Steve Reznik

Not all risk assessments are created equal. And many compliant methods are not useful for running the business. This session will accelerate your approach to the high quality decision data desired by internal stakeholders while making your external stakeholders smile.

Enhancing Your Cyber Risk Management to Meet Increased Expectations: Steve was one of four panelists who discussed regulators’ increased focus on cyber risk management and methods being implemented to identify and mitigate this risk.

In one of the most closely listened-to panel discussions of the 2019 FAIR Conference: “Pen-Testing Your Board Pitch,” starring two veteran board members, James Lam (E*TRADE) and Chris Inglis (FedEx), presented attendees with a rare opportunity to hear directly from the source what board directors want to know before bestowing their support – or throwing you out of the room.

The session began with two skits – one cringe-inducing, one applause-generating. In the first dramatization, two… Show more

In one of the most closely listened-to panel discussions of the 2019 FAIR Conference: “Pen-Testing Your Board Pitch,” starring two veteran board members, James Lam (E*TRADE) and Chris Inglis (FedEx), presented attendees with a rare opportunity to hear directly from the source what board directors want to know before bestowing their support – or throwing you out of the room.

The session began with two skits – one cringe-inducing, one applause-generating. In the first dramatization, two self-confident but old-school and still using qualitative reporting infosec executives played by Jeff Welgan of CyberVista and Steve Reznik of ADP brief the board (played by James and Chris) of an imaginary bank on their security posture after a data breach at a competitor bank, complete with a colorful heat map presentation... Show less

Check out this resource for mapping what you are doing now to what the regulators and standards bodies are asking for.

This is my short presentation to the FAIR Breakfast during the 2019 RSA Conference on how to:
-Create a common risk view
-Make risk-aware business decisions
-Select better metrics

WARNING! Viewer discretion is advised. This presentation contains talking emojis, slides with more numbers than words, and a brief instance of drama. Watching it may change your definition of risk and enable you to make better decisions.

Marta and I present a case study using sensitivity analysis to tweak risk factors and illustrate the effect on a baseline risk assessment. For instance, a decrease of one percent in vulnerability reduces loss exposure by the same amount as does responding to an incident 10% faster.

FAIR Practitioner Panel: "How to Build a Quantitative Risk Management Program"

Steve Reznik collaborated with a team of IT leaders from several countries and industries to draft the process model component of the The Risk IT Framework. He also contributed to the Risk IT Practitioner Guide.

My thoughts on enterprise risk assessment and using COBIT in a relational database format to create a risk and control matrix. I've continued to develop these approaches with clients and embedded them into The Risk IT Framework.

Abstract: "Recent surveys continue to show a serious weakness in how corporate executives and boards are involving themselves with critical IT risks."

Here I provide advice to CEOs who want to take charge of IT governance and focus on the needs of IT people. I'm proud of the article's behavioral based maturity model and used it while developing the process maturity model for The Risk IT Framework.