During this presentation, you'll learn more about a method to manage cyber risk strategically. Organizations need to focus on the areas most at risk and where they can get the best value for their cyber security investments. Approaching this strategically allows the organization to engage with internal and external stakeholders about cyber risks.Read more >
Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.
According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.
The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors
Given these challenges can you afford NOT to utilise Security Ratings?
In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with
•Do security ratings threaten or compliment traditional methods of questionnaires and audits
•Why security ratings should be treated as a risk position rather than a vulnerability checklist.
•Data: sources, accuracy, coverage, currency
•Context : stakeholders, business impact
•Time to value : best approach to implementation
Due to the combination of growing cyber risks threatening critical assets of organizations today, and firmer security regulations enforced by lawmakers across the globe, security leaders are increasingly taking steps improve their risk management processes and key stakeholder communication—to enable better decision-making around security domains and necessary investments.
This includes adoption of new risk management methods to generate realistic risk forecasts, effective metrics techniques, and a clear roadmap for capability improvements.
Join Matthew Keane, Sr. Director of Strategic Services at FireEye, Travis Fry, Sr. Consultant at FireEye, and Michelle Visser, Partner at Ropes & Gray, as they share their security and legal expertise on:
• Security risks across the complete cyber attack lifecycle, not only detection and response
• A simple and proven method for approaching the risk reality facing all organizations
• The rising cyber security insurance market and how it will affect risk management efforts
• Influence of new regulatory requirements and the SEC’s interpretive guidance on disclosure issues
• Using threat intelligence to ensure risk management efforts are based on real-world threats and ongoing adversary activities, not hypothetical or academic scenarios
• Best practice exercises to test your incident response plan based on real-world experiences
• Techniques for effectively reporting risk and capability needs to a Board-level audience
Managing cyber risk in today’s digital environment is extremely challenging, whether your organization is public, private or governmental. In response to the growing frequency and severity of cyber-attacks, many organizations have decided it’s time to focus more of their efforts on cyber risk, starting with a cyber risk assessment. This approach to proactively dealing with the risk of cyber-attacks increases the organization’s awareness of the potential impacts and costs, and enables them to take actions that reduce the overall risk to the organization, minimize the impact of cyber-attacks, and more predictably ensure the continuity of essential services.
This webinar will provide a high-level overview of assessing cyber risk and explore the following:
•Threats and root causes of breaches
•The changing regulatory landscape
•Security frameworks and tools
•Practical ways to assess your risk and organizational exposure
•Key elements of a successful cyber risk management program
Whether or not you have embraced a formal cyber risk management program, this session will provide practical advice on the evolving nature of cyber risk management, how to develop and incorporate an assessment process into your organization’s overall risk management efforts, and how cyber risk management can improve your organization’s ability to withstand a cyber-attack.
Cybersecurity isn't just about detecting and responding to threats; it's also about understanding an organization's risk. In an age of high-profile cyber attacks, it's becoming increasingly important to have a strategy and process for assessing risks and their potential impact on your business.
Join top industry experts and executives for an interactive Q&A session to learn more about:
- How to evaluate your cyber risk
- Recent NIST CSF risk assessment update
- Staying on top of the latest threats and protecting the critical assets those threats can impact
- Cyber risk insurance
- Recommendations for improving security and minimizing your risk
The session is being brought to you in partnership with ITSPmagazine and will be streamed LIVE from Las Vegas during Black Hat.
In this webinar you will:
- Learn how BitSight Security Ratings is transforming the market for Cybersecurity risk management;
- Understand the importance of the underlying Data Quality for an accurate understanding of a company’s exposure to Cybersecurity Threats;
- Find out how an organisation is using BitSight to gain better visibility, collaboration and monitoring of their cyber risk posture.
- Rui Serra, Senior Product Manager, at BitSight Technologies
- Tiago Pereira, Threat research Team Lead at Bitsight Technologies
- BitSight Technologies Customer
Tuesday, October 30, 2018
8.00 am PST / 11.00 am EST / 3.00 pm GMT / 4.00 pm CET
Duration: 30 minutes
Join Corporate Secretary and Nasdaq for a discussion on cyber-security.
Our expert speakers will discuss:
• Cyber-risk and the responsibilities of the board
• Why cyber-risk is different from other types of risk
• Embedding cyber-risk in corporate governance practices
• Role of the corporate secretary/governance professional on information provided to the board on cyber-risk
• Board member education/preparedness
• Board member recruitment in looking for expertise/experience in cyber-security
• Board reporting – what the board needs to know
• Moderator: Ben Maiden, editor, Corporate Secretary
• Martyn Chapman, head of strategy, Nasdaq Governance Solutions
• John Reed Stark, president, John Reed Stark Consulting
Short, sharp and packed with expert insight, this webinar will get you up to speed on these critical issues in just 30 minutes. Sign up to BrightTALK to view this essential briefing and be informed of future webinars produced by Corporate Secretary.
It's become a truism among cybersecurity professionals that there are two types of companies: those that have been hacked and those that will be. If cyber incidents are inevitable, what can organizations do to pro-actively minimize the impact on their operations? This session addresses considerations for organizations addressing cyber-risk at the strategic level.Read more >
Cyber threats are growing faster than any other category of business risk, breaches are inevitable, and the areas put at risk when they happen are broad and deep: from a compromised system or supply chain to the financial implications of non-compliance and breach notification. You not only face compromised or lost data, but your brand will take a huge hit that it may not recover from. Add to that the legal risks resulting from regulatory fines and failure to keep customer commitments, and it adds up to a game-changing argument.
Business leaders need to understand the potential losses they face on multiple levels, acknowledge the changing risk and have a breach response plan in place, but most importantly they must escalate cyber risk at the highest organisational levels and bridge the gap between the fight on the frontlines and priorities in the boardroom.
Join us for an executive panel with our EMEA VP & regional leaders as they discuss insights on how the CISOs take the risk message to the board and how they bridge the gap by translating technical jargon into business language.
"Cyber security is a constant battle for every business, and one of the challenges is getting the Board of Directors to understand that enterprise-wide risk management is more than an IT problem. FireEye helps security teams and company executives bridge the gap between the fight on the frontlines and priorities in the boardroom."
- KEVIN MANDIA, CHIEF EXECUTIVE OFFICER, FIREEYE
"Cybersecurity is now a persistent business risk. The impact has extended to the C-suite and boardroom.
- PWC Global State of Info Security Survey, 2015
In this webinar, Morgan Reed (CIO) and Mike Lettman (CISO) from the State of Arizona will discuss with RiskSense CEO Srinivas Mukkamala a case study on how the State of Arizona has implemented a proactive cyber risk management program that uses a credit score like model for assessing threats and remediating those that matter most.
Mr. Reed, Mr. Lettman, and Dr. Mukkamala will continue and expand on their conversation initially started during a learning lounge panel at this year's 2017 NASCIO Conference. They will dive into the details of how their risk management approach has enabled IT to better measure and communicate risk to business leaders, and strategically focus on the most imminent cyber vulnerabilities in their environment.
Cyber has yet to be fully integrated into the suite of business functions and monitored risks within most organizations. GRC is the mechanism to align cyber and the business, but it’s current state is not sufficient. Governance hierarchy is ineffective (CISOs reporting to the CIO or COO), Risk leveraging ambiguous risk measurements, and Compliance mistaken as security. Moving forward, Governance must be redefined, making CISOs business leaders, reporting to the Board. Risk should leverage traceable data to measure in a common business language. Compliance should be the baseline for security initiatives, not the end goal. When these initiatives can be achieved, GRC will transform cyber into a business enabler.
Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security where he leads the effort to quantify cyber risk in financial terms. Prior to Nehemiah he founded PivotPoint Risk Analytics which focused on cyber risk quantification through value-at-risk modeling and simulations. Jerry has a broad background in cyber, having worked for incident response, malware analysis, and services companies. He has spoken at a number of conferences worldwide including ISS World MEA in Dubai, InfoSecurity Russia in Moscow, and TM World Forum in Nice, France. He holds an MBA from the University of Massachusetts, an MS in Computer Science from the University of Pennsylvania, and a BS in Electrical Engineering from the University of Buffalo.
New cyber risks and threats are emerging at a pace faster than ever before.
- How are cyber risks evolving
- Which risks can be managed through cyber insurance?
We’ll address these questions – and dig a bit deeper into the state of the cyber insurance market and the role of cyber insurance in your overall cyber risk management strategy. Cyber risk can’t be eliminated – it must be managed.
This webinar is brought to you in partnership with ISSA Financial Industry Special Interest Group.
About the Speaker:
Susan Young is a Senior Vice President and advisor with Marsh’s
national Cyber & E&O Practice (part of Marsh’s Financial & Professional Liability Practice, FINPRO) in the Seattle office. She is primarily focused on cyber /security & privacy risk, media liability, and technology errors and omissions.
Enterprises use value at risk metrics to drive most strategic decisions, except when it comes to cyber risk. Prioritizing cyber risk response and remediation is typically a guessing game that requires experts to work with the cyber and business teams to try to guesstimate probabilities of particular events and their ability to compromise each application's confidentiality, integrity and availability. Without calculating a dollar amount impact to which the business is exposed, stakeholders enterprise-wide have no way of knowing the most potentially damaging vulnerabilities and threats within their environment.
This webinar will discuss why enterprises must embrace quantifying cyber risk as they do in all other parts of the business and how they can calculate the financial impact metrics needed to drive faster and more effective decision making.
Enterprises are becoming increasingly cognizant of the massive business risk posed by incidents of cyber attacks resulting in data breaches. Less well-known, and perhaps more potent a threat, is the danger posed by third-party vendors entrusted with sensitive data in the course of a business partnership. While an enterprise can have the best and most resilient internal IT practices, there are no such guarantees their external partners will take the same care. The consequences can be enormous.
The UpGuard Cyber Risk Team has made it its mission to find data exposures where they exist, aiding in securing them against malicious use and raising public awareness about the issues driving cyber risk today. In this talk, UpGuard CEO Mike Baukes will discuss how third-party vendor risk has proven a potent and pervasive threat in the digital landscape of 2017, as illustrated by a newly discovered third-party vendor data exposure case involving the leaking of sensitive data from major transnational corporations.
Learn how you can mitigate such third-party vendor risk and begin to evaluate and enforce your business partners’ cyber resilience against such threats.
Cyber risk management is no easy task. Why? Because while security teams may know about these vulnerabilities, they often lack the right amount of context to determine which vulnerabilities pose the greatest risk to the organization. Without this, the security team can’t appropriately prioritize which vulnerabilities should be remediated first.
Join Kenna Security for our next webinar - “Close the Gaps: Managing, Prioritizing, and Addressing Cyber Risk in Enterprise Organizations,” with Jon Oltsik, senior principal analyst at ESG and Karim Toubba, CEO of Kenna Security.
In this webinar, we’ll cover:
- Findings from the July 2017 ESG Research Report, Cybersecurity Analytics and Operations in Transition
- The challenges facing leadership teams in traditional methods of vulnerability management
- Why more security data doesn’t always lead to better decisions
- How the Kenna Security Platform can enable you take a risk-based approach to vulnerability management and help teams work cross-functionally to prioritize and mitigate cyber risk
Discover the next wave of risk-based reporting and gain operational efficiency to maximize return on your risk mitigation efforts.
Choosing cyber vendors and balancing budgets can be a challenge. We want to help cut through the clutter and show how we build a cybersecurity budget and identify spending needs an organization needs to immediately address. This is a two-part webinar series where you will learn how to approach the cybersecurity budgeting process (as well as see common mistakes to avoid) and how to build your own cyber budget. We will offer a budget plan worksheet to guide you along the way and share best practices and takeaways.Read more >
What are your security risk assessments really telling you? Do you know how much a change in security or business operations will change your exposure? Do you know how changes in threat activity affect your risk over the long term?
Chances are you will not be able to answer these questions unless you have quantitatively calculated your Annualized Loss Expectancy (ALE). Join this presentation and learn about the factors that drive the determination of ALE and how this approach will allow you to better understand and manage your exposure to cybersecurity risks.
According to cyber security experts, the frequency and severity of cyber attacks are on the rise, causing alarm to businesses and customers across a variety of industries. Taking a proactive, strategic approach to evaluating your cyber security strategy is critical, it starts with understanding who your organisations adversaries are and what the impact would be on your business if you were the victim of a cyberattack.
Hear from Graham Cluley as he examines the latest methods and exploits used by cyber criminals providing an overview of the most current ways they target businesses. You’ll get an insight on how the most sophisticated attackers choose their targets and what they are looking for.
You will learn about:
- The ever-changing threat landscape, and how it affects your business
- Key Considerations for your Cyber Security Strategy
- Insight into real-life case studies