Six Steps to an Affordable Risk-Based Information Security Program

Presented on:
December 11, 2018 12:00 PM PT
30 minutes

Smart companies accept they’ll face a cybersecurity breach eventually, but information security can be expensive and difficult to set up and maintain. By using a risk-based approach, companies can manage costs without sacrificing effectiveness—creating a low-risk environment using the right amount of capital and resources.

In this 30-minute webcast, we share the six steps to implementing a practical, risk-based information security program—allowing you to manage costs without sacrificing effectiveness.



Francis Tam, Partner, Moss Adams

Francis has practiced public accounting with a focus on risk and compliance consulting since 1994. He concentrates on risk-mitigation activities relating to information technology and security. Francis’ expertise includes the application of multiple industry-specific cybersecurity frameworks including the payment card industry (PCI-DSS) security framework, National Institute of Standards and Technology (NIST) cybersecurity framework, AICPA’s system and organization controls (SOC 1-2-3) guidance, and many others. Francis helps his clients develop a comprehensive approach to information security and technology controls which may include cost-benefit or system analyses, compliance and internal controls reviews, project management and quality assurance, business process reengineering, penetration testing, external operational assessments, policy development, or financial audits. He works with a variety of industries and has deep experience in financial services, technology, communications, and life sciences.

Mark Edwards, Director, Moss Adams

Mark is an information security veteran who has been solving corporate cybersecurity problems since 2001. His background includes experience working as a global cybersecurity and privacy consultant covering a wide range of industry groups, regulations (GDPR, PCI, HIPAA, CFS, etc.), and frameworks (NIST, ISO, HITRUST CSF, COBIT, etc.). He helps commercial entities protect from cyber theft through his deep technical understanding of security technologies and solutions as well as a strong knowledge of global threats and compliance requirements. Prior to joining Moss Adams, Mark held director and executive-level positions for technology and cybersecurity companies and was the deputy chief information security officer for a defense contractor.

Registration Form

Please make sure Javascript is enabled and your browser is up-to-date.