Governance, Risk and Compliance at ISC2 Security Congress 2024

Governance, risk, and compliance (GRC) is a dynamic landscape for cybersecurity professionals that continues to evolve at considerable speed. As organizations face increasingly complex threats and regulations, GRC is more critical than ever.

At ISC2 Security Congress 2024, you’ll have the opportunity to explore the latest GRC trends, technologies and best practices, including sessions on core principles, deepfakes and navigating third-party risk management.

GRC Trends

GRC is a structured way for organizations to align their security strategies with their business goals. It includes the technologies, policies, and processes used to manage risk, ensure compliance and maintain effective governance.

Two major trends are having a profound impact on the GRC landscape:

1. Artificial Intelligence (AI): As the use of AI continues to rise, it is becoming a valuable tool for cybersecurity professionals. From automating risk assessments to detecting compliance violations, AI is transforming how organizations approach GRC.
2. Third-Party Risks: Managing third-party risks – in particular software and service supply chains – continues to be a concern as organizations continue to outsource, relying on external vendors and partners for aspects of their operations. Learning how to assess and mitigate third-party risks effectively continues to be an area of focus for all cybersecurity professionals.

Navigating these trends and implementing robust GRC strategies are vital for organizations. Even more so for cybersecurity professionals who are ensuring resilience, compliance and ultimately the safety of their businesses.

Sessions and Speakers at Security Congress 2024

At ISC2 Security Congress, industry experts will share their insights and strategies on how to leverage AI to enhance your GRC program, protect against breaches and more. Here’s a closer look at some of the speakers and what they will be covering at the event:

John B. Sapp, Jr. VP, Information Security & CISO, Texas Mutual Insurance Company	Cyber Risk Governance: Syncing Your Security & Business Needs Cyber Risk Governance has been a challenge for organizations for over a decade. This session will outline a strategic and pragmatic approach for establishing effective cyber risk governance, with the goal of synchronizing security needs with business needs.
Alicia M. Gristmacher MBA, Manager, Cyber Security Compliance Operations, Hyatt Hotels Corporation Steven Tipton Director of Cyber Security Architecture, Hyatt Hotels	Using Subjective and Deductive Reasoning When Performing Third-Party Risk Assessments Learn how to build a risk rating framework and make informed decisions about vendors and new technologies. You will get concrete steps on how to apply the MITRE ATT&CK Framework to your third-party risk assessment process and use subjective reasoning to determine vendor risk.
Christopher G. Pope, MBA, CISSP, CCSP Manager, DevSecOps, ExxonMobil	Charting a Bold Path: GRC Principles for AI and ML Traditional GRC principles are being challenged by the rise of AI and ML, particularly in areas like model transparency, data leakage, and cloud LLM vulnerabilities. To adapt, organizations must combine established GRC practices with new techniques like MLOps and advanced testing to ensure secure and efficient AI adoption.
Ralph Villanueva CC, IT Security and Compliance Analyst, Hilton Grand Vacations	Seven Habits of an Effective IT Security and Compliance Professional This presentation will address the challenges Organizations face when implementing IT security measures. Listen to the lessons learned from 15 years of experience and discover the importance of balancing people, processes and technology in IT governance.