Business Continuity Management / Disaster Recovery , Cybercrime , Cybercrime as-a-service

'When, Not If': Crafting Cyber Resilience Plans That Work

Best Practices From CISO Kevin Li and Incident Response Expert Rocco Grill
Kevin Li, CISO, MUFG Securities Americas, and Rocco Grillo, managing director, Alvarez & Marsal

To excel at cybersecurity incident response, start with planning, preparation and, ideally, regular tabletop exercises, say Kevin Li, CISO for MUFG Securities Americas, and Rocco Grillo, managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice.

See Also: Ransomware Response Essential: Fixing Initial Access Vector

In a video interview with Information Security Media Group at RSA Conference 2022, Li and Grillo also discuss:

  • Top people, process and technology challenges around incident response;
  • Best practices for setting cyber resilience expectations with senior managers and boards of directors;
  • How the discipline of cyber and business resilience looks set to evolve.

Li leads the MUSA information security group that is responsible for information risk management, security operations and engineering, application security, and business continuity and disaster recovery for the broker dealer. He has over 20 years of experience working at large global financial institutions. Previously, he held leadership technology risk and audit roles at DTCC, Guggenheim Partners and Apollo Global Management. Earlier in his career, he worked for Goldman Sachs, Lehman Brothers and Barclays Capital, supporting application development and infrastructure groups.

Grillo leads Alvarez & Marsal's multidisciplinary teams that provide cyber risk and incident response services to clients globally. He has been a trusted partner of multiple government agencies, including the FBI and the U.S. Secret Service, where his cyber expertise was instrumental in investigating and resolving a variety of cyber-based crimes. Previously, he's held leadership positions at a variety of professional services organizations, including Stroz Friedberg/Aon Cyber Solutions.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.