We’re welcoming John Sapp to the board of the FAIR Institute, the CISO and VP Information Security at Texas Mutual Insurance Company, a speciality insurer for worker’s comp, based in Austin.
Watch my conversation with John Sapp in this Meet a Member video interview:
John’s background is in governance, risk and compliance and he found FAIR in 2015, looking for a way to bring cyber risk into enterprise risk management. “I had the realization that the best way to have a conversation with a business person…was to put things into a business-risk context.”
In the video John shares insights on these topics and more:
“The first thing is to know and understand what your assets are and to me everything in an organization is an asset, whether it’s people, processes or technology. Be able to use those as a base for saying what are our key assets to protect…Take a standardized methodology to determine risk and quantify it…Know and understand the business, so when you bring those things together, it gives you a compelling story.”
“Cyber security is the one type of risk that can trigger other types of risk: operational, financial, technology, and strategic risk. Helping people understand how one can trigger the other is what we are trying to frame up the risk conversation around – being able to quantify that risk and if the threat or exposure actually occurs, now you can put some dollar amount on that.”
John Sapp will speak at FAIRCON24 on the panel discussion
“Integrating Cyber Into ERM”
CISO-only Track, Tuesday, October 1, 4:20 PM ET
Oct 1-2 in Washington, DC.