Organisational Behavior for Cyber Risk Governance Using Security Ratings

Protection & Privacy in the Cloud: Operationalizing Privacy in AWS Environments

New privacy regulations like GDPR and CCPA make finding and protecting personal information more critical than ever. This means being able to identify both PII and contextual PI by person at scale. This Webinar featuring BigID’s Head of Product and AWS's Leader of Security and Compliance Solution Architecture will examine best practices for finding, protecting and automating PI/PII-centric privacy tasks at scale.

What You Will Learn:
- How to find PII/PI across AWS
- The difference between Protection and Privacy
- How to actualize privacy tasks like DSAR
- The role of ML in cloud-first privacy engineering

Cloud computing offers massive scalability, availability and low-cost services as major benefits, but as with most new technologies, it introduces new risks. Because there is so much opportunity in the cloud, the cloud service provider network is continuously growing. Service providers are using different technologies, different standards, and like all companies have different competency levels.

A couple of the major challenges organizations have when using cloud computing is managing these third-party operational and security risks. As more technology is moved from your company’s infrastructure to cloud, understanding and management of these risks often overwhelms technology and procurement teams.

This can be managed if an effective third-party framework is put into place, appropriately managed and cross-organizational guidelines are being followed.

Want to know what you can expect at CSA Summit at RSA Conference 2019? Join this webinar to get a preview of....

Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation
As a leader in their industry, MGM is transforming into a digital business by aggressively adopting the cloud. Hear how MGM is protecting their enterprise data across the whole spectrum of their evolving infrastructure, from on-prem, to the device, to their SaaS, IaaS and PaaS cloud instances.

Lessons from the Cloud
Large enterprises are rethinking technology and data to build a platform for the future and cloud is at the center of this transformation. During this session we will discuss key drivers for cloud adoption, regulatory landscape, building effective controls and solutions, and the cloud journey for large organizations.

The cloud promises to bring savings, agility and scalability. All of this is attainable provided that you know which services to choose for which purpose and how to set up your environment properly. Join multi-cloud experts from Nordcloud and SSH.COM for this exclusive webinar hosted by Cloud Security Alliance where we will discuss the following topics:

•Why vendor-lock might not be your best option in the cloud
•Why ensuring the best possible privileged access experience for developers and administrators is vital for your business
•How to make daily access routines operationally efficient with automation
•How to choose best-of-breed services for the cloud based on your business needs
•Why existing cloud vendor or legacy solutions might sometimes add increase costs

Want to know what you can expect at CSA Summit at RSA Conference 2019? Join this webinar to get a preview of...

- From GDPR to California Privacy: Managing Cloud Vendor Risk
Managing vendor risk is a continuous effort under GDPR, California CCPA and other global regulations. As organizations continue to improve their privacy and security programs, streamlining 3rd and 4th party vendor risk has become a priority. This includes everything from filling out vendor assessments, such as the CSA CAIQ, getting sufficient guarantees from your vendors to efficiently working with them during an audit or incident and much more. In this session, you’ll learn how to implement successful vendor risk processes, expedite vendor onboarding, and hear practical advice to automate vendor risk management within a software technology platform.

- Can you trust your eyes? Context as the basis for “Zero Trust” systems
In a digital world, you can’t trust everything you see. While the digital transformation has created countless benefits for enterprises, it has also made it possible to easily disguise reality, increasing the difficulty and complexity of security. Authenticating users and controlling access to critical workloads is challenging, due to the many vulnerabilities that only require network access, and security systems that neglect a key component: context. In this session, Cyxtera VP of Products and Co-Chair of the CSA Software Defined Perimeter Working Group discusses shortcomings with current authentication and authorization protocols, requirements for a consistent and effective security model, and portrays a way forward with a dynamic, context- based security solution.

Security is a top priority for e-commerce giant Shopify, with over 800,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Join Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne as they discuss best practices for testing and securing your cloud-based web applications. The session will also cover how you can scale application security for high-growth DevOps organizations and the tools and programs Shopify relies on to reduce security risk.

In this webinar, you’ll learn to:
- Develop and improve your application security strategy
- Discover and manage critical vulnerabilities effectively
- Scale security for high-growth organizations—with a DevOps methodology
- Identify systematic issues and root causes to reduce long-term risk

Ninety-one percent of organizations in a recent TechValidate survey say they have seen phishing attacks on their organization in the past year. What’s more, 42% report more than 10 phishing attacks on their network in that time. What can be done to reduce these risks and protect your data and users? Phishing simulation tools are a powerful way to see how many and which employees are prone to fall for phishing attacks. With this information in hand, you can determine how to train those who are susceptible to avoid these attempts, and provide the tools to protect against them.

In this webinar you'll hear from Steve Edwards, who manages Duo's Corporate Security Engineering team, on his experience conducting internal phishing campaigns at education and tech organizations. In addition to interesting metrics and appropriate techniques that come from phishing simulations, Steve has 10 valuable lessons to share. Join us on February 7 for this webinar to learn several unexpected things about phishing, your company, and human psychology.

Expecting your (relatively) small staff of security specialists we all have to handle security, risk management, and good governance entirely on their own is a recipe for disaster. While specialists are critical to ensuring products and processes are designed well, promote security, and ease compliance, real security and good governance requires dissemination of knowledge throughout the organization. To truly understand what you are securing, and who does that work, you have to play in their sandbox, integrate into their existing processes, remove overhead wherever possible, and gather that data, data, data… did I mention the data? To scale, push knowledge and requirements downstream as much as possible, in the language your teams can use.

To scale to properly meet evolving risk management and compliance challenges, your own teams need to operate as a service. Automate processes wherever possible to help capture the necessary data to ensure good security is happening – and constantly evolve and improve the quality of that information to ensure it is driving expected behavior. Flow that data into simple dashboards that can help executives understand that things are really working as expected, and where they need to take action. After all, if you can't explain it simply, you don't understand it well enough. In this talk you’ll learn from Julia Knecht how Adobe was able to make this work in relatively short order and how you can take all of the best practices we learned and developed back to your organization and create your own “culture of security.”

Please join us on the 17th of January as Jasson Casey, CTO at SecurityScorecard, describes the state of cybersecurity in the modern world, and what best practices are for measuring it - differently. He will discuss the importance of behavioral analytics, and how to make use of an “outside-in approach” when measuring cybersecurity.

He will relate how to apply security analytics to different facets of our business, including devops. With 20 years in the industry, Jasson will discuss his perspective on what tactics work, and which do not. Please join us to learn more.

In this webinar, we will deep dive into managing the vendor lifecycle under the GDPR, California Privacy (CCPA), and other global regulations. As organizations continue to improve their privacy and security programs, streamlining third-and fourth-party vendor risk has become a priority. This includes everything from filling out vendor assessments like the CSA Consensus Assessments Initiative Questionnaire (CAIQ), gaining sufficient guarantees from your vendors, to efficiently working with them during an audit or incident and much more.

Together, the Cloud Security Alliance (CSA) and OneTrust launched a free Vendor Risk Management (VRM) tool to automate the vendor risk lifecycle for compliance with global privacy and security frameworks. Learn how to implement CSA-OneTrust Vendor Risk Management (VRM) tool to create successful vendor risk processes, expedite vendor onboarding with built in assessments, and hear practical advice on how to automate vendor risk within a software platform, all while meeting legal compliance obligations.

Application containers like Docker help DevOps work faster and quicken time-to-market, but they also create a major Cyber Exposure gap. Traditional vulnerability management approaches can’t easily secure containers – let alone keep pace with the high-velocity world of DevOps and continuous innovation. But don’t despair. We’ve got just the thing to save you from this nightmarish ordeal. Join us as we discuss a number of container security best practices to help you:
- Learn why “shifting left” is critical to gaining visibility into containers
- Understand how container security is a win for both security and DevOps
- Find out three steps you can take to master container security

The data security world changes so quickly it can be hard to keep up with the latest threats to corporate data. With countless stories of breaches, phishing scams, insider threats, government whistleblowers and cyber warfare, 2018 was the year all eyes turned to security teams and their role within an organization. In this webinar, a panel of security experts will recap the year in data security, with critical lessons learned, tips for security teams, a few fun stories and more.

Join us to hear from your security peers about what they learned in 2018 and what they expect from the year to come.

Zero Trust is quickly becoming the dominant security model for the cloud, shifting the perimeter from the network to the people and devices that make up a modern workforce. As a model with many moving parts, the immediate question is where to start?

This session will focus on:
- The full Zero Trust reference architecture and steps to get there
- Why Identity is the foundational layer to build contextual access controls from

As the network estate grows in size and complexity, the enterprise security team is responsible for ensuring a unified, comprehensive network security policy. But how can the team be sure about application connectivity and the correct implementation of change requests when applications span the breadth of on-premise, private and multi-cloud environments, each with its own security controls? In the face of application migration to multiple clouds, how can the enterprise be sure about its risk and compliance posture at all times?

In this enlightening webinar, Yitzy Tannenbaum, Product Marketing Manager at AlgoSec, will explain how unified security policy automation can help you:
•Obtain complete visibility across the entire network estate
•Maintain uniform security policy across complex multi-cloud and hybrid environments
•Monitor multi-cloud and hybrid network-security configuration changes to properly analyze and assess risk and to maintain compliance posture
•Generate audit-ready reports for major regulations, including PCI, HIPAA, SOX and NERC, on demand
•Correctly provision application connectivity flows with zero touch across the myriad security controls in hybrid environments

Are your C-suiters putting valuable company IP at risk through careless data practices? If they're like most business leaders, they are. Nearly three-quarters of CEOs admit they’ve taken IP, ideas, and data from a former employer, and 95 percent admit to keeping a copy of their work on a personal device.

A new report from Code42 and Sapio Research raises startling concerns about the role of human emotions in risky data practices such as these. The Data Exposure Report includes feedback from nearly 1,700 security, IT and business leaders in the U.S. and Europe.

Attend this webinar to learn about:
- The ways business leaders and employees put data at risk
- How lack of data visibility hampers the ability of IT departments to protect data
- Strategies for keeping your valuable IP safe--whether you experience a data breach or not

Want to transition on-premises workloads to the cloud, but are concerned about consistently securing access? Join us for a webinar where we discuss how you can easily and effectively apply secure access policies throughout your cloud migration, regardless of your infrastructure complexity or architectural starting point. By utilizing a modern, cloud-ready security architecture, you can maintain – and in fact, improve – your enterprise security controls throughout the entire migration process.

In this webinar, Jason Garbis, CISSP – Vice President of Products at Cyxtera, will discuss
- Challenges (real and perceived) that enterprises face when moving to the cloud
- Managing policies and permissions for cloud vs. on-premises workloads
- The pitfalls of inconsistent security
- How to secure any application, on any platform, anywhere.

This webinar is for IT / Security leadership (director, VP, CISO, CIO).