Greg Thompson, CISSP (Canada)
(ISC)² Board Foundation
Committee Chair
(ISC)² Board Strategy
Committee Chair

A Cyber Risk Culture Shift - Embracing “Red”

What does this mean? “Embracing RED”? Perhaps the more important question is; is red always bad?
Before we answer these questions, it’s important to acknowledge that many of us have been conditioned to believe that in all circumstances a red status indicator is in fact a bad thing. When we are faced with red risk indicators, we sometimes follow the well-known, five stages of grief:

  • Denial – “I disagree with the red rating and question its validity.”
  • Anger – “Who’s to blame for this?!”
  • Bargaining – “Hey look, we are planning to mitigate some of this – can we lower the rating?”
  • Depression – “Is my department to blame for this? Will we look bad as a result of this red rating?”
  • Acceptance – “Well – we have no choice; let’s get on with addressing the risk.”

This talk will bring real-world and relatable perspectives to risk culture, specifically how to put risk assessments and the inevitable red indicators in context. It will lay the cultural groundwork to help us overcome the barriers to successfully identifying, reporting and managing the risks we face on a daily basis. It will explain why we need to help our organizations move toward the relentless pursuit of risk identification as a matter of high priority. Lastly, this talk will provide valuable insights into how to demonstrate the value proposition of ongoing, timely and transparent risk reporting.

Lecture in English. Simultaneous translation will be provided for this session.

Greg is a Security and Risk executive with extensive industry experience in industries ranging from Telecommunications to the Financial Services Industry. He has held various executive Risk Management and Information Security positions including:

Head of Global IS Security and CISO for Manulife Financial Corporation (2000-2003)
VP Enterprise Security & Deputy CISO, Scotiabank (2008-2015)
And presently as VP Global Operational Risk, Scotiabank

Greg has been actively involved as a volunteer with (ISC)² for more than 10 years, first serving as a member of the North American Advisory Board and as a contributing member of the Executive Writer’s Bureau.

This is Greg’s second term on the (ISC)² Board of Directors. He previously served between 2011 and 2014.
Greg also currently serves as Trustee for the Center for Internet Safety and Education (formerly the (ISC)² Foundation).
He is based in Toronto, Canada and is married with three children.

Patrocínio Executive Platinum


Patrocínio Platinum


Patrocínio Gold


Patrocínio Silver




© Copyright 2018. (ISC)² Inc. All Rights Reserved

(ISC)² Security Congress Latin America
General contact: +55 11 3056-6000