Day One: Tuesday, February 1, 2022
10:30 EST15 min
10:45 EST60 min
- Defining Zero Trust
- Why Zero Trust
- Architecture and Concepts of Zero Trust
- Approach to Zero Trust
11:45 EST60 min
What do we need to consider when communicating risk in the public sector? In this presentation, we’ll talk about risk communication from various aspects, such as the language we use, the sender-receiver model of communication, the context in which we discuss risk, and, of course, the public sector environment. We’ll draw on some previous presentations to highlight successful communication techniques and settings, and finally, we’ll propose some indicators of good risk communication.
12:45 EST45 min
13:30 EST60 min
We have all heard about “The Great Resignation” and its possible implications on the economy. But what is it? What risks does it hold for you and your organization? This session will examine its impacts and implications, but also provide helpful tools and discussion to assist you both now and in the future.
14:30 EST60 min
The Government of British Columbia’s ERM Program has been in place since 2002 and includes formal risk reporting from over 20 provincial ministries who oversee an additional 100+ public sector organizations (PSOs) including crown corporations, public school districts, postsecondary institutions and health care agencies.
Establishing a risk maturity baseline and identifying areas of strength and improvement assist in driving risk management practices within the BC Government and PSOs. From working with clients to develop risk management frameworks, program level risk assessments, to cross government initiatives, integrating the risk conversation into senior decision making is key to an effective risk management program.
In this session, Anna Maria and Jeff will:
- Introduce the risk maturity model used by the Government of British Columbia
- Explore the model’s five pillars of risk management excellence
- Outline strategies to encourage “optimized” risk management performance
- Demonstrate how this model aligns with the ISO 31000 standard
- Facilitate discussion and breakout activities
15:30 EST60 min
- What is Ransomware going to do in 2022?
- Why will it get worse, before it gets better?
- How can Simulations Help?
- What other shockingly simple things the public sector does to manage their risk?
16:30 EST45 min
- Freight rail risk management from 1996 to present
- Passenger rail risks in a high frequency environment
- Deregulation and Regulation as risk environments
Day Two: Wednesday, February 2, 2022
10:30 EST60 min
Traditionally business continuity has been strongly linked to disaster and emergency management. While there is a case to be made that they have similar origins and shared goals, continuing to view Business Continuity within the emergency management framework tends to lead to an overemphasis on emergency response. By creating a stronger link to enterprise risk management and re-organizing business continuity within the corporate services envelope, the emphasis shifts towards mitigation and planning, which ultimately can create stronger organizational resilience and the achievement of the organization’s mandate.
- Discuss and contemplate the distinction (i.e. differences and similarities) between Business Continuity Management and Disaster Management and why this distinction is important
- Discuss Business Continuity Management as a corporate function and how to integrate risk management practices
- Explore a case study on applying a risk management lens to business continuity
- Consider possible changes to one’s own business continuity program by strengthening the application of risk management
11:30 EST45 min
Panel discussion on maturing the organisation along the risk management maturity model and how this could be a game change for an organization. Session will include a panel of public sector leaders who will share their perspectives and experiences, whilst discussing both challenges and opportunities.
12:15 EST45 min
13:00 EST60 min
- What exactly is an insider threat and why does it matter to you?
- Definition of an insider threat
- Role of dark triad personality traits
- Role of social bonds and life-course theory
- Is your business providing protection against Insider Threats?
- Insider threats in the government of Canada
- Impact of Insider threats in business
- Current reactive approach to insider threat programs
- Defining the critical need for preventative insider threat programs
- How will this be done?
- What are the ethics
- What it might look like
14:00 EST60 min
15:00 EST60 min
- What is Risk Management
- Definition of terms : Risks, threats, vulnerabilities
- Risk Management in Cybersecurity (relates to CIA triad – confidentiality, Integrity & Availability)
- Approaches to treating Risks related to cybersecurity – Basis . Consideration for costs and likelihood
- A look at the NIST Risk Management Framework as a basis to addressing cybersecurity risks
16:00 EST60 min
- Leadership (Top Down Ethics)
- Foundation (Building a risk management framework)
- Transparency and Communication
- Ongoing monitoring and training (practice, review, make it a habit)
- Support with Technology