Recent high profile data breaches have made it obvious that organizations often underestimate the risk their vendors present, and struggle to evaluate third party cyber risk.
In this webinar Mike Rothman, Analyst & President of Securosis, and Tom Turner, President and COO of BitSight describe how organizations can build a systematic means to evaluate their IT risk presented by business partners and vendors.
Viewers will learn about:
- Understanding Third Party IT Risk
- Structuring Vendor Risk Management Programs
- Evaluating Vendor Risk
- Ongoing Vendor Monitoring and Communication
In the digital era, IT has an extraordinary opportunity to become a data-driven business partners helping the business achieve its goals of revenue generation, cost reduction, and risk mitigation. However, IT reporting and analytics have historically focused on descriptive and diagnostic work – describing what happened and why. The speed and agility of the digital revolution demands the ability to not only describe what happened in the past but to predict what might happen in the future and to make recommendations about what should be done.
IT operations analytics offers IT organizations a path to evolve the use of machine, operational and business data for more effective, forward-looking prioritization and decision-making. And in a recent BMC sponsored survey, 79% of IT pros said they would be more effective at their job if they had access to non-IT sources of data to help them make decisions in business context.
Join Donnie Berkholz, 451 Research, and Erin Avery, BMC Software, for a high energy, fast paced discussion on adaptive, real-time analytics that any IT operations organization can adopt to become highly prescriptive and predictive.
Join us for our next customer webinar covering the new features available in Black Duck Hub 3.0.
The latest version is designed to help Hub and Protex users streamline Continuous Integration (CI) and DevOps processes through robust policy management and rapid scanning. These capabilities provide complete visibility into the open source in apps and containers, accelerating development through early and continuous detection of vulnerabilities and out-of-policy code.
During this webinar, we’ll show you how to leverage Hub 3.0 to establish policies around the use of open source software in order to lower your organizational security, license and operational risk.
Following the demonstration, we’ll leave plenty of time for you to ask our product experts questions.
You will learn:
•Overview of the new features, including policy management, improved scanning, additional Linux distribution support, and integration with TeamCity
•How to quickly establish open source security policies for existing and new projects
•Ways to leverage policy violations to flag or fail builds in a continuous integration environment (such as Jenkins)
Like many organisations, Prudential has to ensure it protects sensitive data. Getting it right results in satisfied customers, regulators and shareholders and avoids the reputational damage and legal penalties associated with a data breach. With the forthcoming EU General Data Protection Regulation now agreed for implementation, we think now is the right time for organisations to review their data governance and protection requirements. During this webinar we will cover today’s challenges in ensuring good data governance and enter into a panel discussion with Prudential about their approach and lessons learned, including their implementation of Symantec Data Loss Prevention and Boldon James data classification technology. There will also be an opportunity to engage in a Question and Answer session.
So if you want to give your data governance program a head start, register today.
Like many organisations, Prudential has to ensure it protects sensitive data. Getting it right results in satisfied customers, regulators and shareholders and avoids the reputational damage and legal penalties associated with a data breach. With the forthcoming EU General Data Protection Regulation now agreed for implementation, we think now is the right time for organisations to review their data governance and protection requirements.
During this webinar join panel experts from Prudential, Symantec and Boldon James who will explore today’s challenges in ensuring good data governance. The discussion will include practical advice from Prudential about their approach to data security and lessons learned, including their implementation of Symantec Data Loss Prevention and Boldon James data classification technology. There will also be an opportunity to engage in an interactive Question and Answer session.
So if you want to give your data governance programme a head start, register today.
Register today for an insightful webinar with ForeScout Technologies.
This webinar will discuss the recent ransomware breaches, malware attacks and potential protection strategies. Learn how ForeScout helps mitigate ransomware and other malware threats within your network environment. In addition, you’ll discover how ForeScout’s security platform helps organizations See, Control and Orchestrate enterprise security—and assist in identifying the potential risk that exists in your environment today.
Please join us to learn the results of the 2016 Future of Open Source Survey.
Today, open source drives technology and development forward. Its adoption worldwide is visible in companies ranging in size from a single employee to companies like Microsoft and Apple. All of these organizations rely on open source to innovate, reduce development costs, and speed time to market. In this evolving market, important questions remain about open source management, security, policies and procedures, and governance.
The Future of Open Source Survey includes input from new players, established leaders, and influencers across vertical markets and communities. This range of respondents drives broad industry awareness and discussions of key issues.
Please join these industry influencers as they review the top level results from the survey, and bring your questions.
Jeffrey Hammond - Forrester Research @jhammond
Paul Santinelli - North Bridge @paulsantinelli
Bill Ledingham - Black Duck Software @bill_ledingham
Jay Jay Billings - Oak Ridge National Laboratory @jayjaybillings
Follow the conversation on Twitter, using the hashtag #FutureOSS
The idea behind Comply to Connect (C2C) is simple: Implement controlling countermeasures that safeguard your information systems. However, as with any U.S. Government initiative, there are a few details you should know. Join ForeScout as we clarify the concept and use case of Comply to Connect. During this informative webinar, you’ll also see real-world examples of how ForeScout® CounterACT® can provide visibility, hygiene, mitigation and control across technical, management and operational assets in accordance with the U.S. Government’s 800-53 and NIST SP 800-171 standards.
Security is not rocket science. Developing an effective and efficient enterprise security program starts with strong culture and risk communication. Ditch the old school security ways and embrace the millennial approach. The pillars of the millennial approach to security are: developing a positive security culture, making secure business processes easy, fostering enduring business relationships, constant communication with executives, and getting the biggest bang for your limited bucks with risk prioritization.
There is an assumption that the more you spend on security technology, the more secure you will be. However, it is evident from the media that even though organisations are spending many on security products they are still being breached. Majority of organisations are falling back on 'historical, layered defence strategies’ with the tendency to think that by merely upgrading software and building up walls, their organisation is safe, but what if the attacker dug underneath the wall?. Does this demonstrate they are spending effectively and keeping their organisation secure?
In this webinar, we will discuss why organisations don't need to spend more on security to be better protected but need to spend wisely with the budget they already have. Organisations continually need to think about how they readjust and refocus on strategies that enable them to be resilient and recover from a cyber-attack. The webinar will cover:
Spend vs Resiliency – is it proportionate?
Strategy for protecting what really matters
Focusing on the 5% of alerts that really matter
Join Richard Turner, FireEye President of EMEA, as he continues his discussion around taking the ‘Risk message of Cyber Secuirty to the board’
Ransomware is on the rise. Only in the first quarter of 2016 a dozen of new families have emerged with Locky leading the way. This webinar will summarize who are the new players, and their technical ability to perform in the ransomware market against the well-established TeslaCrypt and Cryptowall. We will also dive in on how companies can protect themselves against ransomware in general and some of this malware in particular.
Hadi Hosn, Head of Security Strategy & GRC Consulting, EMEA
For many organisations, investments in new processes and technologies is on top of the priorities list. From behavioural analytics, big data solutions, and “one touch” processes that require no manual intervention, companies are always on the lookout for technology innovations that can achieve a considerable return on investment. When companies consider Cyber Security in such a technology dependent world, most ask, “How can we secure our business and comply with the changing legal and regulatory standards?” instead of “How do we make business focused, intelligent investments given the cyber security risks we face today?”
In this webcast, Hadi Hosn, Head of Security Strategy & GRC Consulting at Dell SecureWorks, will discuss the risk based Cyber Security operating model to help companies identify and protect their most critical information assets and business processes. Hadi will focus on the most critical actions for any organisation building a risk based security programme.
Key topics covered include:
· Prioritising information assets based on value to the organisation
· Identifying and prioritising risks to the assets
· Reduce risks with quick wins
· Build and deliver a security plan that aligns business and technology
· Ensure continuous business engagement on the topic of cyber security
Most organisations are surprised by the ease with which social engineering defeats their security. The human factor provides a simple and effective route to bypass even the best hardware and software security controls, yet is commonly overlooked or considered too difficult to solve. Peter will share a number of real examples to reinforce his opinion: as more and more data breaches are published, perhaps it’s time to become creative and strengthen the human firewall.
As cyber security risks increase in sophistication and number, organisations need to switch from responding to incidents, to identifying them to prevent them before they occur.
Developing a robust risk based approach to security needs to focus on supporting organisations to prioritise threats, understand the techniques that may be employed as part of the attack and evaluate the capability of controls to prevent, detect and respond to an attack. Without this knowledge, an organisation would struggle to determine the level of exposure to particular threats and if their cyber incident response plans are structured and ready to address these threats when they arise.
During this webinar, Steve Durbin, Managing Director of ISF, will discuss the need for a risk based approach to security and why it is an essential component to today’s business.
Keyaan Williams, Senior Executive, C|CISO Programs at EC-Council
Join Keyaan Williams, Senior Executive, C|CISO Programs at EC-Council for his Corporate Governance for CISOs webinar series! The second webinar in the series will cover the topic of Board Presentations from an IS executive perspective.
J. Trent Adams, Director of Ecosystem Security, PayPal
Secure clouds don't exist in a vacuum. The very nature of a secure cloud relies on effective standardized, interoperable, and scalable Internet security. As the cloud metaphor displaces the concept of proprietary point-to-point networked servers, the key to its value can be found in the interoperability of service protocols. Securing these connections requires understanding and deploying standards such as TLS HSTS, CT, CSP, DMARC, and FIDO. Each protocol addresses specific security concerns encountered when you extend your security perimeter to include external cloud services. Developing and deploying technologies like these requires a holistic view of the security landscape, and working within a robust Internet security ecosystem.
Key Talking Points:
- Cloud security relies on standardized Internet security protocols.
- Developing Internet security protocols requires multistakeholder involvement.
- Key areas of focus include securing: transport, content, communication, and authentication.
- Case studies presented in developing CT, CSP, DMARC, FIDO, and TLS 1.3
- Internet security is constantly evolving; adapt or perish.
Keyaan Williams, Senior Executive, C|CISO Programs at EC-Council
Join Keyaan Williams, Senior Executive, C|CISO Programs at EC-Council for his Corporate Governance for CISOs webinar series! The first webinar in the series will cover the topic of Asset Management from an executive perspective.
Jim Reavis of CSA, David Baker and Arturo Hinojosa of Okta
According to the 2016 Top Threats report from CSA, the ramifications of poor cloud computing decisions is no longer an IT issue but rather a boardroom issue. Executives at the highest levels are under scrutiny about security posture, and their response to a breach, from stakeholders, regulators and consumers.
The growth of cloud and mobile technologies in the workplace has forced IT and security professionals to re-think their security strategy. A traditional network perimeter built on firewalls, VPNs, IDS, and DLP does not address the new threat landscape of phishing, social engineering, and data breaches.
Join CSA CEO, Jim Reavis and Okta CISO, David Baker, for a discussion on the top threats organizations face, how the landscape is changing and best practices for improving the security of your organization.
You’ll take away:
-Highlights from the CSA 2016 Top Threats report
-How to build a new security perimeter based on user identity, capable of detecting and stopping attacks in real time
-How to improve visibility into user behavior and implement controls without sacrificing productivity
Karna Bojjireddy Security Product Manager, SoftLayer, Manish Aggarwal Product Manager, IBM Cloud, Sunil Jain, Tech Lead Intel
Cloud security remains one of the top barriers to the adoption of cloud computing (Gartner top 3) and drives a need for new and broader security measures that go beyond traditional enterprise IT security tools and practices.
Join security experts from IBM, SoftLayer and Intel® for a comprehensive webinar about the cutting-edge products and services that deliver unparalleled control and data security in the cloud. In this webinar, you will receive:
Practical and technical advice can be applied immediately to help secure your organization's IT environment using SoftLayer's security-rich environment for deploying and running customer workloads.
A full overview of the chip-level Intel®TXT security available first in the cloud at SoftLayer. Lastly learn more about IBM Cloud Data Encryption Services™ about Data protection, resiliency, security and storage.
As organizations transition from on-premise data storage and device-centric security to the cloud, the need for a data-centric solution becomes critical. Organizations need the ability to protect data in the cloud, at access, on the network, and across all devices. While cloud app vendors now offer robust functionality, they lack the level of granular control and deep visibility many organizations need, either for compliance purposes or simply to enable an increasingly mobile workforce.
In this webinar, we'll discuss how CASBs leverage APIs and proxies to control data on both managed and unmanaged devices, enabling secure SaaS and BYOD. Join us to learn how Cloud Access Security Brokers can help protect data in the cloud by providing comprehensive security and real-time data protection.
Throwing a safety net over mobile cloud app usage leaves the enterprise having to balance manageability and security against the user experience. This session covers how you can gain visibility into mobile cloud app usage, defend against malware and threats, and enforce corporate policies for mobile—all while enabling BYOD and protecting the user experience.
Michael Kaczmarek, Sr. Director of Product Management, Verisign
Cyberattacks are a threat to businesses worldwide, and they are getting larger and more sophisticated. The industry’s approach to protecting against these threats must change fundamentally to stay ahead of this growing threat. For too long, the problem has been tackled piecemeal, using isolated devices or services, but protecting against advanced cyberattacks requires communication and coordination among many components – from networking equipment, to specialized appliances, cloud-based services, as well as actionable threat intelligence.
A shift in security architecture is needed, to an open platform where devices and services from different vendors can share, and act, on threat intelligence information, all in concert and in the proper context. It must be a hybrid platform; allowing on-premises security appliances to detect and mitigate attacks, locally, while automating alerts, and switchover, to cloud-based services should an attack threaten to swamp the business’ network connection.
Join Michael Kaczmarek, Sr. Director of Product Management, and learn how to assist with designing a resilient security ecosystem by maximizing an API-centric approach. In this session, Mike will discuss how to:
· Evaluate the Threat Landscape
· Design for Both Security and Flexibility
· Prepare for Incidents – Orchestrate Responses
· Expand to a Hybrid Premise and Cloud Security Architecture
Ransomware is an ever-increasing threat to enterprises and new strains are being seen on a regular basis. This presentation starts by tracing the history of ransomware from its roots as being not much more than an annoyance, to the current highly sophisticated encrypting varieties.
Following this will be a deep dive into how the malware is delivered to the victim, and an analysis of the different stages of an attack.
Finally, we will look at methods of mitigating the attack in order to minimise or eliminate the damage done.
Mitch Sherfey, Principal Product Manager, Data Center Automation
Join us for an exclusive preview of the new BMC product developed to address your security needs! Watch and see how you can eliminate risks and reduce your attack surface by providing Operations teams with actionable data combined with automation. Help your Security and Operations teams address threats and vulnerabilities based on impact and priority.
Watch as Principal Product Manager Mitch Sherfey demonstrates how the tool:
- Provides a customized “to do” list to address threats based on policy and impact – ensuring the most critical issues are fixed first
- Offers Security teams a first-time ever view into operational plans – providing visibility into planned actions, predictive SLAs, and burndown views
- Creates an automated and standard process for Security and Operations teams to enable the relentless pursuit of threats
Scott Simkin, Palo Alto Cybersecurity Team and Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute
There are two ends of the spectrum of an attack: the cost of a breach to the victim, and the economic motivation of the cybercriminal. Much focus has been spent on understanding the increasing cost of breaches, and potential damages they can cause organizations. As cybercrime has increasingly become a business, we must also understand the relationship between time, cost and potential profit for an attacker. Like any business, it is a simple math problem, the benefit must outweigh the cost. Security decision makers can use this information to increase the cost of conducting successful data breaches to their organization, taking away the economic incentive, and majority of motivation for attackers.
This session will present compelling new research, including:
• Average time to breach an organization
• Typical yearly earnings of a cybercriminal
• Cost of conducing a breach for an attacker
• Most effective methods for dissuading or preventing attacks
Kasper Lindgaard – Director of Secunia Research at Flexera Software
Every year, Secunia Research at Flexera Software releases a review of the global vulnerability landscape, based on their large vulnerability database and data from the Personal Software Inspector user base.
The data in this research provides security professionals around the world with perspective on the impact and evolution of the threat landscape and what has trended throughout the year.
In this webinar, Director of Secunia Research at Flexera Software, Kasper Lindgaard will discuss the data presented in the Vulnerability Review 2016 and answer questions. The review itself is released on March 16.
-The number of vulnerabilities and zero-days detected in 2015
-How quick vendors are to respond to vulnerabilities
-Which programs have the most vulnerabilities
How safe are you from an insider attack? Despite the numerous press reports of devastating outsider attacks, insider attacks—deliberate or accidental—put corporations at risk. Often organizations don’t even know how much or what data is at risk, let alone how to detect, respond to and neutralize insider threats.
In this 20/20 webcast, James Carder, CISO of LogRhythm and VP of LogRhythm Labs, will discuss the challenges organizations face from a variety of insider threats and what you can do about them.
Breaches on Sony and Target released millions of customer records. As a custodian of highly sensitive client data, get a better understanding of your responsibility, and what we can do to better protect your clients’ information.
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.