Management program in their organizations. Additionally, this presentation will look at a few case studies through the cyber risk lens and how a CRM program would have aided in identifying those issues and risks.

About:
Nick Sturgeon currently serves as a Director of Information Security for IU Health and IU School of Medicine. His responsibilities include supporting the IU School of Medicine cyber risk management program and leading IU Health’s Security Research & Red Team. Nick has worked in Information Technology for over 15 years, with 10 years in Cybersecurity, nine years in Law Enforcement, and 10 years in State Government. Nick earned his Bachelor of Science in Management Information Systems from Indiana State in 2003 and a Master of Science in Cyber Forensics from Purdue 2015. Nick has extensive experience in incident response, digital investigations, criminal investigations, digital media recovery, criminal law, data governance, end point protection, network & log analysis, vulnerability management, security operations, incident management, project management, as an instructor, and service implementation of managed security services. Throughout his career he has supported multiple industries and sectors including, academia, State\Local\Tribal\Territorial (SLTT) Governments, healthcare, Information Technology and manufacturing. In addition to his current duties, Nick is a host on two podcasts, is a part time Information Security Instructor at UTSA and Adjunct Professor at the University of Southern Indiana. He also serves as a board member for the Cyber Resilience Institute, Ohio River valley Chapter of the Cloud Security Alliance, and the National Council of Registered ISAOs.

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info