Briefings Part 2: PCI, HIPAA & More - Closing the Compliance & Security Gap
There’s no denying it; malicious data breaches are accelerating. Our personal and payment card data is for sale on black market card shops. We all know that compliance to security and privacy regulations, such as PCI and HIPAA, is more important than ever before. But, many breached organizations ARE compliant. In today’s environment, there are no guarantees: compliance does not equal security. Insiders, malware, and other threats exploit the gaps. Join (ISC)2, Voltage Security and Booz Allen Hamilton on July 24, 2014 at 1:00PM Eastern to find out how you can close the gaps between compliance and security within your organization.
RecordedJul 24 201460 mins
Your place is confirmed, we'll send you email reminders
Controlling the access of all users, especially privileged ones, is essential not only for risk reduction but also for easier compliance. But, controlling access isn't enough. Organizations need to govern all user access to ensure that no user has more access than they need, and that segregation of duties policies are enforced. On February 9, 2017, CA Technologies and (ISC)2 will highlight the steps for strengthening the enterprise and increasing customer engagement as well as key aspects of effective identity governance, including for contractors and partners who might have access to your systems. Included in the discussion will be key capabilities and processes to help create leading-edge identity governance deployments that can improve the security of your critical data and simplify compliance audits.
Each year, security experts at CA Technologies offer predictions about some of the most compelling trends in the infosecurity space. Join CA Technologies and (ISC)2 on January 12, 2017 for a review of the research and data that contains compelling insights and information on trends on Security in the digital enterprise and steps for strengthening your enterprise and increasing customer engagement.
The steps for strengthening your enterprise and increasing customer engagement has seen the rise of cloud adoption and a "bring your own app" trend in the workplace which continues to grow. IT and security leaders are hard pressed to keep up with the demands of a seamless user experience while protecting user identities across the cloud environment. On December 8, 2016 at 1:00PM Eastern, CA Technologies and (ISC)2 will examine how to leverage identity-as-a-service to secure access to cloud applications - including provisioning, onboarding and deployment, deliver a seamless user experience without compromising security and how to keep up with the pace of cloud adoption.
By now you are likely familiar with Cloud Access Security Brokers (CASBs) and understand how they fit into your broader security and cloud strategy. What should organizations be looking for in a CASB? What capabilities are here or on the horizon that can provide improved data protection in the cloud? On December 1, 2016 at 1:00PM Eastern, Bitglass and (ISC)2 presents the final episode of the CASB series where we will examine where cloud security is headed, discussing agentless and agent-based solutions, the growing number of cloud apps in use and the importance of easy deployment. Learn why cross-app security will become increasingly valuable as organizations look to third-party solutions for deep visibility, behavior analytics, and more.
The increasing rate of vulnerability reporting, combined with the number of sources producing those reports has made it more difficult than ever to monitor critical issues affecting your organization. While monitoring vulnerabilities has traditionally been most important for IT teams, it is becoming rapidly more relevant for software development teams as well, especially as the use of open source / third-party libraries increases.
Join Cytenna and (ISC)2 on November 22, 2016 at 1:00PM Eastern as we discuss solutions to this problem at both the IT and development level. Among other things, we'll cover Vulnerability Central, a free member benefit for all (ISC)2 members that can help you stay more aware of recent vulnerabilities, especially with its new e-mail notification feature.
Office 365 and other SaaS apps offer a number of advantages over premises-based apps, from easy access and deployment to lower costs. A key advantage of SaaS apps is IT's ability to shift the burden for app and infrastructure security to the cloud vendor while data security remains the responsibility of the enterprise. Migrating to Office 365 introduces several new avenues for data leakage: one-click sharing, desktop sync clients, unmanaged device access, and many more. Bitglass and (ISC)2 presents Episode 2 of our CASB Wars webinar trilogy on November 17, 2016 at 1:00PM Eastern where we explore the security gaps in Office 365 and how a Cloud Access Security Broker (CASB) can help mitigate the threat of data leakage across all SaaS apps. Using real-world use cases, see where native Office 365 security falls short and how a CASB can protect data end-to-end, from cloud to device.
John Hawley, VP of Security Strategy & Trevor Brown, Project Manager, CA Technologies and Brandon Dunlap, Moderator
Identity is the new perimeter for Security in the digital enterprise. According to Forrester, 80% of security breaches involve the use or abuse of privileged credentials. At the same time, compliance mandates (such as PCI) require organizations to focus on how they manage and control privileged users in order to protect these critical resources. Privileged Access Management (PAM) provides a host of capabilities that enable organizations to address these critical challenges. Join CA Technologies and (ISC)2 on November 3, 2016 at 1:00PM Eastern as we continue examining the steps for strengthening your enterprise and increasing customer engagement highlighting emerging requirements in privileged access management and present key capabilities that are important in a comprehensive PAM solution.
For enterprises looking to protect cloud app data, Cloud Access Security Brokers (CASBs) have quickly emerged as the go-to solution. But how have CASBs matured and encompassed critical pieces of the security puzzle, from identity management to data leakage prevention? Join Bitglass and (ISC)2 on October 27, 2016 at 1:00PM Eastern for Episode 1 of the CASB Wars webinar trilogy for a discussion about the evolution of CASBs from app discovery to complete cloud security suites and basic API-based controls to more capable multi-protocol proxies.
Deena Thomchick, Senior Director of Cloud Security, Symantec + Blue Coat; Brandon Dunlap (Moderator)
This session will examine how modern data science and machine learning technologies can be applied to cloud security to address scalability and protection from the increasingly complex threat landscape. Such techniques can be leveraged to continuously monitor cloud activity and identify threats related to compromised accounts or malicious activity. These techniques can also be used to dynamically identify new cloud apps and services, and improve accuracy of automated content inspection - ensuring that sensitive data is properly handled in the cloud. By leveraging these modern tools, enterprise organizations can improve their overall security posture while reducing the amount of time and effort required from their security professionals.
Dr. Aditya Sood, Ph.D., Director of Security and Cloud Threat Labs, Symantec + Blue Coat; Brandon Dunlap (Moderator)
As valuable company data increasingly migrates to cloud apps and services, the risk and expense of data theft and leakage has risen dramatically. Malicious actors are less likely to attack the well-fortified back-end infrastructure of cloud app vendors, preferring to exploit the weakest link – the human element – to get in through the "front door". Compromised credentials via phishing attacks or other means or malware that hijacks a valid user session are some of the key threats that must be addressed in this new cloud landscape. This session will examine recent exploits leveraging cloud apps and services.
Martin Johnson, Sr. Director of Product Marketing of Cloud Security, Symantec + Blue Coat; Brandon Dunlap (Moderator)
Do you know what apps your employees have adopted without IT approval? Do you know whether the apps your employees are using are secure for business use? Do you know how many risky exposures are lurking in these cloud apps? The Shadow Data Report, published by Elastica Cloud Threat Labs, addresses key trends and challenges faced by enterprises securing data stored and shared via cloud apps and services. This report is based on the analysis of over fifteen thousand cloud apps and 108M documents. This session will examine the findings as well as the potential repercussions of data leakage, including compliance and mitigation costs.
Aditya Sood, Blue Coat; Brandon Dunlap, Brightfly (Moderator)
It is said that the bad guys follow the money (why do thief's rob banks? . . .). As valuable assets increasingly migrate to cloud infrastructure, there is a need for diligent protection of these assets. Malicious actors are less likely to attack the well-fortified back-end infrastructure of cloud app vendors, but rather pray on the human element to get in through the "front door". Compromised credentials via phishing attacks or other means or malware that highjacks a valid user session are some of the key threats that must be addressed in this new cloud landscape. This session will examine these and other threats, along with new approaches to address these at scale.
Carol Alexander, Sr. Dir Security, CA Technologies; Rob Marti, Princ, Prod. Mgr, CA.; Brandon Dunlap
Making it easy for your customers to engage with you requires frictionless security. Begin by ensuring you have modern single sign-on and authentication to provide compelling, simple, yet non-intrusive environments for your customers. Continuing the examination of steps for strengthening your enterprise and increasing customer engagement, join CA and (ISC)2 on October 6, 2016 at 1:00PM for Part 2 of our Briefings series where we'll examine how to employ analytics to streamline the path to your applications, address hybrid environments (both SaaS and on premise) and ensure AA and SSO are meeting continually emerging challenges of the digital enterprise.
Gerry Grealish, Blue Coat; Brandon Dunlap, Brightfly (Moderator)
Even when applications are "sanctioned", there is still a need to ensure they are being used in a safe manner. Ease of collaboration is a double-edged sword, as employees may inadvertently share sensitive content leading to liability for the company. Furthermore, compliance regulations often have strict requirements on how data is managed in the cloud. This session will explore data governance and protection of sensitive data as it migrates to cloud apps and services.
Eric Andrews; Blue Coat; Brandon Dunlap, Brightfly (Moderator)
You can't secure what you can't see. While many organizations are actively embracing cloud apps as a strategic part of their IT infrastructure, many employees or lines of business are adopting additional ad hoc cloud services to aid business productivity or for personal applications. Known as "Shadow IT", these additional cloud apps and services bypass the oversight of IT, and may introduce risk or cost inefficiencies. This session will explore this issue, along with approaches.
Michelle Waugh, Security Business, CA Technologies; Brandon Dunlap
Your business is part of a new digital reality and the digital relationships you have with individuals are your greatest assets. They are also the new perimeter, where identities are the unifying control point across apps & data and users demand access and insight with an exceptional user experience. While all this drives your business, it also opens you up to attacks and breaches. Join CA Technologies and (ISC)2 on September 1, 2016 at 1:00PM Eastern for this first event of a six-part webcast series where you will learn how leaders can adapt to the new digital reality -- embrace new identity and access management strategies that allow you to innovate in ways you never imagined.
Ryan Benson, Senior Threat Researcher, Exabeam; Brandon Dunlap, Moderator
Like all cyber threats, ransomware continues to evolve and its effects will cause significantly greater impact to corporate organizations and networks. Just as computer viruses caused more damage as they grew in sophistication, ransomware is increasing its way to enter networks and wreak more havoc. Newer strains now know to look for networked file shares as encryption targets. Do you know what signals to look for to detect ransomware as it begins to attack? Exabeam researchers have analyzed nearly 100 strains of malware and have categorized some of the more aggressive techniques being used. Join Exabeam and (ISC)2 on August 18, 2016 at 1:00PM Eastern and gain a better understanding of the mechanisms ransomware might use to propagate and how to detect signs of these mechanisms in use.
Michael Osterman, President, Osterman Research; Marcelo Delima, Global Product Mktg Mgr, HPE SecureMail
The cloud's promise of on-demand functionality for a lower cost has arrived to business applications. The use of Microsoft Office 365 across the globe is growing rapidly, with a clear value proposition to re-invent productivity for organizations of all sizes. But the transition to the cloud is not without challenges. Office 365 offers concerns in terms of privacy, compliance and security which can be addressed through the use of end-to-end encryption for all e-mails and files sent to Office 365. Join HPE and (ISC)2 on August 4, 2016 at 1:00PM Eastern for an examination of the steps for an Office 365 migration, security and privacy concerns for the cloud environment and how to achieve end-to-end encryption.
Barry Shteiman, Director, Threat Research, Exabeam; Brandon Dunlap, Brightfly
Ransomware is currently one of the most disruptive security challenges for enterprises. As it moves from an individual employee's PC to the corporate network, the impact can be significant. Despite research and analysis by security firms and analysts, most don't have a good idea of how a piece of ransomware actually operates, i.e. what is affected and when, what signals to look for, etc. Exabeam researchers have detonated nearly 100 strains of ransomware in the labs and produced a detailed analysis of how a ransomware attack actually unfolds, and how an organization might respond to shut it down. Join Exabeam and (ISC)2 on July 21, 2016 at 1:00PM Eastern and gain a better understanding of the mechanisms of ransomware, how to detect it and shut down an attack.