Cognitive Security: A Game Changer?

Organisations apply many cybersecurity controls to help measure and maintain data security and regulatory compliance. Several are purposeful and list requirements that are subjective in how to employ them and how to meet their unique business risk strategy. This can often make it difficult to create a baseline security control strategy that will meet new regulations as they are introduced.

In this session, the expert panel will discuss specific security controls that can be used to provide clarity, and measure for any data security and protection programme including the GDPR. Considerable focus and examples will be drawn from prescriptive data security standards such as the PCI DSS, (Payment Card Industry Data Security Standard), and how leveraging such standards can help to create a security control strategy to meet and measure continuous data security compliance.

Webinar attendees will take away many practical examples, solutions, and anecdotes on how their businesses can alleviate the pressures of employing the right security controls to protect GDPR-defined data, meet compliance and prove security control efficacy.

Panel Experts:
Jeremy King, ‎International Director, PCI Security Standards Council
Andrew Barrett, International / Managing Principal Application validation, Coalfire
Christopher Strand, Sr. Director Compliance Strategy, Carbon Black
Moderator: Adrian Davis, Managing Director, (ISC)² EMEA

To listen to Part 1 of this session, paste the following URL into your browser: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars/Focused-Webinars?commid=260091

During a survey recently conducted among security professionals, 90% said phishing is the #1 threat. Yet many acknowledged they’re unprepared to deal with phishing attacks.

Attend this webinar to learn why responders are drowning in emails instead of hunting real threats. See why they’re betting on automation whilst we know, tech alone won’t stop threats from getting through and wreaking serious havoc. Learn what rapid changes and investments your peers are planning to turn the tide against phishing and protect their organisations.

You will also find out:
•How bad is the phishing threat?
•How confident are companies in their phishing responses?
•What solutions are companies using—and which ones should they add?
•How can automation and technology help? Why are humans important, too?

You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next?

Join this session to learn about the impact of GDPR and go through a breach investigation and response scenario as it would be after GDPR comes into effect in May 2018. You’ll hear from Splunk’s Data Privacy Officer Elizabeth Davies and Splunk’s Security Ninja Matthias Maier.

What you will learn:
- What breach response will look like under the GDPR
- What tools and processes a data privacy officer will rely on in case of a breach
- What departments and entities will be involved beyond IT
- What activities are currently happening within organisations to prepare for the GDPR
- What the consequences of the breach could be

Cognitive Security has game-changing potential to help tackle cybercrime, but how is this playing out in reality? In February this year IBM announced Watson for Cyber Security, described as 'the industry’s first augmented intelligence technology designed to power cognitive Security Operations Centres'. What do customers say about their experiences working with Watson for Cyber Security and how is it helping security analysts improve response times?

Mike Spradbery, IBM's UK&I Security Technical Leader, will discuss not only the promise of Watson for Cyber Security but the client results that IBM is seeing. Mike will talk live to Brian Jensen, the analyst responsible for Cyber Security during the high-profile Wimbledon tennis tournament, to understand the scale and type of attacks the team saw, and how innovative new technologies like Watson for Cyber Security helped the team keep Wimbledon safe and secure.

Somewhere out there, in a market crowded by over-qualified workers deluged by job offers, the next generation of CISOs is maturing. But how can CISOs train tomorrow’s security executives when today’s well-known security talent deficit makes it difficult to fill even the most basic roles?
Retaining cyber professionals isn’t just a matter of offering the biggest salary — it requires getting creative with cross-training, hands-on experience and developing collaborative solutions with fellow CISOs.
Watch the webinar with Sam Curry, Cybereason Chief Security Officer, to explore strategies for identifying and developing the next generation — including your own replacement.

In the wake of global ransomware attacks targeted mainly at Windows desktop and laptop devices, this webinar will discuss an often-overlooked threat: the mobilization of malware and ransomware. Whether through malign apps, poorly written code, corrupt e-mail profiles or disreputable websites, there are a range of avenues of attack open to hackers who might choose to target smart devices.
To date, attacks on mobile devices have been mostly on a small scale, targeting individual user devices and data. But is a big attack waiting in the long grass? Will the next WannaCry or Petya target mobiles, and how can you protect yourself?

Incident response has become increasingly complicated. According to a recent report, 67% of security professionals believe that incident response is more difficult today than it was two years ago. This is due to the numbers of IT activities and security alerts, and the need for advanced IR skills.
This webinar will explore a new and unexpected boost to incident response, coming from the integration of threat hunting methodologies.
Israel Barak, Cybereason CISO and an Incident Response expert, will chat with Lital Asher-Dotan, Senior Director of Content, about:
- The latest challenges faced by IR professionals
- Threat hunting and its benefits for IR
- Specific examples in which threat hunting leveled up IR practices

Are you an (ISC)² member with questions about your certification and member benefits, or want to keep in touch with (ISC)² news in EMEA? Are you thinking about joining, and curious to hear more about what membership means and how (ISC)² can help you?

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

Would you leave sensitive data out in the open making yourself a target to thieves looking for a victim? That is exactly what your business is doing if it fails to identify vulnerabilities in their business applications. Cyber attackers are looking at your business applications for security vulnerabilities so they can get access and wreak havoc. It’s time to find and fix security vulnerabilities before the hackers do. Wondering where to start and what to do? This webinar will help you build a comprehensive plan to minimize threats and protect your company. Join this webinar to hear application security experts: Discuss methods for scanning & evaluating potential security vulnerabilities in out-of-the box and home grown business applications Teach methods for quickly detecting and eradicating software flaws Make recommendations for how to choose and implement vulnerability scanning tools Explain how to reduce security vulnerabilities during internal application development Examine the widespread use of open-source code and how it may expose your business to security threats

The introduction of GDPR is set to bring data protection to the top of businesses’ priority lists. So how can businesses ensure they are compliant and what steps do they need to take?
In this webinar, certified DPO Jan Smets with provide a six-step overview to help achieve compliance:

1) Understand the GDPR legal framework
2) Create a Data Register
3) Classify your data
4) Start with your top priority
5) Assess and document additional risks and processes
6) Revise and repeat

Overwhelming evidence consistently shows that people are at the heart most data breaches. A new approach is needed, not so long ago technical attacks by hackers required technical solutions, but, as hackers find it more lucrative to target human vulnerabilities attention needs to be refocused on people.

Discourse is shifting from awareness to culture change, however, early in its maturity, culture change lacks a universally accepted approach, and therefore people struggle to make change happen or to convince the business to invest.

This webinar will provide 8 practical principles for effective change from auditing your current security culture through to embedding security as business as usual. It will provide a cohesive approach to behavioural change that can be measured. You will gain knowledge to help build a business case for culture change and techniques to use when your program launches.

Faced with an avalanche of alerts, insufficient staffing, and a bewildering regulatory environment it's no wonder that most organizations struggle to respond effectively to cyber attacks. Successfully resolving attacks requires fast, intelligent, and decisive action - organizations need to have an orchestrated plan in place before an attack occurs. Indeed, the best orgaizations leverage an orchestrated response capability to achieve cyber resilience, the ability to weather the inevitable cyber attacks as just another part of doing business.

Join IBM Resilient’s Chris Neely, Director of Technical Sales, EMEA to explore the latest incident response methodology and technology. Can automation really save the day? From instant escalation, to automatic enrichment, to guided mitigation, Chris will explore the latest incident response techniques and share what works and what doesn't. Attendees will gain a framework for understanding their incident response capability and a maturity model for evaluating opportunities for orchestration / automation.

This webcast will introduce a discussion of several threat models that help to illustrate how organizations can look to strengthen their security posture while supporting their GDPR strategy. Areas of concentration will include:

• How to reduce the potential risk and liability associated with the GDPR data residency and data protection accountability requirements.
• Focus on specific controls used to provide clarity and measure to any GDPR strategy within the enterprise.
• An introduction of cybersecurity control measure that can help reduce threats to the enterprise, while ensuring acceleration of data and security regulatory accountability for any GDPR program.

Session attendees will take away many practical examples, solutions, and anecdotes on how their businesses can alleviate the pressures of balancing the confluence of security risks and the GDPR mandate. They will have some starting points on how they can create a plan to step beyond static regulatory alignment and apply collective intelligence, industry baseline initiatives and mandates, as well as shared industry intelligence, to better measure what’s most important to their cyber policy and regulatory GDPR requirements.

Cyberattacks are top of mind for organizations across the globe. In fact, 62 percent of firms are being attacked at least weekly and 145 percent are experiencing a rise in the number of security threats. But do organizations have the processes in place to investigate and effectively respond to these incidents? IDC recently surveyed security decision makers at 600 organizations to understand the state of security operations today.

Join this webinar to hear from guest speaker Duncan Brown, Associate Vice President, Security Practice, IDC, and Matthias Maier, Security Product Marketing Manager, Splunk, and discover:

●The time and associated cost security teams spend on incident response and how you compare to your peers
●How organizations are coping with an average of 40 actionable security incidents per week
●Where teams are focusing their security efforts
●Why an analytics-driven approach can make security investigation more efficient and effective, reducing costs and improving security posture

After every major data breach, the security community engages in a game of whodunit. It's human nature to want a resolution and to see the perpetrators brought to justice. The problems with attribution are starting to be discussed more openly within the security community, with many firms questioning the utility of technical attribution. At the same time, all are in agreement that the model they continue to use is failing.

Recent research proves that threat actors use a variety of techniques to create misattribution of the attacks. In our upcoming webinar, Cybereason's Ross Rustici, Sr. Manager Threat Intel, will discuss examples of attack misattribution and discuss whether correct attribution is still possible.

Join us to learn:
• Why attack attribution is a complex mission
• The variety of techniques used by nation-state and criminal actors to disguise their involvement
• An approach to help organizations better harness the power of attribution

In this webinar, Richard Cassidy, Technical Director EMEA, and (ISC)² EMEA Managing Director, Adrian Davis will discuss the latest malware trends and attack vectors. The most reported cyber-criminal groups, the latest attack trends (like WannaCry), and best practices for fighting the adversary will be explored. Join us for an up-to-date deep dive into adversary TTPS and how to prevent and respond to attacks using techniques like proactive hunting and SOC analysis and response.