Loading Events
Date June 19, 2018 Time 8:00 am - 10:00 am Chapter Saskatchewan

How Much Cyber Security is Enough?

Sponsored by the Institute of Internal Auditors – Saskatchewan Chapter

Michael McCormack


When it comes to investing in cyber security, there are several questions that are frequently asked by the C-suite:

  • Am I spending enough on cyber security?
  • Am I spending on the right enhancements for cyber security?
  • How much cyber security is enough?
  • How do I measure the effectiveness of my cyber security program?

A challenge with cyber security is that the cyber threat is always evolving, resulting in the requirement for enhancements or new capabilities in order to ensure the confidentiality, integrity and availability of computer systems and the data that they hold.

This presentation will cover what organizations should be doing when it comes to cyber security, and what organizations should be planning on doing. We will also discuss the concepts of “how much cyber security is enough” and “how to measure the effectiveness of the cyber security program.”

About the Presenter

Kent Schramm

Kent is a Director within Deloitte’s Cyber Risk Services. Kent has 30 years’ experience in the public sector. Since joining Deloitte, Kent has worked with clients at the federal, provincial and municipal governments, in the financial services sector (major banks and financial institutions in Canada and Israel), pension funds, insurance, higher education, healthcare, nuclear energy and gaming.

Prior to joining Deloitte, Kent was the Chief Information Security Officer (CISO) for the Government of Ontario, responsible for the confidentiality, integrity and availability of the Government’s information systems and information contain therein, supporting over 65,000 Government employees and 13 million citizens. His scope of responsibilities included the 24/7 cyber security operations centre, education and awareness, identity and access management, vulnerability management, intelligence and situational awareness, policy, forensics, cyber risk assessments across the Government, security engineering and compliance.

Before becoming the provincial government’s CISO, Kent was at Public Safety Canada’s National Cyber Security Directorate. He led the creation of cyber situational awareness for the Government of Canada and the formulation of the National Cyber Incident Management Framework. He also led the creation of cyber exercises (crisis management) for federal security and intelligence departments and agencies.

Prior to joining Public Safety Canada, Kent served in the Royal Canadian Air Force, attaining the rank of Lieutenant-Colonel. He served in a variety of operational, staff and command roles in Canada and the United States. He focused on cyber security operations for both domestic and deployed military operations (Afghanistan, Bosnia, and Africa), cyber intelligence with key allies and strategic cyber policy.

Prior to joining the Air Force, Kent served as a Forensic Specialist for the Royal Canadian Mounted Police.  Kent is originally from Regina, Saskatchewan.