Name: Designing a GRC Framework
Start: 2016-02-16T12:00:00Z
End: 2016-02-16T12:42:04.000Z
Location: BrightTALK
Rating: 0

The Information Security Careers Network is the largest group on LinkedIn dedicated to helping people further their careers in IT & Information Security.

Due to our partnerships, we are able to offer discounts on some of the most popular security certifications and training courses, including CEH, CISSP, CCISO, and more.

www.infosec-careers.com 

This BrightTALK channel is an extension of the group and the ISCN website (www.infosec-careers.com), featuring webinars, presentations and resources from some of the leading names in Information and IT Security to help you develop your knowledge and get the job you're after.

Key areas:

InfoSec, Risk, Cyber security, Identity & Access Management (IDM / IDAM), PCI / PA DSS QSA, Governance, Policy, ISO 27001 / ISO27001, CISSP, CCNA, C|CISO, CISM, CEH, CLAS, HMG, JSP440, JSP480, Network Intrusion Detection & Prevention (NIDS / IDS / IPS), Data Privacy & Protection, DLP, Data Loss / Leakage Prevention, Encryption, Cryptography, PKI, Penetration Testing, Ethical Hacking, Firewalls (Cisco, Checkpoint, Juniper, etc.), ITIL, HIPAA, and more

Designing a response plan to a cyber incident may seem like an easy task. Most people will download a template assuming it’s the best way to create a response plan.

What do most templates do? Most templates will tell you to 'chuck it all in the plan', including the 'kitchen sink'. Most templates, when filled in, are as long as 50-100 pages.

The reality is that no one ever reads the cyber incident response plan before the actual incident! As in any emergency there is little time to read 100s of pages. The information MUST be at hand and easy to access. 

There is a better way.

Join Cyber Management Alliance’s CEO, Amar Singh, as he shows us how to design and then test your Cyber Incident Response Plans. He will also share 5 key components you should focus when creating your cyber incident response plan.

You can also find out where to get your EXCLUSIVE access to our Cyber Incident Response Plan Template that you can use immediately.

>> Download the template: https://www.infosec-careers.com/coupons/cyber-incident-response-plan-template/ <<
>> Security training discount codes: https://www.infosec-careers.com/ <<

Designing Cyber Incident Response Plans

Organisations in 2019 will be increasingly faced with a hyper-connected world where the pace and scale of change – particularly in terms of technology – will accelerate substantially. Business leaders need to develop cutting-edge ways to deal with new regulation, advanced technology and distorted information.
 
In this webinar, Steve Durbin, Managing Director, ISF will discuss the threats organisations will be facing in 2019 and how business leaders and their security teams can address them. The emerging cyber threats to lookout for include:
 
-The increased sophistication of cybercrime and ransomware
-The impact of legislation
-The myth of supply chain assurance 
-Smart devices challenge data integrity

About the presenter

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

Emerging Cyber Threats for 2019

Organisations increasingly rely on cloud services, motivated by the benefits of scalability, accessibility, flexibility, business efficiencies and reduced IT costs. However, there are several security implications that organisations need to address, including the challenge of verifying identity and managing access to cloud services. 
 
Cloud services bring added complexity to identity and access management, exacerbated by the distribution of data across a myriad of applications accessed by users from multiple devices and locations. Failure to adequately implement user authentication and access control in the cloud can be exploited by attackers to gain access to users’ credentials, manipulate systems and compromise data.
 
In this webinar, Senior Research Analyst Dr Emma Bickerstaffe and Principal Analyst Benoit Heynderickx will discuss identity management, access control and user authentication in the cloud environment, and consider how organisations can effectively tackle this security concern.

Security in the Cloud: Identity Management, Access Control and Authentication

How can Blockchain improve trust, security, and compliance? Can the decentralised nature of this technology be the missing piece in solving cybersecurity challenges? 

Listen in to this panel of security luminaries where they will discuss:
-Key considerations for leveraging the blockchain in the age of GDPR 
-What sort of infrastructure must be in place to ensure a secure environment?
-Is the blockchain itself secure?
-How do you build a trust network around the blockchain?
-What are some of the cybersecurity challenges that can be mitigated and managed by the blockchain?

Next Generation Data Protection and Security: The Blockchain Advantage

With the ever-increasing frequency and sophistication of security threats to organisations, business leaders need to have a comprehensive data security strategy to protect themselves. Information security practitioners have to think and plan beyond existing protection capabilities that are aimed at preventing threats only. Today's cyber security strategies need to protect an organisations mission critical assets in a way that is:

‒ balanced, providing a mixture of informative, preventative and detective security controls that complement each other
‒ comprehensive, providing protection before, during and after threat events materialise into security incidents
‒ end-to-end, covering the complete information life cycle.

This will enable organisations to match the protection provided with the sophistication of threats to such mission critical information assets. This webinar will look at past and present models and share ideas on how organisations can ‘future proof’ their strategies to combat next generation threats.

In particular in this webinar, Nick Frost, Principal Consultant at the ISF will discuss what actions can be taken to identify your most critical information assets, and how a modern day cyber security model needs to focus on prevention and detection of a data breach, and how to respond to a breach in order to reduce damage to brand and reputation.

A Data Breach Prevention, Detection & Response Strategy to Combat Todays Threats

We will look at the background of existing incumbent systems and rule-based infrastructure now operating in Banks, and establish why the use of Machine Learning and AI helps alleviate 20% of cost and increase customer satisfaction while protecting the transaction and networks of the bank from intrusion. Also, the new device and contextual Big Data services of Cybertonica will be described. In the end, we need to see how security and customer convenience can be optimised while reducing cost and friction in the banks systems.

Joshua has 20 years experience in managing tech companies and startups. He is the founder of 4 businesses in online funding, media and FinTech. Joshua is a graduate of Harvard (MA) and INSEAD (MBA). He speaks fluent Russian, French and German.

Authentication and Banking Security using Plug and Play AI

Although overused, Next Generation Security still means keeping up with the challenges of securing today’s networks. The fundamental rule of keeping up with those challenges is having both a vision and an architecture that provides the foundation, regardless of how the market or the threats themselves change.

This session will focus on what is needed in an evolving security architecture to provide Next Generation Security in a constantly changing environment.

What Does “Next Generation Security” Mean To You?

IoT, IIoT, OT... It is likely that for many of us these acronyms are confusing. The fact is that traditional industrial environments, such as utilities and production, have started a digital transformation process which harness these and other technologies to become more efficient, automated and competitive. 

Within this transformation from a well-defined and well-controlled industrial ecosystem to a dynamic and open one, lurks a shift in the security challenges, needs and solutions/architecture. 

This session will focus on the technologies and challenges digital transformation introduces in industrial environments and how Fortinet’s Security Fabric is deployed in such an environments to provide the required security infrastructure and posture, including demonstration of some simplified use cases.

Securing the Transforming Industrial Environment

Data protection has always been important, but with the GDPR deadline looming and data sharing scandals shaking consumer confidence, securing personal data has never been more vital. The GDPR is leading businesses across the world to evaluate, and in many cases modify their data processing activities in line with upcoming law. 

So what if you’ve left it too late? What are the key steps you can take to work towards GDPR compliance, even after deadline day?

Join us in this webinar with Alex Jordan, Senior Analyst at the Information Security Forum as he shares:

-The ISF’s phased approach to GDPR implementation
-Ways to determine the criticality of data and how to protect it appropriately
-The urgent actions that a business can take to get GDPR compliance started
-Common myths surrounding the GDPR, and guidance on cutting through the noise.

GDPR: Cutting Through the Noise

The United States spent around $3.5 trillion or 18% of GDP on healthcare. According to FBI, the amount of this spending lost due to fraud, waste, and abuse (FWA) ranged between $90 billion and $330 billion! 

This talk will offer practical advice on how to effectively organize and join various healthcare data sources such as claim and clinical data, how to set-up the problem, and how to design an effective machine learning solution to identify FWA leads and expedite investigator review using intuitive visualization to understand the risk factors contributing to those leads.

Machine Learning and AI for Healthcare Fraud Detection and Prevention

There’s much hype and excitement around how AI and machine learning could transform the world of finance. But a key area of development growing behind the scenes of talking robots and automated assistants is how these new technologies will have a seismic impact on Anti-Money Laundering (AML) and Counter-terror Financing (CTF) back-end compliance processes. AI can dramatically improve AML risk data collection; spotting new risks faster and digging deeper for hidden risks. 

It will also shift customer onboarding & KYC processes from ‘name matching’ to contextual ‘identity matching’ to reduce false positives and false negatives. Unlike other industries, the training data required to make this a reality with machine learning techniques are available today. 

AI-driven compliance will ultimately have an enormous impact on how financial services will work - increasing automation, reducing manual overheads and helping prevent financial crime.


Presented by Charles Delingpole, CEO & Founder ComplyAdvantage

Charles Delingpole founded ComplyAdvantage in 2014, and as CEO leads the product development and growth of the company. Charles set up his first company, The Student Room Group, now the world’s largest student discussion forum, when he was 16. After completing his MA in Politics at Trinity College Cambridge, and then an MSc in Management, Strategy and Finance from the LSE, he became an associate at J.P. Morgan Cazenove. He then went on to co-found FinTech firm MarketInvoice, a peer -to - peer financing company which uses customer data to digitise the approach to financial risk analysis.

How AI is Powering the Fight Against Financial Crime

Payment fraud prevention tools have existed since the end of the 90s and have improved continuously since. In the last 2 to 3 years we have seen a new paradigm come into the space - machine learning. 

This new technology is perfectly fitted for identifying fraud and is slowly being adopted by the market. Moving forward, using tools like this will no longer be a choice but rather an obligation for merchants. An obligation, as it will be at the origin of a competitive advantage which goes way beyond fraud prevention and will bleed into business intelligence fields.

In this session, Rodrigo Camacho, CCO at Nethone will walk you through the evolution  fraud prevention touching on the following key points;

How the problem is solved by a large part of the industry today
The revolution that is happening in the space today
The halo effect that this revolution is going to have on the rest of business processes

The Future of Payment Fraud Prevention

Open Data is somewhat of a misnomer. For data sharing to take place, privacy must come first. As such, GDPR represents the essential rules of engagement without which the game of PSD2 cannot take place. 

Rather than signalling an era of 'free love' between service providers and platforms, PSD2 and the API revolution mean that businesses and service providers must now be more secure than ever when it comes to user data. 

In this session, Soldo's founder, Carlo Gualandri, explains how Soldo has responded to the regulatory environment by building a proprietary in-house GDPR-compliant machine to ensure privacy by design.

Open Data Protection: GDPR, PSD2 and Privacy by Design

Cyber has become a strategic issue and for many companies is now a business enabler and increasingly a form of competitive advantage. However it is clear that it remains difficult for Board's to get the “right” management information to support their cyber risk discussions and decision making. 

So how can Board's ensure that they are asking the right questions when it comes to an organisation’s cyber posture and how can CISOs maintain and improve the Board’s attention in this fast-moving space? This webinar will look at the challenges faced by CISOs and Board members and offer insights into how to successfully approach cyber security at Board level.

About the presenter:
Steve Durbin is Managing Director at the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

The Board's Role in Balancing Risk & Reward

What are the latest trends in the cyber-criminal underworld? 
Which attacks are you likely to be preventing as we move further into 2018?
Who’s looking for vulnerability on your network? 

These questions and more, answered by Peter Wood FBCS CITP MIEEE CISSP M.Inst.ISP
Chief Executive Officer, First Base Technologies LLP
Peter’s career spans 48 years, with experience in network security, social engineering, threat and risk analysis, red teaming, industrial control systems and electronics. He founded First Base Technologies, one of the UK’s first information security consultancies in 1989. Peter has provided security advice and guidance for businesses of all sizes for more than 28 years, leading a team of expert penetration testers and consultants unrivalled in the industry.
He is also a world-renowned security evangelist, speaking at major conferences and delivering seminars and webinars. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio, and written many articles on a variety of security topics.
He is a BCS Fellow, a Chartered IT Professional, CISSP and a member of IISP, ISACA, ISSA, IEEE, ACM and Mensa. He is a visiting lecturer at the University of Sussex, teaching cybersecurity and ethical hacking.

Cyber Attack Trends from the Threatscape

The expectation from the start of 2017 – that we hadn’t seen the back of ransomware – was justified. 2017 was plagued with global attacks such as Petya, WannaCry, Bad Rabbit and many others. Unfortunately, 2018 could be even worse.

With ransomware continuously developing new delivery techniques, organisations must learn how to prepare and protect themselves from the threat of ransomware, but how can they do this?

In this webinar, Nick Frost, Principal Consultant at the ISF, will explore the latest threats in ransomware and what organisations can do to minimise vulnerabilities to reduce risks of an attack.

About the presenter:

Nick is currently the Principal Researcher for the Information Security Forum (ISF) Ltd. He has more than 15 years’ experience designing and implementing a risk-based approach to securing information. He has developed leading solutions for evaluating risk across both internal and supplier environments.

The Rise and Rise of Ransomware: Prepare and Protect

In the age of Digital Transformation, SD-WAN is on the lips of all enterprises and service providers. While the operational and commercial benefits of SD-WAN are clear, the focus on these as THE consideration is dangerous, as along its benefits comes a greater cyber security risk. 

This session will focus on Secure SD-WAN and the built-in benefits it provides, from both the operational and security points of view.

SD-WAN is Dead. Long Live Secure SD-WAN!

The second part of this webinar will cover the topic "Assessing the Impact of Web-Based Attacks" from the "Analyzing Attacks on Computing and Network Environments" module of the official CFR course.  

Before we get to this, the introduction will include an overview of the CyberSec First Responder (CFR) course and certification from Logical Operations.  The CFR course prepares IT professionals with the knowledge, ability, and skills necessary to defend information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes. 

The practicality and value of the certification including its DOD 8570 approval will be highlighted. 

TOPICS TO BE COVERED:

- Learn about how the CFR certification from Logical Operations can improve your organization’s information security defensive readiness, response capabilities and investigation to cover all aspects of incident response and analysis including before, during and after the incident.
- Learn why CFR is one of the most practical security certifications available providing excellent ROI
- Learn about types of web based attacks and their impact on your organization
- Learn through using OWASP ZAP to scan a vulnerable website
- Learn by exploiting a vulnerable website using SQL injection and XSS
- Learn about how to get discounted exam vouchers


ABOUT THE PRESENTER:
 
Stacey McBrine has more than 30 years’ experience analyzing, securing, designing and implementing such diverse systems as Microsoft Windows, Novell Netware, DEC VMS, IBM AIX, Solaris, SCO Unix, Linux, and MAC O/S and Cisco switches, routers and firewalls. He served as systems analyst for many software development projects using assembly language, C, dBase, Access, Visual Basic and Oracle.

"Assessing the Impact of Web-Based Attacks" - a CFR exam topic

What is the essence of information security governance, risk & compliance?  How do you meet your governance, risk and compliance requirements and prevent a data breach?  The key is to understand the spirit of risk management and create a customised information security management system (ISMS) for your business.  This presentation details a practical, step-by-step guide for designing and implementing a cost-effective ISMS to minimise your risk of a breach and meet your Association’s legislative (Data Protection Act), regulatory (Payment Card Industry), or industry standard (ISO-27001) compliance requirements to include:
 
·         Practical ISMS documentation structure

·         Scope, objectives & risk strategy examples

·         Risk treatment plan, asset register & classification guide examples

·         Policy frameworks

·         Control objectives, evidence & policy examples

·         Audit & testing documentation examples

Designing a GRC Framework

Risk Management

Information Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Many elements come into play when attracting the right talent. Is your careers page up-to-date? Does your website accurately represent your company culture and communicate it clearly to recruited applicants? In terms of internal processes, do you have an ongoing talent acquisition strategy? How efficient are your application screening and onboarding processes? Where and how are you looking for top candidates and are you enabling them to find you? Discover best practices and learn from industry thought leaders by joining the recruiting community.

Recruiting

Human resources is intrinsically linked to business success and requires a thoughtful balance of a variety of complex issues. The human resources community on BrightTALK is made up of thousands of professionals in human resources exchanging human resources best practices and advice. Watch hundreds of on-demand webinars for immediate information or participate in upcoming live webinars and have your questions answered by respected HR thought leaders.

Designing a GRC Framework

Presented by

About this talk

More from this channel