- This event has passed.
3 CPE – INFOSEC Compliance Now
February 26, 2025 @ 11:30 am – 3:00 pm EST
Explore what’s next in cyber risk and compliance
Uncover tomorrow’s threats, today.
Join AuditBoard for InfoSec Compliance Now 2025, a free half-day virtual event where industry experts dive deep into trends across cyber risk and compliance. Topics include AI, third-party risk management, risk quantification, and more.
Session 1
Demystifying AI Audits: A Practical Guide to Compliance
Complex machine learning (ML) models are often referred to as “black boxes” and even the data scientists that trained the models may not be able to explain the underlying algorithmic decisions. While this lack of visibility is a reality, it doesn’t mean that the entire AI and ML lifecycle is unknowable and unauditable. In fact, AI and ML can and should be part of a comprehensive compliance program.In this presentation, we’ll explore where and how InfoSec, compliance, and audit professionals can assess AI models as well as the risk posed by AI through third parties. We will explain the differences between assessing DevOps and MLOps and show where process inventory, policy management, MLBoMs (machine learning bill of materials), and supply chain safety can be applied to provide visibility and audibility to an ML-aware audit program.
8:30 – 9:30 AM PT1 CPE CREDIT
Diana KelleyCISOProtect AI
Session 2
Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification
IT compliance and cybersecurity teams have long struggled to effectively communicate the impact of threats and vulnerabilities to executives. When done right, cyber risk quantification allows IT professionals to speak the language of the business: financial impact.
While the importance of cyber risk quantification is apparent, many organizations struggle to get these projects funded. Join out experts to explore:
- The basics of risk quantification and how to get started without trying to boil the ocean
- The importance of moving beyond framework-driven security and assurance
- Best practices for communicating the impact of IT security in supporting business growth
- How to drive risk-informed decision-making within your organization
9:45 – 10:45 AM PT1 CPE CREDIT
John SappVP, Information Security & CISOTexas Mutual Insurance Company
Lisa HallCISOSafeBase
Nick GiedtHead of Security Strategy and OperationsRoblox
Olabode OlaokeDirector of Cybersecurity Risk GovernanceBlock
Session 3
From Due Diligence to Resilience: Building Robust Third-Party Risk Management
Organizations across industries rely on third parties to deliver critical services and drive operational efficiency. This collaboration often involves sharing sensitive data to create new opportunities—while also exposing companies to heightened cyber risks.
Join industry experts as they discuss practical strategies, policies, and tools for effective third-party risk management. Learn how to move beyond due diligence to implement risk-based approaches to vendor reviews, effective approaches to managing fourth-party risk, and navigating regulatory requirements including supply chain security. Protect your organization from third-party cyber threats while enabling secure, seamless service delivery in today’s interconnected and data-driven world.
11:00 AM – 12:00 PM PT1 CPE CREDIT
Ashley LingerfeldtDirector Risk, Compliance and AuditQ2
Jennifer CaffreyGRC Program ManagerMongoDB
Roland ChapinSupply Chain Risk & Cybersecurity ManagerGeneral Atomics Aeronautical Systems, Inc.
FYI this is 11:30am-3pm ET. Time shown above is PT