Compliancy, Accountability and Data Security From The Datacenter to the Cloud
The continuously evolving cyber threat landscape and increased regulation with the new European data laws, have led many organisations to re-think their enterprise risk management strategy and review security investment. As companies seek more dynamic ‘virtualised’ environments and service delivery efficiencies from Cloud, the increased complexity in security can outweigh the benefits. While recent attacks on Hilton, JP Morgan Chase, Target, Anthem, Home Depot, Sony and others have each been different, they all have one characteristic in common that once inside the data center perimeter, the attacks were able to expand laterally and to the target source of data. Join (ISC)² EMEA and VMware as we discuss security procedures and best practice that organisations need to adopt to comply with the GDPR plus how to mimimise risk while optimizing their CapEx and Opex.
RecordedJun 29 201660 mins
Your place is confirmed, we'll send you email reminders
Brandon Dunlap, Moderator, (ISC)², Nick Trigg, BitSight, Bob Lewis, (former) Barclays
In the third of the series exploring BitSight Security Ratings, we will be focusing on the challenge of third party supplier risk management:
- How can we manage suppliers using the dimensions of inherent risk impact and residual risk appetite?
- How can we place suppliers cyber risk posture into context of our business?
- How can we continuously monitor and remediate according to sensible risk prioritisation?
Bob Lewis (former head of External Cyber Assurance and Monitoring, Barclays UK) will be discussing real life examples with Nick Trigg from BitSight.
Lindsay Drabwell, Head of Membership Services EMEA, (ISC)², Matthias Maier, EMEA Director of Product Marketing, Splunk
Where has the time gone?
2018 may forever be known as the year of GDPR, but a look back to the last 365 days shows us that those in cybersecurity have been through a year of numerous trends, investments and modernisations of their Security Operations.
This webinar will share trends and lessons learned from Splunk’s own customers throughout 2018, including
-Insights into SOC activities at the Bank of England
-What security life really looks like at Siemens
-Overcoming the Industrial Internet of Things/Industry 4.0 security challenges at Volkswagen AG
-The skillsets Telia needed for their SOC to be successful.
Join us on December 4th, 12pm GMT as Matthias Maier goes through the top tales you need to hear as a security practitioner or manager.
Brandon Dunlap, Moderator, (ISC)², Simon Sharp, VP International, ObserveIT
The greatest cybersecurity threat an organisation faces is no longer the malicious outsider hacking from beyond network firewalls. It is the insiders - the contractors, third party vendors and privileged users who already have full access to your company's systems and sensitive data.
According to Ponemon Institute’s report 2018 Cost of Insider Threats, the average cost of an insider threat is $8.76 million annually. Addressing this type of threat requires a different approach to addressing external threats; whether unintentional or malicious, organisations with sensitive customer data need to quickly identify and eliminate insider threat.
Attend this webinar to learn the top five steps for building and maintaining an effective insider threat program, with best practices and real-life examples, that you can use.
You will learn:
- The types of insiders behind these threats
1.How to determine if your organisation is doing enough to address the threats
2.Five key elements to building an effective insider threat strategy
3.How to move beyond IT and think of an insider threat management strategy as a combination of people, processes and technology – in that order.
Lindsay Drabwell, Head of Membership Services EMEA, (ISC)², Ollie Sheridan, Principal Engineer, Gigamon
In this webcast Ollie Sheridan, Principal Engineer at Gigamon talks about the benefits of moving your SOC into the Cloud and how this differs from the challenges of creating a SOC yourself by combining monitoring tools and integrating them into an onsite SIEM.
During this presentation you will learn:
•How the security market is changing
•The paint points of implementing and managing your own SOC
•How and why you would put security into the cloud
Brandon Dunlap, Moderator, (ISC)², Karl Lankford, Lead Solutions Engineer EMEA, Bomgar
Industry thought leaders have stated that if you can only tackle one project to improve the security of your organisation it should be Privileged Access Management (PAM). Our own research backs this up with the 2018 Privileged Access Threat Report revealing organizations using automated PAM technology experience far fewer serious breaches than those that did not. Karl Lankford, Lead Solutions Engineer EMEA at Bomgar will discuss what ‘privilege’ means to your business and how implementing a PAM solution can drive significant improvements across the organisation. You will learn:
•Why organisations should make PAM their top 2019 investment
•Why quickly controlling and automating key PAM capabilities is critical to your organisation’s success
•Help you to prepare the business case for your PAM project and to get Executive Leadership buy in
Lindsay Drabwell, Head of Membership, (ISC)² EMEA, Richard Archdeacon, Duo, Daniel Cuthbert, Banco Santander
As early as 2003 the Jericho Forum was created to tackle "de-perimeterisation" and later in 2014 Google released their "BeyondCorp" paper detailing how they made it happen. However, have Zero-Trust security models been adopted in the enterprise and what challenges do organisations face when considering de-perimeterisation?
Join the discussion between Richard Archdeacon from Duo Security and Daniel Cuthbert from Banco Santander in Part 2 of the Zero Trust series and learn about Zero Trust deployments within the enterprise.
Richard Archdeacon, Advisory CISO, Duo Security
Daniel Cuthbert, Global Head of Cybersecurity Research, Banco Santander
For Part 1 in the Zero Trust Series, copy and paste this link into your browser: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=334792&Part2
Brandon Dunlap, Moderator, (ISC)², Jason Garbis, Vice President Cybersecurity Products, Cyxtera
There are a large proportion of business critical legacy applications unable to accept modern forms of authentication.
Refactoring legacy applications is costly and sometimes virtually impossible. Yet these applications are accessing highly valuable data across networks and they are a data breach ready to happen.
Join us as we discuss how to secure legacy applications with modern Zero Trust security.
Brandon Dunlap, (ISC)² Moderator and Jason Garbis from Cyxtera will discuss:
-Problems with how legacy applications are secured today
-Options for security without refactoring these applications
-Simplicity and speed to security that reduces operational complexity and scope of audits
-A process for gradual end-of-life legacy assets, while still operating day-to-day normal business
Lindsay Drabwell, Head of Membership EMEA, (ISC)², Malcolm Murphy, Chief of Staff EMEA, Infoblox
Have you ever done an assessment on how secure your DNS infrastructure is? Ponemon Institute has recently completed the first DNS Security Risk Survey among global organizations to understand how secure they are when it comes to malware and data exfiltration that uses DNS. The survey also provides insights into:
•The level of visibility these organizations have, especially in today’s complex network deployments
•Their use of threat intelligence and the effectiveness of threat intelligence
•The efficiency of their security operations
Brandon Dunlap, (ISC)², Nick Trigg, BitSight Technology, Thomas Born, Vodafone Group Services
In the last (ISC)² and Bitsight webinar we covered good reasons for utilising security ratings, covering the big topics of visibility, collaboration and agility.
Join us for this session where Nick Trigg, BitSight’s Risk Consultant, will share real life examples and use cases. Alongside Nick, we are pleased to welcome Thomas Born, Chief Security & Privacy Officer from Vodafone Automotive at Vodafone Group Services who will share his topical experiences.
To catch up on Part 1 in this series, copy and paste the following link in your browser: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=336859
Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, Membership Services Team, (ISC)² EMEA
Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session
Lindsay Drabwell (ISC)², Tristan Morris, Stacia Tympanick Carbon Black
According to ESG research, 72% of organizations believe that security operations are more difficult now than they were two years earlier.
This stems from security and IT operations teams lacking a reliable way to assess the current state of endpoints across their enterprise and leads to an increased risk of breaches, an inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance.
On this webinar we look at the current need to bridge the gap between Security and IT Operations with shared toolsets and shared goals, why IT hygiene and proactive vulnerability assessments are now vital aspects of any successful endpoint security program and how to leverage real-time query and remediation tools to better understand the state of endpoints.
•How businesses can understand and adopt a SecOps strategy
•How you can leverage real-time query and remediation tools to get a better understanding of the current state of your endpoints
•The need to bridge the gap between security and IT operations and with shared toolsets, shared goals and shared priorities
Tristan Morris – Security Strategist, Carbon Black
Stacia Tympanick – Solution Engineer, Carbon Black
Although “zero trust” is a popular term for the alternative security model that everyone’s talking about, it’s not always clear what it means, or whether it describes what policy changes you may want to make in your organisation.
Join Wendy Nather and Richard Archdeacon to find out more about Zero Trust Security models, implemented by Google in their BeyondCorp initiative.
Register for Part 2 in the Zero Trust Series: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=334792&Part1
Lindsay Drabwell, (ISC)² EMEA, Gary Cox, Infoblox, Alastair Broom, Logicalis
Today’s enterprise network has a vast number of network and security devices – all generating their own incidents, but they don’t always share information. According to the ESG research report on Security Operations Challenges, Priorities and Strategies in 2017, keeping up with the volume of security alerts and lack of integration between different security tools are the biggest challenges related to security. Organizations are investing heavily in automation/orchestration of incident response to improve collaboration, prioritize alerts and shorten time for incident response.
This webinar will discuss how integration of different network and security tools can:
•Provide better visibility across your entire network and remove silos
•Improve agility and automate IT workflows
•Enable faster remediation to threats
Please join Infoblox and Logicalis for this key discussion on the integrated ecosystem -- taking your organization to the next level of security.
Breakout time, the time that it takes an intruder to jump from the machine that’s initially compromised and move laterally through your network, on average is 1h and 58m*. This is your critical window to take action and stop the breach. When an attack is in progress, we’re seeing world leading security teams take one minute to detect it, 10 minutes to understand it and one hour to contain it. Is your organisation ready to meet the 1/10/60 minute challenge?
Attend this webcast to learn:
-What breakout time is and what it means for defenders that are responding to attacks in real time
-How the incident response process unfolds and the barriers that keep organisations from mounting a rapid and efficient response
-The key steps you can take to improve your organisation’s ability to rapidly detect, investigate and remediate threats
Adam Bosnian, EVP Global Business Development, CyberArk
Robotic process automation (RPA) is a powerful and emerging technology that streamlines and standardizes many human user processes as well as harmonizes different systems across an organization’s environment. So what do IT security professionals need to know about RPA platforms and the connection to privileged credentials? Very simply, it is a new attack vector and organizations need to protect these accounts with the RPA platform.
Because RPA software interacts directly with business applications and mimics the way applications use and mirror human credentials and entitlements, this can introduce risks when the software robots automate and perform routine business processes across multiple systems.
Learn about the vulnerabilities attackers seek out in RPA and the methods you can employ to proactively secure, protect and monitor privileged credentials in RPA non-human user entities that mirror human entitlements.
Lindsay Drabwell, Moderator & Head of Membership EMEA, (ISC)², Matt Middleton-Leal, Kennet Johansen, Netwrix
While compliance is close to security, being compliant doesn’t necessarily mean that you’re protected from a security breach.
Malicious actors don’t care if you passed a regulatory audit, and there are many companies that are fully compliant on paper but that have suffered a data breach.
That’s why it’s essential to take a “go beyond compliance” approach.
In this webinar, we’ll share some insights into the biggest IT security disasters and explain how you can avoid such failures by not just working towards compliance, but building a robust security culture in your organisation.
Join Matt Middleton-Leal (CISSP), General Manager at Netwrix and Kennet Johansen, Security and Infrastructure Solution Architect, to learn:
•Why going beyond compliance is good for business
•Practical tips for improving your IT security posture
•How the right security investments help you save money in the long term
•How to establish a strong security culture in your organisation
Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, Nick Trigg, Risk Consultant, BitSight Technology
Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.
According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.
The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors
Given these challenges can you afford NOT to utilise Security Ratings?
In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with
•Do security ratings threaten or compliment traditional methods of questionnaires and audits
•Why security ratings should be treated as a risk position rather than a vulnerability checklist.
•Data: sources, accuracy, coverage, currency
•Context : stakeholders, business impact
•Time to value : best approach to implementation
Lindsay Drabwell, Head of Membership Services (ISC)² EMEA, Mike Spradbery, Neil Jones, IBM
How can AI help overworked, understaffed and overwhelmed security analyst teams? How can the use of an AI platform help reduce the cost of a data breach? Mike Spradbery, IBM's UK&I Security Technical Leader, will explore these and other questions as he talks live to the experts behind a new Ponemon Institute study on the use of Artificial Intelligence in Cyber Security. Mike will also share case studies of AI in action in Cyber Security and explore how AI is helping organisations elevate their cybersecurity posture and reduce response times.
Forming part of the (ISC)² commitment to Inspiring a Safe and Secure Cyber World, we welcome you to the (ISC)² Secure Webinars - EMEA Channel. Sign up to join us for educational Security Briefings, Roundtables and eSummits aimed at all those vested in the world of information security. We welcome members and non members alike.
Compliancy, Accountability and Data Security From The Datacenter to the CloudAdrian Davis, Managing Director (ISC)² EMEA, Scott McKinnon, Lead Systems Engineer VMware UK[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]60 mins