The Evolution from Governance, Risk & Compliance to Cyber Risk Governance | A Conversation with John Sapp | Redefining CyberSecurity Podcast with Sean Martin

Guest: John Sapp , VP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]

On Linkedin | https://www.linkedin.com/in/johnbsappjr/

On Twitter | https://www.twitter.com/czarofcyber

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of Redefining Cybersecurity, hosted by Sean Martin, listeners are invited to explore the complex landscape of cyber risk governance. John Sapp, a seasoned professional in risk management, emphasizes the importance of defining cyber risk from the perspective of various executives. The CIO, CFO, COO, and general counsel each own different aspects of risk within an organization, and understanding their perspectives is key to effective risk management.

The conversation takes an intriguing turn as John introduces the concept of approaching cyber risk governance as a product. This involves understanding the desired outcomes, defining the requirements, and creating personas for different stakeholders. The aim is to develop a common pane of glass, a unified perspective through which each persona can access near real-time information to make informed decisions.

John also underscores the importance of presenting information to various stakeholders, including the board and cyber insurance carriers, in a way that demonstrates the strength of the organization's cyber risk program. This approach has tangible benefits, such as a reduction in cyber insurance premiums based on the strength of the cyber risk program.

The episode concludes with a discussion on the importance of collective decision-making in managing cyber risk. John emphasizes that it's not about presenting some information and giving somebody responsibility to make a decision, but rather about presenting information in different ways to all the different personas to spur a conversation so that the team can determine the best path forward.

This episode is a must-listen for anyone interested in understanding how to approach cyber risk governance in a way that is both effective and efficient. It provides valuable insights into how to manage risk in an ever-evolving digital world.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network