In today's interconnected digital landscape, organizations face heightened risks that demand robust risk management strategies. With the proliferation of data breaches and regulatory scrutiny, the role of Chief Risk Officers, Privacy Officers, and Third-Party Risk Management programs has expanded significantly. As businesses strive to meet compliance requirements and safeguard sensitive information, the need for structured approaches to data management becomes increasingly apparent.



Here is the verbatim discussion:

I have unmuted uh David if you can hear me questions I can see your hand raised so you'll just have to unmute yourself to start talking if there's anybody else who has a question just raise your hand what's happened in because of the increased risk that organizations have you start seeing Chief risk officers privacy officers third party risk management programs expand and you start seeing the demand to provide repeatable predictable output similar to what we were saying it's a program it has to be built in so when you start looking at some of the SAS Solutions or automation or continuous uh Improvement and continuous scanning Security Solutions similar to what bees is mentioning the tools that he has in place that reduces the burden on the it organizations it allows them to provide that information to the thirdparty risk management programs and what I've been seeing across the industry customers vendors are going through a lot more scrutiny so the the the customers have have to show to their uh their the customers have to show that that um sorry the vendors have to have to show to their customers the different uh the different measures that they' put in place you can't just do business with other companies nowadays without providing some of that evidence that you have the right understand more of the question but if you if I was to try and interpret in a a path forward the structured data versus unstructured data and how you would look at that obviously with the like G Sues and the Microsoft they have labeling and different pieces so you need to have your labeling standard you know be it three four labels that you put together um for data categorization when you start looking at the corporate assets and the office documents that's quite easy and anything you save or open you put in a policy DLP that's that's much more straightforward uh but from a categorization tagging perspective of unstructured structured data for commercial system servicing your business uh the best way I I would approach it is that the pieces that you need to classify that are the most critical address those first put those understand your digital crown jewels understand which uh data is critical put that into the appropriate areas be it you know the encryption or the buckets that would then tag them.



Rising Demand for Repeatable and Predictable Outputs: Organizations are under pressure to provide repeatable and predictable risk management outputs, akin to structured programs. This necessitates the adoption of solutions that streamline processes and reduce the burden on IT departments.

Integration of Automation and Continuous Improvement: Solutions such as SAS (Software as a Service) and automation tools facilitate continuous scanning and improvement in security measures. These technologies not only enhance efficiency but also enable organizations to meet the rigorous demands of third-party risk management programs.

Elevated Scrutiny from Customers and Vendors: Both customers and vendors are subject to heightened scrutiny in their business relationships. Vendors must demonstrate their adherence to security standards and provide evidence of robust risk management practices to earn the trust of their clients.

Structured vs. Unstructured Data Management: Classifying and managing data, whether structured or unstructured, poses significant challenges. While tools like G Suite and Microsoft offer labeling features for structured data, a comprehensive approach is required to tackle unstructured data effectively.

Prioritizing Critical Data Assets: Organizations should prioritize the classification and protection of their most critical data assets, often referred to as digital crown jewels. By understanding the value and sensitivity of data, businesses can implement appropriate encryption and access controls to mitigate risks effectively.


In an era where data breaches and regulatory compliance are top concerns, organizations must adapt their risk management strategies to navigate the complexities of the digital landscape. By embracing automation, continuous improvement, and structured data management practices, businesses can enhance their resilience against emerging threats while building trust with customers and partners. Effective risk management is no longer a choice but a necessity for survival and growth in today's dynamic business environment.



Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.



Ms. Nasheen Liu strong reputation in the Technology community is built upon her proven track record as a leader who practices what she preaches. Results driven, focused, determined and creative, Ms. Liu approaches business management with integrity, sound common-sense principles and unconventional strategy. Ms. Liu’s expertise in technology marketing, C-suite conversations and executive branding in the digital age makes her a well-rounded knowledge expert, a skilled listener and an excellent communicator.


Dave Lawy, based in Toronto, ON, CA, is currently a Managing Director at Quantum Smart Technologies, bringing experience from previous roles at Harvard Business Review and Gartner Research Board. Dave Lawy holds a McGill University. Dave Lawy has 6 emails and 1 mobile phone number on RocketReach.


Pritha Aash, managing parts of content strategy and marketing in a startup called FireCompass. The team has built things first time in the world and i'm overexcited to be part of it. I decided to share some of it and more. I'm an Information Technology Engineer. Prior to that I did my schooling from Sri Aurobindo, Loreto House, Loreto Convent Entally, Kolkata. I like to volunteer in interest groups, communities to help the world we live in be a better place. Currently volunteer at WWF, Khan Academy, SaveTrees.



E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa