Name: Building metrics in your cybersecurity program and scaling cyber resilience
Start: 2022-10-27T11:00:00Z
End: 2022-10-27T11:36:54.000Z
Location: BrightTALK
Rating: 5

BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings.

A medida que las organizaciones amplían su huella digital, se enfrentan a una serie de retos más complejos, dado el creciente número de amenazas a la ciberseguridad y el volumen de ataques que aparecen a diario en las noticias. Esto crea la necesidad de una gestión superior de los riesgos de ciberseguridad que pueda ayudarles en esta misión cada vez más difícil de gestionar su postura ante los riesgos cibernéticos. Sin embargo, pueden centrarse en innovar e impulsar el crecimiento del negocio haciéndolo de forma más eficaz.
 
La gestión de riesgos cibernéticos es clave para ayudar a mejorar drásticamente su programa de seguridad cibernética, trabajando así como un facilitador de crecimiento y diferenciación competitiva entre los pares de la industria de sus orgs. Sin embargo, requiere el uso de las herramientas adecuadas para hacerlo menos complejo y más exitoso.
 
Únase a nosotros en este seminario web para obtener más información sobre cómo:
- Desarrollar controles de seguridad eficaces en toda su huella digital ampliada
- Medir la eficacia de los controles en múltiples unidades de negocio
- Aprovechar el análisis prescriptivo y la matriz de riesgos de activos para priorizar las decisiones.
- Definir la estructura jerárquica de su organización para gestionar de forma más eficiente el riesgo cibernético.

Garantizar el rendimiento de los controles de seguridad en toda la organización

What are the major cybersecurity trends for 2023? How can security leaders adapt their programs and increase their levels of preparedness? Join this discussion to dive into what our experts saw in 2022 and how they think this will impact risk management strategies in the current year, including:
- What are the major security trends for 2023?
- How is artificial intelligence impacting the industry?
- What is the most effective way to report to the board?

Speakers:
Derek Vadala - Chief Risk Officer, BitSight;
Jake Olcott - VP of Communications and Government Affairs, BitSight;
Zach Tisher - VP of Security Risk, Strategy, & Communications, Equifax, Inc.

2023 Outlook: Cybersecurity Trends and CISO Priorities

Cybersecurity risk is evolving in novel ways, with growing potential to cause significant economic disruption and financial losses as attackers become more sophisticated and businesses become more interconnected. Recent analysis from Moody’s highlights the risk: $22 trillion in global rated debt has “High” or “Very High” cyber risk exposure.

What are the major cybersecurity trends for 2023? How can security leaders adapt their programs and increase their levels of preparedness? How will financial markets incorporate cyber risk into investment and credit decisions?
Join our webinar on January 20th, at 11am to hear insights from Moody’s analysts and BitSight’s cyber risk experts as they discuss their latest research and look ahead to 2023:
• Key takeaways regarding the latest Moody’s research featuring BitSight data, including factors contributing to increased cyber risk in markets, sectors, and regions with the highest cyber risk levels;
• Future of ransomware attacks;
• Potential impact of new regulations like the Securities and Exchange Commission’s cyber incident disclosure requirements;
• Evolution of cyber insurance;
• Quantifying losses from cyber incidents.

Speakers: 
Derek Vadala - Chief Risk Officer BitSight; 
Jim Hempstead - Managing Director Moody's Investors Service; 
Leroy Terrelonge - VP Senior Analyst, Cyber Risk Group Moody's Investor Service

Cybersecurity Trends 2023: Latest Research & Key Risk Contributors

La gestión eficaz de la seguridad y el riesgo es obligatoria independientemente del sector o el tamaño de la empresa. Las organizaciones grandes y pequeñas de todos los sectores sólo pueden superar los crecientes retos cibernéticos impuestos a su huella digital mediante la creación y el aprovechamiento de un sólido programa de ciberseguridad, en el que la adopción de estrategias de gestión de riesgos cibernéticos y de garantía efectiva son fundamentales para el éxito. 

La gestión del rendimiento de la seguridad permite a todas las empresas alcanzar estos objetivos ayudando a desarrollar controles de seguridad eficaces en toda la organización e informar a la junta directiva y a otras partes interesadas del rendimiento eficaz del programa para inspirar confianza, sin utilizar terminología técnica.

Únase a nosotros en este webinar para aprender más sobre cómo:

- Integrar BitSight en un proceso de gestión de incidentes
- Aprovechar el potencial de la integración y automatización de herramientas
- Utilizar BitSight frente a un escáner de vulnerabilidades
- Crear informes que todos los interesados puedan entender

Aumentar la resiliencia digital con la gestión de riesgos cibernéticos

As organisations realise that being exposed to cyber risk is an inevitable part of doing business today, security leaders are being pressed to effectively plan and manage cyber security programs. The process often includes executing policies and procedures defined by the Governance team to implement controls, prioritise remediation, and respond to incidents. However, the organisational hierarchy can be rather complex, leading to numerous challenges in driving accountability across the business.

Organisations are looking into setting a uniform standard for their cyber security programs that can sit across the entire structure. Still, they first need to determine what standard is appropriate and find a way to measure performance against it consistently. With Cyber Risk Governance, they can define the guidelines for how the organisation manages cybersecurity - but the rather complex organisational hierarchy in some extended businesses can lead to numerous challenges for driving accountability across the company.

Join us in this webinar to know more about driving accountability with Cyber Risk Governance in more detail, as we target topics such as:
- The different options for setting standards, and ideas for implementation
- How Cyber Risk Quantification can be applied to drive accountability
- How to incorporate benchmarking and peer comparisons into your standards

Extender la Responsabilidad mejorando la Gobernabilidad del Riesgo Cibernético

Protecting the attack surface has become more complex as companies expand their digital footprint. From adopting cloud services to using remote/home networks and personal devices, a growing number of technology trends are contributing to the exponential growth of organisations’ attack surfaces.

Businesses worldwide increasingly need to understand and manage cyber risk in their expanding digital ecosystem accordingly - also to avoid being in the headlines after suffering breaches that expose sensitive customer information and corporate data. 

To defend against increasingly potent cybersecurity threats, including ransomware and social engineering, security teams must have a firm grasp of their attack surface, the largest threats, and how they can be mitigated. This can be achieved with a specific set of tasks that further strengthen the performance of the security management program.

Join this BitSight Expert Session if you are looking for thoughts or struggling in areas such as:
- Gaining visibility into such issues as finding digital assets and areas of disproportionate risk and discovering Shadow IT or hidden risks;
- Getting insights into critical best practices when protecting and managing an attack surface;
- Understanding process and governance gaps;
- Improving assurance that the controls in place are working as expected;
- Managing risks and issues across the exposed attack surface.

Gaining effective visibility into your expanding attack surface

Ransomware is rapidly becoming the most common form of cyberattack. Incidents have doubled year-over-year with headline-grabbing consequences. In line with this data, recent BitSight search shows that 64% of European organizations are at heightened risk of ransomware due to their overall security performance.

Organizations in sectors such as energy and utilities, healthcare, government agencies and education are a leading target, but they are not alone. Manufacturing companies, financial services, retailers, and others are also vulnerable to the mounting ransomware threat. Supply chains are an emerging trend as a vehicle for ransomware. And the price to pay is always high, as it often comes at the cost of millions and negative reputation.

Security managers need actionable data to help protect their networks. They also need to understand how the EU regulatory landscape is changing in the near future with stricter legislation that will help bring confidence in today’s digital, connected world.

Ransomware is an Epidemic - All the questions you may have

BitSight is hosting a monthly webinar series exclusively dedicated to you: During 30 minutes, our experts will answer all the essential questions on various topics about effectively running a cybersecurity program.

Cybersecurity governance is a critically important part of managing security and risk in organizations large and small. It ensures that a company’s cybersecurity model and program align with business objectives, comply with government or industry regulations, and achieve the leadership goals for managing security and risk.

Organizations are increasingly looking for a way to get access to a data-driven, objective, and dynamic measurement of their security performance – and the security posture of their third-party vendors. By immediately exposing risk within an IT ecosystem and supply chain, BitSight delivers all the data they need to govern their security programs more effectively with customizable reports tailored to their organization’s specific needs.

Let us know your questions by joining us in this exclusive webinar to get all the answers you need about putting cyber risk governance working for your organization – and register for free in the other ‘BitSight Expert Sessions: Let's talk about cyber risk security in 30 minutes’ to make sure you get all the information BitSight has to offer you.

SPM for Cyber Risk Governance - Driving Performance for Increased Accountability

Announced as part of the new digital finance strategy, the Digital Operational Resilience Act (DORA), initiated by the European Union (EU), is harmonizing Information and Communications Technology (ICT) risk requirements across Europe, including the UK. 

DORA is a direct consequence of the several inconsistent, national, non-harmonized regulatory initiatives conducted over recent years, as Information and Communications Technology (ICT) risk has been addressed in different ways by various financial supervisors within the European Union (EU).
DORA is still being analyzed and discussed by the European Parliament and Council and should be ready to go into action early 2022 - pushed back from the end of 2021 date initially planned. However, progress shows that the Council adopted a general approach on the Commission's proposal. Negotiations with the European Parliament will follow.

On this webinar we will have the change to answer all the questions you may have.

Is your organization ready for DORA? Here's what you need to know

A medida que las organizaciones crecen su presencia en el ciberespacio, notan que el riesgo cibernético incrementa y esto es una parte inevitable de hacer negocios hoy en día, los líderes de seguridad están siendo presionados para planificar y gestionar eficazmente los programas de seguridad cibernética en sus sistemas informáticos. El proceso a menudo incluye la ejecución de políticas y procedimientos definidos por el equipo responsable de gobernar infraestructura y sistemas para implementar controles, priorizar la remediación y responder a los incidentes. Sin embargo, la jerarquía organizacional puede ser bastante compleja, lo que conlleva numerosos retos a la hora de expander la responsabilidad en toda la empresa.
Acompáñenos en este seminario web para saber más sobre cómo extender la responsabilidad con la Gobernabilidad del Riesgo Cibernético con más detalle, ya que abordamos estos y otros temas:
- Las diferentes opciones para establecer normas, e ideas para su implementación
- Cómo se puede aplicar la cuantificación del riesgo cibernético para extender la responsabilidad a lo largo de la organización
- Cómo incorporar la evaluación comparativa y las comparaciones entre empresas en el sector en sus normatividad y manejo de la ciberseguridad

BitSight is hosting a monthly webinar series exclusively dedicated to you: During 30 minutes, our experts will answer all the essential questions on various topics about effectively running a cybersecurity program.

Considering the series of attacks that started since mid-last year – some even said that 2021 was the year of ransomware –, there is no longer much room for doubt: Managing third-party risk is now an essential part of the overall cybersecurity strategy for any modern organization.

64% of the European Organizations are at heightened risk of ransomware attacks, according to BitSight’s daily analysis of over 250 billion data points. Third-party vendors are often the weakest link in any organization’s security ecosystem since most security leaders do not have good visibility or oversight of their security controls. These breaches, along with the requirements for DORA compliance, mean that European security leaders must take steps to implement robust third-party risk management programs. 

Getting a TPRM program up and running can be quite challenging. There are essential steps to take to make your program successful – and we know that many questions will come up along the way, starting right with the vendor validation process.

Let us know your questions by joining us in this exclusive webinar to get all the answers you need – and register for free in the upcoming ‘BitSight Expert Sessions: Let's talk about cyber risk security in 30 minutes’ to make sure you get all the information BitSight has to offer you.

TPRM - High Performance Across the Vendor Lifecycle: Focus on Vendor Validation

Driving Accountability across the Organisation with Cyber Risk Governance

Digital risk is a growing issue for all organisations. But especially for Universities, it is particularly demanding because of the heavy activity online they have to deal with coming from a massive diversity of network assets. The huge challenge is how these organisations can offer continuous service while protecting data, privacy, and intellectual property?

As organisations are increasingly looking into setting a uniform standard for their cyber security programs that can sit across the entire structure, they first need to determine what standard is appropriate - and find a way to measure performance against it consistently. In this webinar, you will meet two forward-thinking security leaders that have opted to enforce cybersecurity performance standards across their organisations and how they tackle crucial questions such as: What standard should be used? How to manage this standard efficiently?

Join us in this webinar to know more about driving accountability with cyber risk governance in more detail, as we target topics such as:
- What challenges are Universities currently facing the most?
- What is the key to helping such complex and open environments provide continuous service, availability and access to public Internet while keeping sensitive data private?
- How does BitSight help as a SaaS intelligence vendor?

Speakers:
- Ambrose Neville, Head of Information Security at the University of Surrey
- Mark Watts, Head of Cyber Security at the University of Southampton
- Alfonso Hermosillo, Senior Consulting Engineer at BitSight

How Cyber Risk Governance helps organisations keep intellectual property secure

Announced as part of the new digital finance strategy, the Digital Operational Resilience Act (DORA), initiated by the European Union (EU), is harmonizing Information and Communications Technology (ICT) risk requirements across Europe, including the UK. 

DORA is a direct consequence of the several inconsistent, national, non-harmonized regulatory initiatives conducted over recent years, as Information and Communications Technology (ICT) risk has been addressed in different ways by various financial supervisors within the European Union (EU).
DORA is still being analyzed and discussed by the European Parliament and Council and should be ready to go into action early 2022 - pushed back from the end of 2021 date initially planned. However, progress shows that the Council adopted a general approach on the Commission's proposal. Negotiations with the European Parliament will follow.
On this webinar we will have the change to answer all the questions you may have.

Second ROUND: Is your organization ready for DORA? Here's what you need to know

Infosecurity Europe came back strong this year in London as a face-to-face event, and BitSight wouldn't miss this opportunity to show once again the value of trusted Security Ratings as a tool to help organisations make the right cybersecurity decisions - and faster.

Watch this short video to get more insights on:
- Continuous assessing your cybersecurity program with Security Performance Management
- Reducing risk across your supply chain with Third-Party Risk Management
- Quickly and easily understanding your potential financial exposure in a language that makes business sense with Cyber Risk Quantification
- Automatically identifying vendor connections to other organisations and business partners with Fourth-Party Risk Management

Fireside chat with BitSight: A view from Infosecurity Europe on Security Ratings

Uploaded_Video_No_Title

As organisations understand the importance of investing in cyber resilience, security leaders face the challenge of better understanding their current security posture in order to build a program matching the corresponding risk tolerance.

While determining priorities and executing the mission each and every day are considerable drivers to reducing risk exposure, they still need to find a way to communicate progress to all stakeholders to drive the much-needed accountability, effectiveness, and confidence in the cybersecurity program.

This can be achieved with a metrics-driven approach at scale. By adopting constant vigilance and continuously monitoring their cybersecurity performance, they can ensure organisational targets are being accomplished. 

Join this BitSight Expert Session if you are looking for thoughts or struggling in areas such as: 
- What meaningful metrics are being used, and how effective are they?;
- How those metrics drive decisions in security programs, close gaps, and drive effectiveness and resilience;
- Leveraging context to communicate with stakeholders outside the security teams.

Building metrics in your cybersecurity program and scaling cyber resilience

Cyber Security

Cyber Resilience

Risk Management

Governance

Continuous Monitoring

Advanced Analytics

Security Posture

Security Performance Management

Security Ratings

Metrics Driven Standards

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Building metrics in your cybersecurity program and scaling cyber resilience

Presented by

About this talk

More from this channel