Krishna Sheshabhattar, Director, Security GRC, Expedia Group and his advisor Randy Spusta, Global Competency Leader – Security Strategy, IBM, gave a first-year progress report on how their careful plan has played out.
Watch the FAIRCON22 session video: Presentation - Expedia Groups’ Approach to Build an Effective Security Risk Management Program with FAIR. A FAIR Institute Contributing Membership is required – join the FAIR community.
IBM Security is a sponsor of the FAIR Institute and the 2022 FAIR Conference.
From the start, Krishna was looking to extend FAIR beyond cyber, to make it the common approach to risk across the organization with the ultimate goal of enabling better, data-driven decision-making.
Their three key takeaways for introducing FAIR at this scale:
Over the course of many meetings, they presented these talking points to win over their audiences:
“This use case proves our point that we can present a cyber issue in terms of a business use case,” Krishna said. “This speaks to the technology leadership and to the business leadership. This is the common driving force that will converge both. This will also empower my CISO to sit down and have a conversation with the CFO to ask for more money.”
Krishna and Randy also presented this ambitious FAIR-program roadmap.
Watch the FAIRCON22 session video: Presentation - Expedia Groups’ Approach to Build an Effective Security Risk Management Program with FAIR.