GDPR Blueprint; Tackling Confidentiality, Integrity and Availability of Data

Have you ever done an assessment on how secure your DNS infrastructure is? Ponemon Institute has recently completed the first DNS Security Risk Survey among global organizations to understand how secure they are when it comes to malware and data exfiltration that uses DNS. The survey also provides insights into:

•The level of visibility these organizations have, especially in today’s complex network deployments
•Their use of threat intelligence and the effectiveness of threat intelligence
•The efficiency of their security operations

In the last (ISC)² and Bitsight webinar we covered good reasons for utilising security ratings, covering the big topics of visibility, collaboration and agility.

Join us for this session where Nick Trigg, BitSight’s Risk Consultant, will share real life examples and use cases. Alongside Nick, we are pleased to welcome Thomas Born, Chief Security & Privacy Officer from Vodafone Automotive at Vodafone Group Services who will share his topical experiences.

To catch up on Part 1 in this series, copy and paste the following link in your browser: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=336859

Organisations today need to be agile and dynamic in responding to the most advanced cyber threats.

Although automation has its place in improving SOC efficiencies, human intelligence is still one of the most important aspects in effective incident response.

In this session, you will learn about the journey to Intelligent Orchestration and how leveraging it in an uncertain world can empower your organisation.

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

According to ESG research, 72% of organizations believe that security operations are more difficult now than they were two years earlier.
This stems from security and IT operations teams lacking a reliable way to assess the current state of endpoints across their enterprise and leads to an increased risk of breaches, an inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance.
On this webinar we look at the current need to bridge the gap between Security and IT Operations with shared toolsets and shared goals, why IT hygiene and proactive vulnerability assessments are now vital aspects of any successful endpoint security program and how to leverage real-time query and remediation tools to better understand the state of endpoints.

Key takeaways:

•How businesses can understand and adopt a SecOps strategy
•How you can leverage real-time query and remediation tools to get a better understanding of the current state of your endpoints
•The need to bridge the gap between security and IT operations and with shared toolsets, shared goals and shared priorities

Tristan Morris – Security Strategist, Carbon Black
Stacia Tympanick – Solution Engineer, Carbon Black

Although “zero trust” is a popular term for the alternative security model that everyone’s talking about, it’s not always clear what it means, or whether it describes what policy changes you may want to make in your organisation.
Join Wendy Nather and Richard Archdeacon to find out more about Zero Trust Security models, implemented by Google in their BeyondCorp initiative.

Register for Part 2 in the Zero Trust Series: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=334792&Part1

Today’s enterprise network has a vast number of network and security devices – all generating their own incidents, but they don’t always share information. According to the ESG research report on Security Operations Challenges, Priorities and Strategies in 2017, keeping up with the volume of security alerts and lack of integration between different security tools are the biggest challenges related to security. Organizations are investing heavily in automation/orchestration of incident response to improve collaboration, prioritize alerts and shorten time for incident response.

This webinar will discuss how integration of different network and security tools can:
•Provide better visibility across your entire network and remove silos
•Improve agility and automate IT workflows
•Enable faster remediation to threats

Please join Infoblox and Logicalis for this key discussion on the integrated ecosystem -- taking your organization to the next level of security.

Breakout time, the time that it takes an intruder to jump from the machine that’s initially compromised and move laterally through your network, on average is 1h and 58m*. This is your critical window to take action and stop the breach. When an attack is in progress, we’re seeing world leading security teams take one minute to detect it, 10 minutes to understand it and one hour to contain it. Is your organisation ready to meet the 1/10/60 minute challenge?

Attend this webcast to learn:

-What breakout time is and what it means for defenders that are responding to attacks in real time
-How the incident response process unfolds and the barriers that keep organisations from mounting a rapid and efficient response
-The key steps you can take to improve your organisation’s ability to rapidly detect, investigate and remediate threats

Robotic process automation (RPA) is a powerful and emerging technology that streamlines and standardizes many human user processes as well as harmonizes different systems across an organization’s environment. So what do IT security professionals need to know about RPA platforms and the connection to privileged credentials? Very simply, it is a new attack vector and organizations need to protect these accounts with the RPA platform.

Because RPA software interacts directly with business applications and mimics the way applications use and mirror human credentials and entitlements, this can introduce risks when the software robots automate and perform routine business processes across multiple systems.
Learn about the vulnerabilities attackers seek out in RPA and the methods you can employ to proactively secure, protect and monitor privileged credentials in RPA non-human user entities that mirror human entitlements.

While compliance is close to security, being compliant doesn’t necessarily mean that you’re protected from a security breach.

Malicious actors don’t care if you passed a regulatory audit, and there are many companies that are fully compliant on paper but that have suffered a data breach.

That’s why it’s essential to take a “go beyond compliance” approach.

In this webinar, we’ll share some insights into the biggest IT security disasters and explain how you can avoid such failures by not just working towards compliance, but building a robust security culture in your organisation.

Join Matt Middleton-Leal (CISSP), General Manager at Netwrix and Kennet Johansen, Security and Infrastructure Solution Architect, to learn:

•Why going beyond compliance is good for business
•Practical tips for improving your IT security posture
•How the right security investments help you save money in the long term
•How to establish a strong security culture in your organisation

Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.

According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.

The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors

Given these challenges can you afford NOT to utilise Security Ratings?

In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with

•Do security ratings threaten or compliment traditional methods of questionnaires and audits
•Why security ratings should be treated as a risk position rather than a vulnerability checklist.
•Data: sources, accuracy, coverage, currency
•Context : stakeholders, business impact
•Time to value : best approach to implementation

How can AI help overworked, understaffed and overwhelmed security analyst teams? How can the use of an AI platform help reduce the cost of a data breach? Mike Spradbery, IBM's UK&I Security Technical Leader, will explore these and other questions as he talks live to the experts behind a new Ponemon Institute study on the use of Artificial Intelligence in Cyber Security. Mike will also share case studies of AI in action in Cyber Security and explore how AI is helping organisations elevate their cybersecurity posture and reduce response times.

As the volume of encrypted traffic continues to grow, organisations become even more vulnerable to encrypted attacks, threats and exploits that go undetected. Learn how to create a centralised “decryption zone” to decrypt traffic once and give security tools newfound visibility into encrypted traffic.
Join Ollie Sheridan (CISSP), Principal Engineer at Gigamon to learn:
•How the TLS 1.3 draft 28 proposal removes visibility which was widely deployed for threat identification in TLS 1.2.
•How to acknowledge and address critical management, troubleshooting, legal, regulatory, ethical and technical concerns.
•Why deploying TLS decryption in the core of networks is critical to detecting threats.
•How to deploy innovative architectures for TLS decryption while maintaining availability and reliability.
•How to manage growing SSL/TLS traffic volumes by creating a centralized “decryption zone” to decrypt traffic once and give security tools newfound visibility into formerly encrypted traffic and threats.

A growing use of the terms ‘AI’ and ‘Machine Learning’ being used in the descriptions of vendors’ products and capabilities can cause some confusion. With all the buzz around these latest trends, security professionals are left with some important questions: What can these technologies do in Infosec? How they can be implemented to improve everyday security processes? Where can’t AI and ML improve security tools? In this Splunk webinar, a machine learning expert will;
•Demystify what machine learning is as well as what it can and cannot do in InfoSec
•Walk through three of the most common use cases of where these technologies can be implemented
•Explore the latest innovations in ML & AI, and where this will take cybersecurity professionals next