Schrems II – Transfer risk triage and other adventures in scoping

A talk by Sarah Clarke
Data Protection & Cybersecurity GRC, Infospectives Ltd

Register to watch this content

By submitting your email you agree to the Terms of Service and Privacy Statement
Watch this content now

Tracks covered by this talk

About this talk

A robust data protection or cybersecurity risk assessment is a specialist undertaking. Specialists are in short supply. If your assessment target handles very little data and can be down for a month, how serious can a broken control really be?

You cannot pen test everything. Not every vulnerability is an intolerable risk. That’s where Sustainable Risk Triage (SRT) can come in.

Oversimplification gifted us a thousand tick-box compliance memes and arbitrary scoping decisions, often just based on spend. Starting at the top of a testing to-do list and just working downwards. Burn out, incidents, and audit points, because time and money ran out.

This session is about a middle way. A governance approach standardising and simplifying conversations about achievable work and risk. Creating a defensible justification for de-scoping or deferral. Building hooks into next steps. Linking to available resource.

Whether for Schrems II, 3rd party assessment, or applying a better quality risk lens to vulnerability reports, this session will look at how SRT works as a concept and how it could be tailored for different purposes.

Sponsor this Event

Your logo could go here!

If you'd like to get your brand in front of attendees contact us.