GRCI Cyber Risk Discussion Group 2023

08-02-2023 12:00PM 01-11-2023 1:00PM
Online - Livestream, New South Wales, Australia
Member Discussion and Working Party Activities
10
31-01-2023

Please note: You must be a current GRCI Member to participate in these groups and the GRCI Code of Ethics applies to the behaviour of participants in these groups, as does Chatham House Rules.

GRCI members have suggested the convening of a group to specifically discuss cyber risks and their management as relevant to the compliance function within organisations.

The observation of members is that many cyber risks intersect their compliance activities and responsibilities and require a more cooperative approach in line two, to manage these risks and/or when they eventuate.

This discussion group will have progressive, adaptive and standing agenda items with some of the intended outcomes to include:

  • Understanding the regulatory intersect with cyber risk
  • Communicating with your cyber risk partners
  • KRIs that can genuinely assist with evaluating and setting controls for your cyber risks
  • Reporting to the board – who, what and how
The group will also look at case studies to review for lessons learned and potential resources to be developed for the use of the membership.

The discussion group will meet monthly from February to November in 2023 with draft dates below.


Please put these dates in your diary in advance and they will be confirmed in the week prior.

Meetings will be held as listed below, 12 - 1 pm Sydney time via MS TEAMS. 

Please register for this group before mid January to be included in the yearly meetings. Members may join by request at a later date but as there will be no minutes taken of these meetings, late comers will NOT be supplied notes from the previous sessions.

Further topic details will be circulated in advance of each meeting

Meeting Date Agenda theme
8 February 2023 Defining Cyber Risks
8 March 2023 Regulatory intersect with Cyber Risks – who is concerned and who requires reporting
5 April 2023 Case Study review
3 May 2023 KRI’s or data for evaluating cyber risks – where are you getting your intel from?
7 June 2023 Cyber risk controls  - who does what
19 July 2023 Cyber risk controls – who is monitoring what and how do you stay informed
2 August 2023 Reporting to the Board – how are you communicating your risks and their management
6 September 2023 Board assurance of cyber risk – the integral role of the compliance management system
18 October 2023 Events of 2023 – update to items previously covered
1 November 2023 Review of year to date – summary discussion