CA Briefings Part 4: Step 3: Secure and Simplify Cloud Access

The hackers have automated their attacks, which gives them quite an upper hand. You, on the other hand, work at the pace and capability of your team and have to trust the products you’ve installed to defend your network. It’s time you utilize Breach and Attack Simulation and the emerging method of safely automating example attacks being used by the hackers to assess your deployed products, processes, and people. In this webcast you’ll learn how to hack yourself now and gain a new level of insight that will prepare you unlike ever before. We will examine what breach and attack simulation is, how automation and continuous assessment can show the current state of your defenses and how to find existing gaps in your security posture.

When it comes to managing third-party risk, there are different stages on the road to maturity. Many organizations today have a good program in place, but often run into issues with growing and optimizing their program in a scalable way. True optimization requires a confluence of process, policy, automation and cross-functional collaboration with other business leaders. With so many areas to focus on, it can be difficult to know where to even start. Fortunately, there are plenty of examples of companies that have successfully scaled their TPRM programs and offer valuable lessons for those looking to take their program to the next level. Join this discussion on managing third-party risk management to hear about these approaches and lessons learned.

The number of exposed consumer records more than doubled in 2018 from 2017, according to the Identity Theft Resource Center, but enterprises don’t have to be a victim. Most attacks can be prevented by deploying the right mixture of products and processes. The primary goal is to coordinate and optimize your security defenses. A simple, but coordinated, security defense strategy allows you to:

• Validate equipment readiness
• Prevent access from bad IP addresses
• Decrypt malicious traffic
• Analyze traffic in real-time
• Perform advanced data analytics
• Enable DPI

In this webcast, Keysight and (ISC)2 will explore an overview of defensive security, a six step approach to defensive security and examples of visibility and security solutions that make this approach work.

Ransomware continues to be a widespread problem for organizations. Defending against such attacks are paramount for security teams at businesses small and large. Join Infoblox and (ISC)² on November 7, 2019 at 1:00PM Eastern and hear about the latest information concerning many of the leading ransomware threats, as well as updates on the state of the global ransomware assault and overall trends in developing and designing ransomware malware tools. Additionally, there will be details of original research on malware variants to include Shade, Sodinokibi, Megacortex, Cryptomix, Ryuk, Keypass, Hermes and Grandcrab.

It’s not a question of IF your network will be breached, but WHEN. News broadcasts for the last several years have shown that most enterprise networks will be hacked at some point. In addition, the time it takes for most IT departments to notice the intrusion usually takes months—over six months according to the Ponemon Institute. This gives hackers plenty of time to find what they want and exfiltrate whatever information they want. There are some clear things that you can do to minimize your corporate risk and the potential costs of a breach. One new approach is to create a resilient security architecture model. The intent of this model is to create a solution that gets the network back up and running after a breach has occurred, as fast as possible. While prevention should always be a key security architecture goal, a resilient architecture goal focusses on recognizing the breach, investigating the breach, and then remediating the damage as quickly as possible. Join Keysight and (ISC)2 for an examination of what network security resilience is, the benefits of such and examples of the visibility and security solutions that can be implemented to reduce the time to remediation.

DNS has always seemed to have a “last mile” security issue. Communications from a local DNS served to a client are typically unencrypted and not secure, leaving this traffic vulnerable to spoofing, hijacking and more. But privacy standards and protocols are emerging which are helping to encrypt this traffic. Join Infoblox and (ISC)2 on October 3, 2019 at 1:00PM Eastern for an examination of DNS over TLS (DoT) and DNS over HTTPS (DoH). The discussion will include the pros and cons of the two protocols, what option might make sense for your security & risk requirements and simple ways to secure your network and DNS.

Más de 130.000 profesionales de la seguridad de la información han invertido tiempo, determinación y recursos para lograr la certificación CISSP. Únase a (ISC)² miembros de diferentes regiones de América Latina para saber cómo la certificación CISSP les ha ayudado con su trabajo y carrera y quales los puntos de dolor, problemas y desafíos que encuentran en su vida laboral diaria, así como soluciones, consejos y mejores prácticas que han desarrollado a lo largo del camino.

(ISC)² will hold its 2019 Security Congress in Orlando, Fl Oct 28th – 30th. This conference will bring together a global community of cybersecurity professionals and more than 180 educational sessions. One of the 18 tracks at the conference will focus on Security Automation and the role that Machine Learning and Artificial Intelligence is playing in securing organizations of all sizes. On September 24, 2019 at 1 p.m. Eastern, join (ISC)² and several speakers who’ll be presenting in the Security Automation track on the Impact of Machine Learning on Cyber Security and Ethical Bias in AI-Based Security Systems as they preview their sessions and discuss why security automation is a leading concern for cyber security practitioners to understand.

(ISC)² recently completed our multi-year Digital End-to-End Transformation (DETE) project, which positions us to deliver a more a seamless and user-friendly experience to all members. In addition to revamping our online presence, we launched a new Learning Management Systems where members can access all the courses developed by our Professional Development Institute. In Part 3 of the (ISC)² Digital End-to-End Transformation (DETE) webcast, we will examine the “new world” of what the project has provided to internal (how we serve the members and visitors), the members (what you as members see and experience) and what’s to come. Join Wes Simpson, COO and Bruce Beam, CIO on September 17, 2019 at 1:00PM Eastern for a discussion on these items and a Q&A with our COO and CIO.

Today’s network environment can feel like a Cold War-era novel, full of who’s watching whom scenarios and heavily protected intelligence communications. Visibility is critical to an organization’s security posture, and encrypted channel communications can become an obstacle to it when gets to the wrong eyes. Decryption can illuminate what is hidden and restores the advantage you need to see what’s lurking in the shadows. Join Gigamon and (ISC)2 on September 5, 2019 at 1PM Eastern for an examination of decryption best practices, a review of encryption methodologies, the obstacles that impact security, resources and regulatory compliance and what’s changed with TLS 1.3 and how this newer protocol impacts visibility.

Infrastructure as a service (IaaS) has quickly risen to prominence because of the way that it provides enhanced flexibility and scalability to organizations around the world. However, using IaaS platforms like AWS, Azure, or GCP does require that organizations take responsibility for an increased amount of security in the cloud. Fortunately, there are tools designed to help with doing this properly. Join Bitglass and (ISC)² on August 29, 2019 at 1:00PM Eastern for a presentation on the various components of leading IaaS platform, what your organization is responsible for when it comes IaaS security and how Cloud Access Security Brokers (CASB) can help.

As companies grow, so do their third-party digital ecosystems. This is hardly a new phenomenon, but the dynamic changes and rapid growth often experienced today have made it increasingly difficult for companies to stay on top of their multiplying business relationships. Today, organizations are looking for best practices on how to handle this from a cybersecurity perspective. Given that there are multiple frameworks, approaches, and guidelines, it is hard to figure out which best practices will meet the needs of your organization. In Part 1 of this series, we’ll discuss frameworks, policies, and process to build a successful third-party risk management program; typical roles and responsibilities found in programs across companies of all sizes and best practices for third-party governance and program sponsorship.

So you’ve established the foundation of your third-party risk management (TPRM) program...now what? For many organizations, growing their TPRM program to scale at the speed of their business can be extremely challenging. This challenge is exacerbated because, in many cases, third-party ecosystem growth occurs with little coordination or oversight. Furthermore, once they establish third-party relationships, companies may not implement centralized processes to continuously monitor and evaluate those relationships, including the cyber risks they may pose. In the second installment of this webinar series, we discuss tips on how to “go beyond” the foundation of third-party risk assessments and drill down further into your vendors’ security posture, best practices for TPRM process improvement, reporting, and dashboard use and how to leverage continuous monitoring to scale your TPRM program at the speed and growth of your business.

You know that metadata helps you separate signal from noise, reduce time-to-threat-detection and improve overall security efficacy. But did you know that application metadata helps you monitor user experience, troubleshoot problematic apps, understand “Shadow IT” usage and improve security posture within your organization? Join Gigamon and (ISC)² on August 22, 2019 at 1:00 PM Eastern as we discuss the growing need for application-aware network operations and how Gigamon Application Metadata Intelligence provides the deep application visibility needed to rapidly pinpoint performance bottlenecks and potential network security risks. You’ll see how next-gen network packet brokers enhance metadata with intelligence and insights from traffic flows and discover how to understand the performance and control of hundreds of critical apps.

(ISC)² recently completed our multi-year Digital End-to-End Transformation (DETE) project, which positions us to deliver a more a seamless and user-friendly experience to all members. In addition to revamping our online presence, we launched a new Learning Management Systems where members can access all the courses developed by our Professional Development Institute. In Part 2 of the (ISC)² Digital End-to-End Transformation (DETE) will examine how (ISC)² executed the plan for the project, following the AGILE Project Management framework and the buy-in and support from other departments and stake holders within the organization. Additionally, there was board governance and oversight to contend with. Join Bruce Beam, CIO; Beth Paredes, Sr. Corporate Member Services Manager; and Sommer Hess, Director PMO, Quality and Training on August 20, 2019 at 1:00PM Eastern for a discussion on these items and the speed bumps that were run into on this project.

(ISC)² will hold its 2019 Security Congress in Orlando, Fl Oct 28th – 30th. This conference will bring together a global community of cybersecurity professionals and more than 180 educational sessions. One of the 18 tracks at the conference will focus on Privacy and the challenges organizations and practitioners face in this area. On Aug. 13, 2019 at 1 p.m. Eastern, join (ISC)² and several speakers who’ll be presenting in the Privacy track on GDPR, the role of AI in Privacy and the upcoming California Consumer Privacy Act (CCPA)  at Security Congress as they preview their sessions and discuss why privacy has coming a critical area for cyber security practitioners to understand.

The rise of SaaS applications has forever changed the way that work is completed in the modern enterprise. These apps enable real-time collaboration, enhanced flexibility and efficiency, as well as decreased costs. Join Bitglass and (ISC)2 on August 1, 2019 at 1:00PM Eastern for an engaging webinar where we’ll look at the significance of SaaS apps and how to prioritize their security, how to protect data within managed applications and detect and secure the use of unmanaged applications.

(ISC)² will hold its Security Congress 2019 in Orlando, FL October 28th – 30th. This conference will bring together 3000+ attendees and over 180 educational sessions. One of the 18 tracks that are being offered with focus on Cloud Security and the challenges practitioners face when dealing with all things cloud related. On July 23, 2019 at 1:00PM Eastern, join (ISC)² and several of the speakers who’ll be presenting in the Cloud track as we preview their sessions, get an idea of what will be discussed and discuss the state of cloud security today.

(ISC)² recently completed our multi-year Digital End-to-End Transformation (DETE) project, which positions us to deliver a more a seamless and user-friendly experience to all members. In addition to revamping our online presence, we launched a new Learning Management Systems where members can access all the courses developed by our Professional Development Institute. The road to DETE, however, took years of planning and execution as our team modernized our infrastructure and back-end systems, including migrating the majority of key systems to the cloud. In Part One of this series examining the journey the organization undertook, Bruce Beam, CIO, will discuss the rationale behind the initiative and steps taken to gain approval from the board of directors. Join us on July 16, 2019 at 1 p.m. Eastern as we begin this three-part, in-depth case study of how (ISC)² accomplished this ambitious project.