Companies struggle with finding ways to get the most protection for their investment dollars, balancing the need to comply with lengthy and ever changing regulations with providing protection against the ever evolving and increasing threats to their organizations.
During this discussion, the presenters will outline why removing security controls may be the best thing to do to improve your company’s security posture. Not just removing redundant controls, but focusing on expensive controls that no longer provide the amount of risk reduction that they used to in an enterprise environment.
- Present a framework to determine which controls to remove
- Understand what compensating controls exist to address removed controls
- Learn how companies have adopted this approach through case studies
About Matt Hynes

Matt Hynes is a Partner/Principal in the Advisory Services practice of Ernst & Young (EY) LLP. He leads EY’s Cyber Program Management (CPM) services focused on information security strategy, governance and security function transformation. He is a frequent speaker on related topics at industry events and serves as a guest lecturer at the University of Minnesota’s Carlson School of Business. Hynes is the past president of the Minnesota Chapter of the Information Systems Audit & Control Association (ISACA) and is involved in numerous professional associations.
About Steve Currie

Steve Currie is a senior manager in the cybersecurity practice of Ernst & Young (EY) LLP. With over 15 years of experience at EY, he has led engagements at clients ranging from Fortune 25 companies to local private firms. He is a global leader in EY’s Cyber Program Management (CPM) competency, specifically collaborating with clients to develop solutions to address current challenges, such as supply chain security for connected products.