Presented by Tolgay Kizilelma, Ph.D. • CISO at UC, Merced
Risk management is an integral part of information security programs. These programs usually are based on frameworks to improve the information security posture of an organization, and to reduce risk. Questions from decision-makers, such as "How much risk do we have? Which activities and gaps should be addressed and prioritized?" are not easy to answer. The presentation will focus on understanding, analyzing, and quantifying information security risk in financial terms, ensuring business-IT risk alignment resulting in informed and cost-effective business decisions.
A business-IT leader with twenty-five years of industry experience covering the whole IT spectrum. He is currently leading the cybersecurity efforts as the Chief Information Security Officer at University of California Merced. After almost two decades in private sector, Tolgay joined UC and initially worked for UC Agriculture and Natural Resources leading statewide infrastructure projects and help desk, network, systems, and information security teams. He is an advocate of lifelong learning and teaches graduate business analytics courses at Saint Mary's College of California. His current research interests are cybersecurity, business analytics, and educational IT programs. He has various industry certifications, an MBA, and PhD focusing on information security, quality, and patient safety.