Facing up to Mobile Security Challenges

Do you spend countless hours assessing businesses risk, stuck in spreadsheets, sift through emails to find the most up-to-date information? After gathering all the necessary information from your line of business, you still need to review, validate, analyze, and assigned a risk score. All of this must be done before actionable insights can be drawn or mitigation efforts can take place. There is a significant gap in how risk is assessed and rate at which your business operates today. As your program evolves, the need to simplify the risk assessment process becomes unavoidable. But a common reality is that as your business continues to develop, risk assessment practices and resources have largely remained the same. It’s not as simple as getting a risk management tool; it’s about finding the right technology to adapt your processes in line with your current risk landscape and business objectives. On July 8, 2021 at 1:00 pm BST. OneTrust GRC and (ISC)2 will review risk assessment best practices businesses should consider based on leading industry standards from ISO 31000, NIST CSF, and the latest DOJ Corporate Compliance Guidance. We will also share how to:

· Familiarize yourself with proven best practices and new perspectives on risk assessments

· Identify opportunities to collect risk insights in context through an automated questionnaire process

· Streamline risk identification with automation rules tied to your risk methodology

As businesses constantly evolve and grow, so does an organization's attack surface. The pace and velocity of technology transformation in enterprises has created a difficult environment for security teams to defend against complex threats. Join Beyond Trust and (ISC)2 on June 15, 2021 at 1:00 p.m. BST for a webinar where will examine how Privileged Access Management (PAM) can support the security team as an enabler to digital transformation, while providing one of the most effective ways to stop lateral movement by threat actors.

Key topics to be covered include:

· What Is Digital Transformation and why should we care about it?
· Why automation isn’t just for the business
· How to mitigate identity risk with Privilege Access Management

If the idea of automating breach response fills you with a sense of uneasiness, you’re definitely not alone. But the flipside of doing everything manually isn’t ideal either…and can actually bring more risk to a situation, especially during a major incident. On June 10, 2021 at 1:00 p.m. BST, Join Sam and Jess (aka The Real Housewives of Automation) of Exabeam and (ISC)2 for a session where we will explain where, how and when automation can help you investigate and respond quickly, accurately, and without creating a LinkedIn profile updating moment. We’ll also examine:

· End to end automated vs manual response – a look into a real breach through two different lenses
· The machines are our friends – how automation will help your team thrive
· Raging alongside the machines – how to get the right balance
· Investigation and response automation – where to start and how to finish

Every organization is working to reduce the delay between issuing a risk assessment, receiving a response, gaining risk insight, and making a risk-based decision. Risk insights quickly lose value as time elapses from the initial assessment request. Businesses should leverage the digital workstreams to collect information as updates occur using data discovery tools to find, document, and classify in real-time. Join OneTrust GRC and (ISC)2 on June 3, 2021 at 1:00 pm BST as we explore how to quickly connect enterprise data through automated data discovery and translate the data into meaningful risk insights. We’ll also examine how to:

· Identify data across business applications for the latest risk insights.

· Automatically categorize information to deliver meaningful insights across risk, compliance, and your executive teams

· Explore a new way to quantify risk using risk formulas to aggregate and standardize risk using real-time data points

In a year when a global pandemic significantly changed how and where we work, the CrowdStrike 2021 Global Threat Report has never been more highly anticipated. This year, the report exposes how cyber adversaries have exploited the situation, accelerating attacks and introducing increasingly damaging tactics, techniques and procedures. On April 13, 2021 at 1:00Pm BST, CrowdStrike Technology Strategist, Zeki Turedi and (ISC)2 will examine the notable threats, events and trends in the report, including pragmatic recommendations to help you better defend against cyberattacks in 2021 and beyond. We'll also examine:

· How the COVID-19 pandemic has changed cybersecurity

· How "big game hunters" are targeting the healthcare sector

· Significant nation-state-based targeted attacks and operations observed from China, Iran, DPRK, Russia and others

· The CrowdStrike eCrime Index and how it measures the strength of the cybercriminal market over time

Every day, wars are being waged on invisible battlefields. The enemy is hiding and stealthily leveling its attacks from within. This formidable foe isn’t an opposing army. It may very well be a single malicious actor, or a state-sponsored group of hackers. Without a trace of their tools left on the disk, attackers are storing the code in memory–resulting in infamous Fileless Malware. If successful, the best case scenario outcome is a tarnished reputation; the worst, significant (and potentially irreparable) damage to a brand and its business. Join Intezer Labs and (ISC)2 on May 25, 2021 at 1:00 pm BST for a discussion on how attacks like these can cripple an organization without its security team ever knowing it.

With up to 80% of cyber security breaches due to compromised credentials, more organisations than ever are prioritising privileged access security. This is reflected by Gartner as they have ranked Privileged Access Management (PAM) as the #1 security project for organisations for two years in a row. With the added challenge of cloud applications and services accelerating, organisations across the globe must understand and manage the challenges posed by privileged access from remote employees, third parties, and contractors. Join Thycotic chief security scientist and author Joseph Carson and (ISC)2 on May 13, 2021 at 1:00PM BST as he examines the key differences between Password Managers and Privileged Access Management and explaining why Password Managers are not enough to protect your privileged access. But we won’t stop there, Joseph will then guide you through the practical approach on how to define and implement privileged access cloud security best practices. We’ll also look at:

· The importance of protecting privileges not just user passwords

· Why Password Managers are not sufficient to protect your privileged accounts

· Key difference between Password Managers and Privileged Access Management

· Best practices for securing cloud privileged access

· Proven approach to implementing secure privileged access for remote workers and third parties

The global pandemic has accelerated the move of edge security controls to a cloud-delivered model. But it hasn’t changed the need for effective threat detection and reliable, fast secure access. The best way for security teams to meet these new challenges head-on is through a secure access service edge (SASE) service. Join Cisco and (ISC)2 on May 6, 2021 at 1:00PM BST as we explore the following:

• Networking and security solutions that are designed to work together

• Efficient and effective cloud-delivered security

• Vendor consolidation and ease of deployment

• Management that will scale with the needs of your business.

DoH (DNS over HTTPS) is a means of further encrypting web traffic and another step towards an encrypted safer Internet, or so it would seem. Many browser vendors are offering a means to tunnel your DNS traffic over HTTPS (TLS), combined with other technologies (such as Encrypted SNI) it presents a challenge to any organisation attempting to maintain a strong security posture in the constant battle against Malware and Data Exfiltration. Join Gigamon and (ISC)2 on April 29, 2021 at 1:00PM BST when we will discuss the rise of DoH, what problem it's trying to solve along with the associated problems it inadvertently creates. We'll also look into how it can be implemented and monitored, examining strategies to mitigate any risks this new approach presents us with. We’ll also examine the motivations behind those offering a 'free service' to users on the Internet and how this encrypted traffic is only as private as the trust you put into to the provider in question.

Today, many organizations rely on multiple cloud services with their end users regularly consuming dozens, or even hundreds, of different SaaS applications. This great cloud migration has successfully enabled the increase in remote working and is accelerating digital transformation initiatives. But, more clouds also means more challenges. In addition to the fundamental cloud security issues, there’s the additional complexity and interoperability issues arising from siloed identity stores, native toolsets, and conflicting shared responsibility models between cloud providers, creating an expanded attack surface that organisations need to address. On April 27, 2021 at 1:00PM BST, Beyond Trust and (ISC)2 will look at why the identity challenge is the most important security problem for organisations to solve and is best accomplished by standardizing the management and security controls across the entire IT ecosystem. Join this session to learn:

· The most pressing cloud security risks
· Where native toolsets leave gaps in security that you must address
· How to implement 7 cloud security best practices with privileged access management (PAM) to vastly decrease your likelihood and scope of a cloud-related breach