Cognitive Security: A Game Changer?

CrowdStrike’s latest Cyber Intrusion Services Casebook continues to shine a light on how quickly attackers can gain access into an organisation. This webcast, drawn from real-life engagements from the past 12 months, takes a deep dive into the advanced and ever-evolving tactics, techniques, and procedures (TTPs) used by today’s most dangerous attackers.

We’ll discuss the following key trends:

-There is no slowdown in adversaries’ invention and brazenness
-Attackers operate quickly and at depth — waiting patiently to achieve their objectives
-Attackers are often hiding in plain sight

After years of debate over whether to impose new cybersecurity regulations on companies, the General Data Protection Regulation (GDPR) went into effect in Europe in May 2018. Already we’re seeing data breach victims ordered to pay fines under the new rules, and cookie disclosure notices are popping up on more websites than ever.
But what about the bigger picture: Is GDPR working? How would we know? We'll explore these and other issues, including an examination of what the data tells us as well as stories from GDPR implementation.

During episode 1 in our Trust No One Series, we heard about the origins of Zero Trust. Episode 2 showed us how Banco Santander started their Zero Trust journey.

In this Part 3, Duo will demonstrate how they deliver Zero Trust models to their customers.
You’ll leave with a hands-on basic understanding of how to deploy Duo to a cloud-based web-application.

Duo has been a pioneer in bringing Zero Trust models to the commercial market, allowing organisations to protect themselves quickly and easily.

Josh Green, Solutions Engineer, Duo Security
Richard Archdeacon, Advisory CISO, Duo Security

In the third of the series exploring BitSight Security Ratings, we will be focusing on the challenge of third party supplier risk management:

- How can we manage suppliers using the dimensions of inherent risk impact and residual risk appetite?
- How can we place suppliers cyber risk posture into context of our business?
- How can we continuously monitor and remediate according to sensible risk prioritisation?

Bob Lewis (former head of External Cyber Assurance and Monitoring, Barclays UK) will be discussing real life examples with Nick Trigg from BitSight.

Where has the time gone?

2018 may forever be known as the year of GDPR, but a look back to the last 365 days shows us that those in cybersecurity have been through a year of numerous trends, investments and modernisations of their Security Operations.

This webinar will share trends and lessons learned from Splunk’s own customers throughout 2018, including

-Insights into SOC activities at the Bank of England
-What security life really looks like at Siemens
-Overcoming the Industrial Internet of Things/Industry 4.0 security challenges at Volkswagen AG
-The skillsets Telia needed for their SOC to be successful.

Join us on December 4th, 12pm GMT as Matthias Maier goes through the top tales you need to hear as a security practitioner or manager.

The greatest cybersecurity threat an organisation faces is no longer the malicious outsider hacking from beyond network firewalls. It is the insiders - the contractors, third party vendors and privileged users who already have full access to your company's systems and sensitive data.

According to Ponemon Institute’s report 2018 Cost of Insider Threats, the average cost of an insider threat is $8.76 million annually. Addressing this type of threat requires a different approach to addressing external threats; whether unintentional or malicious, organisations with sensitive customer data need to quickly identify and eliminate insider threat.

Attend this webinar to learn the top five steps for building and maintaining an effective insider threat program, with best practices and real-life examples, that you can use.

You will learn:

- The types of insiders behind these threats
1.How to determine if your organisation is doing enough to address the threats
2.Five key elements to building an effective insider threat strategy
3.How to move beyond IT and think of an insider threat management strategy as a combination of people, processes and technology – in that order.

In this webcast Ollie Sheridan, Principal Engineer at Gigamon talks about the benefits of moving your SOC into the Cloud and how this differs from the challenges of creating a SOC yourself by combining monitoring tools and integrating them into an onsite SIEM.

During this presentation you will learn:
•How the security market is changing
•The paint points of implementing and managing your own SOC
•How and why you would put security into the cloud

Industry thought leaders have stated that if you can only tackle one project to improve the security of your organisation it should be Privileged Access Management (PAM). Our own research backs this up with the 2018 Privileged Access Threat Report revealing organizations using automated PAM technology experience far fewer serious breaches than those that did not. Karl Lankford, Lead Solutions Engineer EMEA at Bomgar will discuss what ‘privilege’ means to your business and how implementing a PAM solution can drive significant improvements across the organisation. You will learn:

•Why organisations should make PAM their top 2019 investment
•Why quickly controlling and automating key PAM capabilities is critical to your organisation’s success
•Help you to prepare the business case for your PAM project and to get Executive Leadership buy in

As early as 2003 the Jericho Forum was created to tackle "de-perimeterisation" and later in 2014 Google released their "BeyondCorp" paper detailing how they made it happen. However, have Zero-Trust security models been adopted in the enterprise and what challenges do organisations face when considering de-perimeterisation?

Join the discussion between Richard Archdeacon from Duo Security and Daniel Cuthbert from Banco Santander in Part 2 of the Zero Trust series and learn about Zero Trust deployments within the enterprise.
Speakers:
Richard Archdeacon, Advisory CISO, Duo Security
Daniel Cuthbert, Global Head of Cybersecurity Research, Banco Santander

For Part 1 in the Zero Trust Series, copy and paste this link into your browser: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=334792&Part2

There are a large proportion of business critical legacy applications unable to accept modern forms of authentication.
Refactoring legacy applications is costly and sometimes virtually impossible. Yet these applications are accessing highly valuable data across networks and they are a data breach ready to happen.

Join us as we discuss how to secure legacy applications with modern Zero Trust security.

Brandon Dunlap, (ISC)² Moderator and Jason Garbis from Cyxtera will discuss:
-Problems with how legacy applications are secured today
-Options for security without refactoring these applications
-Simplicity and speed to security that reduces operational complexity and scope of audits
-A process for gradual end-of-life legacy assets, while still operating day-to-day normal business

Have you ever done an assessment on how secure your DNS infrastructure is? Ponemon Institute has recently completed the first DNS Security Risk Survey among global organizations to understand how secure they are when it comes to malware and data exfiltration that uses DNS. The survey also provides insights into:

•The level of visibility these organizations have, especially in today’s complex network deployments
•Their use of threat intelligence and the effectiveness of threat intelligence
•The efficiency of their security operations

In the last (ISC)² and Bitsight webinar we covered good reasons for utilising security ratings, covering the big topics of visibility, collaboration and agility.

Join us for this session where Nick Trigg, BitSight’s Risk Consultant, will share real life examples and use cases. Alongside Nick, we are pleased to welcome Thomas Born, Chief Security & Privacy Officer from Vodafone Automotive at Vodafone Group Services who will share his topical experiences.

To catch up on Part 1 in this series, copy and paste the following link in your browser: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=336859

Organisations today need to be agile and dynamic in responding to the most advanced cyber threats.

Although automation has its place in improving SOC efficiencies, human intelligence is still one of the most important aspects in effective incident response.

In this session, you will learn about the journey to Intelligent Orchestration and how leveraging it in an uncertain world can empower your organisation.

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

According to ESG research, 72% of organizations believe that security operations are more difficult now than they were two years earlier.
This stems from security and IT operations teams lacking a reliable way to assess the current state of endpoints across their enterprise and leads to an increased risk of breaches, an inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance.
On this webinar we look at the current need to bridge the gap between Security and IT Operations with shared toolsets and shared goals, why IT hygiene and proactive vulnerability assessments are now vital aspects of any successful endpoint security program and how to leverage real-time query and remediation tools to better understand the state of endpoints.

Key takeaways:

•How businesses can understand and adopt a SecOps strategy
•How you can leverage real-time query and remediation tools to get a better understanding of the current state of your endpoints
•The need to bridge the gap between security and IT operations and with shared toolsets, shared goals and shared priorities

Tristan Morris – Security Strategist, Carbon Black
Stacia Tympanick – Solution Engineer, Carbon Black

Although “zero trust” is a popular term for the alternative security model that everyone’s talking about, it’s not always clear what it means, or whether it describes what policy changes you may want to make in your organisation.
Join Wendy Nather and Richard Archdeacon to find out more about Zero Trust Security models, implemented by Google in their BeyondCorp initiative.

Register for Part 2 in the Zero Trust Series: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=334792&Part1