Facing up to Mobile Security Challenges

A recent trend in the IT Industry has been to encrypt communications with more and more protocols now running over TLS ("SSL"). Major browser vendors are providing a means to not only encrypt the DNS requests being made by clients but also the SNI within a TLS connection. Are we as an industry losing sight of our goals with this approach and are producing a potential issue where we are hindering rather than helping ourselves in this endeavour? Join Gigamon and (ISC)2 October 13, 2020 at 1:00 p.m. BST for a discussion of the pros and cons of encrypting this data, with an emphasis on TLS as a transport. We will also examine the motivations of organisations to provide these services and how a Threat Actor can take (and in fact has taken) advantage of another hole we've inadvertently made in our countermeasures. Also discussed will be the steps we can take to keep ahead of this and the financial ramifications that ubiquitous encryption can have on security countermeasures.

The CrowdStrike Falcon® OverWatchTM 2020 Mid-Year Report provides unique insights into the targeted, state-sponsored and criminal campaigns the OverWatch team has encountered in the first half of 2020. Now, you can get a first look at the findings from the report presented by the expert threat hunters who analyzed some of this year’s most complex and intriguing incidents. Join Crowdstrike and (ISC)2 on October 6, 2020 at 1:00 p.m. BST this webcast and hear from CrowdStrike® VP of OverWatch and Security Response as she shares detailed accounts of real-world incidents her team has observed, including the trends, adversaries and techniques that were most prominent, so far, this year. You will also gain valuable information on the industries and regions most impacted by cyberattacks. The webcast will also focus on:

•How has the threat landscape shifted since the global pandemic emerged, forcing the rapid adoption of remote work and opening new avenues for attack?

•What industries have seen the biggest shifts in attack activity?

•What are the adversary motives behind the attacks and the most prevalent techniques adversaries are using to achieve their objectives?

•What are key steps you can take to protect your organization against today’s most prevalent threats?

Successful ransomware attacks are at an all-time high. And so is the number of organizations paying ransoms to recover their data. But why? And what can smart IT security teams do to mitigate the risks of falling victim? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews key findings from CyberEdge’s 2020 Cyberthreat Defense Report. In this webinar, we’ll:

- Examine disturbing ransomware trends, by country and by industry
- Postulate why more organizations are paying ransoms
- Underscore the importance of investing in your company’s “human firewall”
- Review technologies to help give security teams the upper hand

One of the biggest challenges for security teams today is to keep up with modern adversaries. A SOC needs to continuously improve detection capabilities based on the evolving adversary techniques. The time between a new attack seen “in the wild” and deploying a new detection in your SIEM is crucial to success. SOC processes, especially detection development, need modernizing in order to keep up with the advancing threat landscape. This is where the agile DevOps mindset should be adopted within SOCs to reduce the detection development time. Join Splunk and (ISC)2 on September 29, 2020 at 1:00 p.m. BST as we explore:

· DevOps and its advantages in a modern SOC

· What modern detection development looks like using DevOps methods

· How to build an automated workflow for validating and testing detection content

· How to use Splunk open source Attack Range for embedding development and testing of detections

In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format.

In this session Sarah Self, UK CISO at AVIVA will provide insight into the path she took to become a Cybersecurity Leader and how she is reinventing the role in the face of accelerating change.

With data growing exponentially, data sources spread across many areas, including data and multiple clouds. This leads to difficulty in proactively reducing risk and protecting critical and sensitive data. One of the largest sources of risk comes from duplicate and redundant sensitive data migrating across multiple data sources and stores. Blindspots into your derivative data can create unnecessary data exposure risks; stall cloud migration initiatives, data minimization initiatives, and M&A processes; and present an additional layer of compliance challenges across the board. Join BigID and (ISC)2 on September 15, 2020 at 1:00 p.m. BST for a discussion about these risks and how to discover, identify, and minimize duplicate and similar data. Areas covered will include:

· How to identify and tag duplicate, similar, and redundant data
· Map Data migration and identify original data sources
· Best practices for minimizing critical data across data sources and removing duplicate data
· How to apply next-gen ML techniques to reduce risk and increase confidence in your data
· Build a data driven risk profile of your data sources

As security budgets decrease and teams continue to adjust to the “new normal” operating environment, it’s become increasingly critical for security teams to find ways to do more with less. In order to get the most out of the investments in security tools and protect your data, organizations need to rethink traditional methods of mitigating risk and automate wherever possible. In this webcast, Bitsight and (ISC)2 will provide tips and best practices on how to enrich the threat intelligence you’re already collecting to maximize your cybersecurity ROI and prevent a potentially damaging breach or incident. We’ll also examine how to:

● Gain increased visibility and context into your growing attack surface

● Identify and remediate any gaps in your existing cybersecurity controls

● Automate your risk discovery and assessment processes

● Make data-driven decisions about where to focus your efforts for the greatest impact

Security happens where man meets machine (or fails to happen, as we see all too often!) As organizations have shifted from local-only to hybrid and cloud-hosted resources, the principles of zero-trust security have helped define human-friendly secure access regardless of a user’s location. While building a zero-trust strategy can improve security wherever a system must make an access decision, ignoring the behavior of the user and their experience can ground these initiatives before you’ve even taken off. So, organizations need to ask the right questions: what exactly happens where people and technology meet? At the very moment of human/system interaction, what factors in human psychology and industrial design are at play? And if we could pause time for a moment to catalog and identify those factors, could we design a better experience, a better outcome, and a better path to the future? Join Duo Security and (ISC)2 on September 8, 2020 at 1:00 p.m. BST where we will explore how to:

● Improve the success of zero-trust initiatives through industrial design techniques

● Leverage psychology and technology to have people make secure decisions and secure actions.

● Construct the design framework (tactics and metrics) to build and manage a security culture.

Nearly nine in 10 organizations are experiencing a shortfall of skilled IT security personnel, according to CyberEdge’s 2020 Cyberthreat Defense Report. That’s up from eight in 10 organizations just two years ago. This weighs heavily on the minds of IT security professionals as ‘lack of skilled personnel’ is rated as the #1 inhibitor to successfully defending against cyberthreats. So, what can organizations do to mitigate the effects of this crisis? Well, if you’re willing to ‘think outside the box,’ there is hope. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he:

- Examines the shortage of IT security personnel by job role
- Proposes creative ways for recruiting new security talent
- Suggests clever ways for retaining the talent you already have
- Identifies technologies that enable security teams to do more with less

One of the hottest topics in the Information Security world today is Cloud Security. Many organizations are still struggling with their journey to the cloud, how to secure their users, applications and different clouds (public, private and hybrid). Join DivvyCloud and (ISC)2 on August 25, 2020 at 1:00 p.m. BST as we focus on 10 easy and functional ways to harden your multi-cloud security posture. We’ll examine how to build a foundation based on best practices which have been learned through years of helping leading cloud-adopting enterprises stay secure.

Security teams need to plan and prepare for a consistent security and compliance posture across a larger, more fluid ecosystem in the cloud. To cover the additional attack surface, it’s important to know all the nooks and crannies, and what operates within them. One of these operators are the App Dev teams that increasingly move toward DevOps. Code is being built and released at a level of speed and complexity that leads to high interdependencies - causing unpredictability and risk. Now more than ever, a strategy needs to balance Security Operations’ costs with the growing list of responsibilities that come as part of the package with cloud. Join Splunk and (ISC)2 on August 18, 2020 at 1:00PM BST and learn the secrets of leading security teams, including:


•What the future of security operations centres (SOCs) and job roles will look like
•How the SOC Team needs to be strategically embedded in DevOps
•How to ensure and monitor compliance with an organization's security policy across multi-cloud services
•How DevOps’ principles can be practiced in the SOC operating model
•What it looks like to plan and establish a SOC in the cloud
•Starting your plan and how to communicate it to management

Want to know which IT security technologies are hot and which ones are not? 2020 has thrown many purchasing and deployment plans into a state of flux and your organization has probably been caught up in this. Join Steve Piper, Founder & CEO of CyberEdge (and a proud CISSP) and (ISC)2 on Tuesday, July 28, 2020 at 1:00PM Eastern as Steve reviews key purchase insights from the 2020 Cyberthreat Defense Report. Specifically, this webcast will examine which security technologies are most widely deployed and most planned for acquisition in 2020 so you can benchmark your company’s current and planned investments against your peers. Purchase intent across five key security technology categories will be focused on including:

•Network security
•Endpoint security
•Application and data security
•Security management and operations
•Identity and access management

Business teams have been enabled by technology solutions effectively so that their reliance on centralized teams such as IT and security has decreased significantly. The cyber threat landscape continues to evolve and organizations need to be prepared to identify vulnerabilities and points for exposure, including unforeseen shadow IT applications. As businesses have been forced to adapt to new working realities, how has the shift to a remote workforce impacted businesses' ability to identify undocumented systems and vulnerabilities? Join One Trust and (ISC)2 on Thursday, July 28, 2020 at 1:00PM BST as we discuss some of the contributing factors to shadow IT, the potential impacts and risk exposure, and some best practices in protecting stakeholders across the business. We’ll also examine:

· Key roles and responsibilities to align an effective defense in your risk management program

· Identify processes that fuel and encourage shadow IT practices

· Best practices to engage line of business employees to educate and promote cyber threat awareness

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

Viewing this webinar for at least 45 minutes will earn you 1 group B CPE.