Schrems II - Transfer risk triage and other adventures in scoping

When (day):
18:30 - 20:30

About this talk:

A robust data protection or cybersecurity risk assessment is a specialist undertaking. Specialists are in short supply. If your assessment target handles very little data and can be down for a month, how serious can a broken control really be? You cannot pen test everything. Not every vulnerability is an intolerable risk. That’s where Sustainable Risk Triage (SRT) can come in. Oversimplification gifted us a thousand tick-box compliance memes and arbitrary scoping decisions, often just based on spend. Starting at the top of a testing to-do list and just working downwards. Burn out, incidents, and audit points, because time and money ran out. This session is about a middle way. Standardizing and simplifying conversations about achievable work and risk. Creating a defensible justification for de-scoping or deferral. Building hooks into next steps. Linking to available resource Whether for Schrems II, 3rd party assessment, or applying a better quality risk lens to vulnerability reports, this session will look at how SRT works and how it could be tailored for different purposes

Back to list of all Working Sessions