Hi [[ session.user.profile.firstName ]]

Fighting the ‘Gap of Grief’ With Business-Driven Security

Defending against human ingenuity demands a new way of thinking. With countless dollars spent and infinite alerts you still don’t have a true picture of what is going on. So when a breach happens, can you answer THE question: “How bad is it?” The inability to do so is what RSA calls the “gap of grief.” To answer, you must connect your security strategy and business risks.

RSA’s cybersecurity expert, Peter Beardmore, will provide perspective on this important issue during this pointed webcast designed to help security leaders:
- Learn how to garner the right visibility, in the right context to defend what matters most – and fast;
- Discover the 6 steps to take command of your evolving security posture in this uncertain, high risk world; and,
- Find out what it takes to link your security strategy with your business priorities.
Recorded Mar 1 2017 35 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Peter Beardmore of RSA
Presentation preview: Fighting the ‘Gap of Grief’ With Business-Driven Security
  • Channel
  • Channel profile
  • Why Your Cloud Migration Needs a New Approach to Security a May 29 2020 5:00 pm UTC 34 mins
    Brendan Hannigan, CEO & Co-Founder, Sonrai Security
    The very nature of how software applications are built today has changed from stem to stern, with public cloud at the foundation of this shift. Companies that have successfully ‘digitally transformed’ are thriving, while laggards continue to languish. While digital transformation continues at a rapid pace, security and governance]has just not kept up as evidenced by so many cloud data breaches. In this talk, you will learn:
    Why digital transformation turns old-security ways upside down
    How new approaches must be built for cloud from the ground up
    Why identity and data are the key critical control points for public cloud governance
    The ticking time-bomb of complexity hidden in cloud-provider IAM models
    5 steps organizations can take to de-risk their cloud
  • The Hits – and a Few Misses – in Vendor Security Assessments May 29 2020 4:00 pm UTC 44 mins
    David Lenoe Sr. Sr. Director of Product Security Adobe
    Use of 3rd -party cloud technology and service vendors is common to pretty much any business. Maintaining your own security posture requires that you also ensure those vendors are maintaining comparable posture. However, what is the right way to assess a vendor’s security posture? What are the relevant questions to ask and documentation to request? What is not relevant in such an assessment? At Adobe, we are in an interesting position in the industry in that we are both a large technology and service vendor as well as one of the largest consumers of 3rd party technology and services. Through developing our own vendor assessment program, our ongoing work with industry standards groups and consortia, and evaluation of our own security practices by our own customers, we have learned a lot about what to do right with these assessments – as well as a few things that are not quite so productive. Join Dave Lenoe, director of product security for Adobe, as he presents our lessons learned and best practices that can help you develop a successful cloud vendor security assessment program.
  • SDP – The Yellow Brick Road to Zero Trust Recorded: May 28 2020 43 mins
    Juanita Koilpillai Founder and CEO Waverley Labs LLC
    Today’s network security architectures, tools and platforms fall short of meeting the challenges presented by current security threats. Zero Trust is emerging as a popular anti-hack strategy and, as the concept implies, requires that users are not allowed any access to anything until they are authenticated. Attaching the moniker “Zero Trust” to solutions, while popular, misleads one into a false sense of security (no pun intended).

    In this webinar, you’ll learn how a Zero Trust implementation using SDP is applied to network connectivity, meaning it is agnostic of the underlying untrusted IP-based infrastructure, and hones in on securing connections. The webinar will delve into the steps to implement SDP and facilitate organizations to defend from new variations of old attack methods that are constantly surfacing in existing perimeter-centric networking and infrastructure models.

    Separating the control plane where trust is established, from the data plane where actual data is transferred.
    Hiding the infrastructure using a dynamic deny-all firewall - the point where all unauthorized packets are dropped for logging and analyzing traffic.
    Using single packet authorization to authenticate and authorize users and validate devices for access to protected services and least privilege is implicit.
  • Cybersecurity, Data Protection Policies, and Cloud Adoption in APAC Recorded: May 27 2020 45 mins
    Lim May-Ann, Executive Director, ACCA
    Over recent months, there has been an increasing number of cyber-breaches being reported in Asia Pacific, particularly from the public sector. Yet there have also been an increasing number of cybersecurity and data protection policies being put in place. Are these sufficient to assuage the public’s concerns about cloud computing and shared services? What are the trends in cybersecurity and data protection regulations within the Asia Pacific and ASEAN region?
  • CSA STAR Town Hall - Governance, Risk and Compliance in the Cloud Recorded: May 26 2020 61 mins
    Douglas Barbin of Schellman | Larry Greenblatt of QAD | Shaun Van Niekerk of NHS | John DiMaria of CSA
    This session will provide a thorough overview of GRC in the cloud, from awareness to procurement expectations, to implementation to certification/Attestation.

    Our panel includes a Cloud Service Provider, Cloud User and Certifying Body who will discuss all sides of cloud security peeling back and revealing those layers of accountability and responsibility between Cloud Service Providers and their Tenants, applying measurable risk-based decision making for both assessing and attesting to governance, risk and compliance best practices.

    Additionally, this panel is here to answer your pressing questions. We urge attendees to submit questions before the session and we will use them for our panel through twitter using hash tag #CSATOWNHALL
  • CSA's Executive Series: Connectedness and Data Privacy in the Cloud Era Recorded: May 20 2020 28 mins
    Jerry Archer, SVP & Chief Security Officer, Sallie Mae
    As businesses are transitioning to new cloud services increasing their connectedness, it creates new issues like decreased visibility, new obscure vulnerabilities and cyber criminal opportunities. Simultaneously, new laws like GDPR and CCPA require data owners and aggregators to have visibility and understanding who is capturing, accessing, and using and the security around it. Techniques such as tokenization, data masking, data substitution and field encryption are being used to lower the risk of sensitive data exposure. While these techniques may satisfy data breach laws, the court of public opinion does not yet understand or appreciate these technologies.

     In this webinar, Jerry Archer, CSO of Sallie Mae will discuss liability, data lineage, retention, deletion and other aspects of the proliferation of cloud based services as well as considerations as businesses transition to the cloud.
  • Thinking Like a Cybercriminal Recorded: May 19 2020 64 mins
    Etay Maor, Chief Security Officer, IntSights
    We read about hacks and breaches on a daily basis, but what do we actually know about these cybercrime groups and how they conduct these attacks?

    In this session, we will dive into basic hacking techniques, demonstrate what types of tools hackers are using today, examine the scope of these attacks, and discuss best practices on how to protect ourselves and our businesses. During the session we will review security issues with people, process and technology, see how OSINT (Open Source Intelligence) is leveraged for social engineering attacks and review some of the latest attacks seen in the wild. We will close the session by examining how to operationalize threat intelligence using security frameworks such as MITRE ATT&CK framework in conjunction with cyber threat intelligence best practices.
  • Creatively Scaling Application Security Coverage and Depth Recorded: May 14 2020 61 mins
    Prithvi Bisht, Senior Manager of Secure Software Engineering at Adobe
    One of the biggest challenges and opportunities for an application security (AppSec) team in a cloud-centric world is to scale effectively. The general “shift-left” recommendation for security in the software development life cycle (SDLC) emphasizes early course correction to help bake in security controls and to reduce potential cost of changes introduced later in the SDLC. Shifting left then entails finding potential security concerns and the need for security controls by reviewing artifacts produced in requirements, architecture, design and coding phases. Unfortunately, outside of the coding phase, adding security in earlier phases can be mostly a manual activity. This limits security coverage and depth of exploration of products often manifesting as potential blind spots in product portfolios. As we move through the phases of the SDLC, the artifacts describe “intended” system functionality that may behave differently when implemented. The divergence in translating intentions (e.g. requirements/design) into reality (e.g. code) is, unfortunately, how bugs (including security) can get introduced.

    Join Prithvi Bisht, senior manager of secure software engineering at Adobe, as we discuss these challenges as well as potential solutions to help you better scale your own application security efforts.
  • Shifting Cloud Security Left to Protect Data & Customers Recorded: May 12 2020 40 mins
    Sadi Steffl, Cyber Security Analyst at ViacomCBS Digital & Chris DeRamus, CTO at DivvyCloud
    Sadi and Chris will explore how her team at ViacomCBS Digital have shifted cloud security left in order to prevent issues from ever manifesting, deliver better experiences to developers, and be able to meet the rapidly scaling demand for cloud computing. This approach has enabled a lean team to support dozens of business units as they harness the power of public cloud in the production and distribution of online content covering news, sports, entertainment, technology, and business drawing in over millions of viewers making it the 6th largest internet brand. They will also dive into the important facets of making cloud security continuous including visibility, prevention, detection, remediation, automation, and reporting.
  • Break the Top 10 Cloud Attack Kill Chains Recorded: May 7 2020 61 mins
    Rich Mogull, VP Product, disruptOps
    As cloud adoption matures, so do cloud attacks. This session will highlight the top 10 cloud kill chains and how to break them. The presenters will lay out each step of the chain, which are the easiest to snap, and which common security defenses work across multiple chains.
  • How to Start Secure and Stay Secure with Cloud Best Practices Recorded: May 5 2020 22 mins
    Center for Internet Security
    The Center for Internet Security (CIS) provides organizations with a collection of integrated cybersecurity resources to help users evaluate and apply secure configuration settings to various cloud environments. With our global community of cybersecurity experts, we develop the CIS Controls and CIS Benchmarks. These best practices offer prescriptive guidance and configuration recommendations for various technology groups to safeguard systems against today’s evolving cyber threats. From foundational security recommendations to pre-hardened virtual machine images available on major cloud computing platforms, CIS provides resources to start secure and stay secure in the cloud.

    What You Will Learn
    - What resources are available at no cost?
    - How to apply and interpret the CIS Controls Cloud Companion Guide.
    - How to apply and interpret the CIS Foundations Benchmarks.
    - How CIS Hardened Images are built and maintained.
    - The benefits of utilizing CIS Controls, CIS Benchmarks, and CIS Hardened Images.
  • Securely Enable Your Remote Workforce Recorded: May 1 2020 35 mins
    Lior Cohen, Sr Director Product Marketing from Fortinet & Sameer Vasanthapuram, Solutions Architect from AWS
    Join Lior Cohen, Sr Director Product Marketing from Fortinet and Sameer Vasanthapuram, Solutions Architect from AWS to learn about how you can leverage the dynamic nature of cloud security to improve remote productivity, digital transformation initiatives and rapidly address the immediate needs of your organization. In this session you will learn about technical considerations, solutions and technologies that will help you:
    - securely enable remote access for very large user populations
    - securely enable access to business critical and sensitive web applications
    - and extend on premise security functionality to control various AWS end user productivity services.
  • A recipe for automating privileged access into your DevOps pipeline Recorded: Apr 30 2020 43 mins
    Tim Keeler and Paul Lanzi, Co-founders, Remediant
    Engineering teams are adopting DevOps as a way to improve time to market and ensure high availability. In addition, these teams are becoming more and more distributed as a way to access a broader talent pool, drive down fixed costs and improve employee retention.

    What this implies, especially in firms with a technology heavy workforce, is that you now have more privileged users (e.g., engineers, DevOps, SRE) than ever before deploying on cloud infrastructure and operating with elevated privileges over a remote connection.

    Join us as former security practitioners (Genentech, Roche) and Remediant co-founders Tim Keeler and Paul Lanzi discuss a re-imagined privileged access management model for this new paradigm. In addition, they will also demo a practical implementation of this new model.

    After this talk, you will walk away with a blueprint on how you can easily incorporate the following into your cloud workloads:
    - Establish strong, VPN-less authentication and secrets management
    - Enable just-in-time, just enough access to the workload with multi-factor authentication (MFA)
    - Zero-trust authorization through removing standing privilege
  • Managing security in the cloud today VS networks "back in my day" Recorded: Apr 28 2020 61 mins
    Jim Reavis, CEO, CSA | Karen F. Worstell, CEO, W Risk Group | John DiMaria, CSA | Vincent Campitelli, CSA
    In our increasingly interconnected world, the cloud is the answer. Services like Microsoft Office 365, Google Drive and AWS have embraced its ability to store data online and have created services to capitalize on its potential. Data access is never a problem if you have an internet connection. But before the dawn of the Internet, cloud computing didn’t exist. It simply couldn’t. The panel on this session was certainly around before the dawn! That’s why they don’t sweat the challenges that come with the cloud today, because they lived through the early days when solutions to IT Security problems had to be invented as you go “and they liked it”!

    Join us as this distinct panel that represents the “grumpy old people” of security today discuss the evolution of compute and how being in the trenches of the “old days” has allowed them to make significant contributions to better security solutions today.
  • Mapping Your Way Through AppSec Challenges Recorded: Apr 23 2020 61 mins
    Peleus Uhley, Principal Scientist & Lead Security Strategist at Adobe
    It is always important to stay current and explore new technologies. John Lambert is often quoted for saying, “Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.” This was one of the concepts that had originally hooked Peleus on the idea of exploring graphs in our tooling. There have been many examples of graph databases used to solve problems in network security, spam & fraud detection, and cloud configuration issues. Graphs have even been argued as a necessary component to move machine learning to the next level. However, there are not many examples specific to cloud app security.

    In this webcast, Peleus Uhley, Principal Scientist & Lead Security Strategist at Adobe will explore some possible options for using graphs and graph databases to help accelerate solutions to some cloud security problems.
  • Cloud Adoption Considerations for IoT and OT Recorded: Apr 21 2020 46 mins
    Shih Hsien Lim, Chief Security Officer, SP Group
    IoT in the enterprise will generate new information and business models that will strain on-prem capabilities and resources. The challenges can be resolved by judicious of the cloud. This potential upside needs to be weighted against risks around data privacy, visibility, and (in)effectiveness of traditional security tools and approaches.

    The increasing digitisation of OT (Operations Technology) will impose similar challenges, with the added key dimension of safety on top of the traditional tripartite of confidentiality, integrity and availability.

    The talk will thus dive deeper into these real-world challenges and share some practical considerations and approaches.
  • Managing Supply Chain Risk During Times of Turmoil Recorded: Apr 16 2020 60 mins
    Drew Wilkinson, VP - Services and Customer Success, SecurityScorecard & Mike Baier, 3rd Party Info Sec Risk Mangement, Takeda
    “The Practitioners View Inside and Out”
    During times of turmoil and increased remote work, the security and viability of our supply chain and vendors takes on even greater importance. This webinar will examine the current situation, provide tips, best practices and practical applications on vendor and supply chain risk and how to prioritize your actions to ensure business continuity and resilience.

    What you learn during this webinar:
    - A practitioner view on how to structure your efforts in securing your supply chain/vendor landscape and how to prioritize your actions
    - New external facing vulnerability and security behavior trends of organizations as well as the signals in the SSC platform you can use to help monitor these threats for both you and your vendors
    - Best practices in expedited assessment and onboarding processes with third parties.
  • CSA's Executive Series: Hard Choices by Dan Geer Recorded: Apr 15 2020 32 mins
    Dan Geer, CISO, In-Q-Tel
    Join us for this special CloudBytes webinar for a strategic look at the future of cloud and cyber security. The incomparable Dan Geer ponders a set of provocative questions that get to the heart of the risks we face with automation, cloud, supply chains, critical infrastructure and the strategies we must consider to navigate the future.
  • CSA's Executive Series: Using CSA Control Framework for Regulatory Alignment Recorded: Apr 14 2020 62 mins
    Michael Mazza, Executive Director - Enterprise Technology & Risk - Morgan Stanley
    In today’s environment, we are faced with conflicting challenges. Our businesses want us to advance the use of cloud to improve costs and time-to-market. The major CSPs are coming out with new functionality literally every day, and tout the Shared Responsibility model for security and governance. Yet the regulators still hold us to managing risk. How can we show regulators that their guidance is being heeded within our internal control environment when we use CSPs? Join for a discussion on how to make sure that regulators, vendors, and your internal staff can speak the same language.
  • Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage Recorded: Apr 7 2020 60 mins
    Thomas Martin, Founder, NephōSec | Chris Hertz, Chief Revenue Officer, DivvyCloud
    Join Thomas Martin, former GE CIO and Founder of NephōSec, and Chris Hertz, Chief Revenue Officer of DivvyCloud, for a deep dive into the current state of cloud security and practical guidance on ways to stop cyberattackers who seek to take advantage of the disruption caused by the coronavirus pandemic. Topics covered include:

    - Discussion of the increased challenges faced by security and IT professionals during times of crisis.
    - Key findings from the 2020 State of Enterprise Cloud Adoption and Security Report as a guide to what to focus on.
    - Critical actions and steps that enterprises can take to protect their cloud environments from cyberattackers.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Fighting the ‘Gap of Grief’ With Business-Driven Security
  • Live at: Mar 1 2017 6:30 pm
  • Presented by: Peter Beardmore of RSA
  • From:
Your email has been sent.
or close