PCI DSS 3.2 – What’s New? What are the Best Tools to Prevent Data Loss?

The emerging DataOps is not Just DevOps for Data. According to Gartner, DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization.

The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment.

This session will discuss how to add Security in DataOps and DevOps.

With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.

This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.

Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.

This Session will be the first in a series on Threat Hunting. This kick-off session will introduce the concept of Threat Hunting as there is a lot of confusion about this important activity. Specifically, we will cover what it is, how it is performed, its’ role and some of the best Tools to use as a Threat Hunter.

We will discuss the Good, the Bad and the Ugly of Role Based Access Control. We will review access control in systems where multiple roles are fulfilled and compare MAC, DAC and RBAC.

We will present the "next generation" authorization model that provides dynamic, context-aware and risk-intelligent access control. We will discuss Identity Management, Data Discovery, AI, policy-based access control (PBAC), claims-based access control (CBAC) and key standards, including XACML and ALFA.

The upcoming PCI DSS version 4.0 will include many new or revised requirements and compensating controls will be removed It will include support for a range of evolving payment environments, technologies, and methodologies for achieving security. PCI DSS v4.0 further supports the use of different new technologies. The new validation option gives organizations the flexibility to take a customized approach to demonstrate how they are meeting the security intent of each PCI DSS requirement. This customized approach supports organizations using security approaches that may be different than traditional PCI DSS requirements.

Through customized validation, entities can show how their specific implementation meets the intent and addresses the risk. Unlike compensating controls, customized validation will not require a business or technical justification for meeting the requirements using alternative methods, as the requirements will now be outcome-based.

We will discuss how PCI DSS v4 may impact:

- Implementation of the new “Customized Controls”
- Cloud implementations
- Compliance cost
- Changes in liability
- Relation to the 49 new US State Laws
- PII and PI privacy
- Measure data re-identifiability for pseudonymization.
- Apply data protection to discovered sensitive data

Join this interactive webinar as we discuss using advanced data discovery to find & inventory all personal data at an enterprise scale.

Learn about new machine learning & identity intelligence technology, including:
- Identify all PII across structured, unstructured, cloud & Big Data.
- Inventory PII by data subject & residency for GDPR.
- Measure data re-identifiability for pseudonymization.
- Uncover dark or uncatalogued data.
- Fix data quality, visualize PII data relationships
- Apply data protection to discovered sensitive data.

This session will be a short recap of Session 1 and will then go into detail as to what State and Local Governments can do to prevent Ransomware Attacks.

This session will cover why State and Local Governments have headed the list of Ransomware Attacks. Part 1 will delve into why is this the case and Part 2 will address what can be done to prevent these attacks.

This session will delve into the legal responsibilities of your Bank's liability and your requirements to protect your banking credentials from the unauthorized transfer of funds as a result of a hack.

Tune in for this live interview with Graeme Payne, former VP and CIO for Global Corporate Platforms at Equifax. This session will give you first hand insights into what happened at Equifax, and lessons learned.

This session will take a practical approach to IT risk management and discuss multi cloud, Verizon Data Breach Investigations Report (DBIR) and how Enterprises are losing ground in the fight against persistent cyber-attacks. We simply cannot catch the bad guys until it is too late. This picture is not improving. Verizon reports concluded that less than 14% of breaches are detected by internal monitoring tools.

We will review the JP Morgan Chase data breach were hackers were in the bank’s network for months undetected. Network configuration errors are inevitable, even at the largest banks as Capital One that recently had a data breach where a hacker gained access to 100 million credit card applications and accounts.

Viewers will also learn about:
- Macro trends in Cloud security and Micro trends in Cloud security
- Risks from Quantum Computing and when we should move to alternate forms of encryption
- Review “Kill Chains” from Lockhead Martin in relation to APT and DDoS Attacks
- Risk Management methods from ISACA and other organizations

Speaker: Ulf Mattsson, Head of Innovation, TokenEx

----------------------------------------
Join BrightTALK's LinkedIn Group for IT Security Insights: http://bit.ly/2IsbauU

This session will define and delve into the concept of Zero Trust and how to best implement a Zero Trust Architecture

How should we prepare for this new brave world where many 3rd party security providers disappeared into cloud providers? This will greatly impact many 3rd party security vendors, organizations and investors.

Cloud transformations are accelerating. By 2020, cloud will increase by 157% and on-premises ’traditional’ IT infrastructure will decrease by 54%, according to 452 Research, 2018.

We will cover how many security solutions will change, including:
- WAF – Web Application Firewalls
- SIEM
- Firewalls
- Encryption
- Tokenization
- Key Management
- AV – Anti Virus
- Network
- And more...

----------------------------------------
Join BrightTALK's LinkedIn Group for IT Security Insights: http://bit.ly/2IsbauU

With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced identity and data protection solutions has become even more critical.

Join this webinar to learn more about:
- Data Protection solutions for the enterprise
- Trends in Data Masking, Tokenization and Encryption
- New Data Protection Standards from ISO and NIST
- The new API Economy and how to control access to sensitive data — both on-premises, and in public and private clouds
- The llatest developments in IAM technologies and authentication

----------------------------------------
Join BrightTALK's LinkedIn Group for IT Security Insights: http://bit.ly/2IsbauU

Machine learning platforms are one of the fastest growing services of the public cloud. ML, an approach and set of technologies that use Artificial Intelligence (AI) concepts, is directly related to pattern recognition and computational learning. Early adopters of AI have now rolled out cloud-based services that are bringing AI to the masses.

How are AI, deep learning, machine learning, big data, and cloud related? Can machine learning algorithms enable the use of an individual’s comprehensive biological information to predict or diagnose diseases, and to find or develop the best therapy for that individual? How is Quantum Computing in the Cloud related to the use of AI and Cybersecurity?

Join this webinar to learn more about:
- Machine Learning, Data Discovery and Cloud
- Cloud-Based ML Applications and ML services from AWS and Google Cloud
- How to Automate Machine Learning

----------------------------------------
Join BrightTALK's LinkedIn Group for IT Security Insights: http://bit.ly/2IsbauU

This session will delve into the area of Data Forensics specifically addressing when and why a Data Forensic investigation would occur and how to conduct a Data Forensic investigation.

This session will delve into what to look for in selecting a Pen Test vendor. With a poliferation of vendors all claiming to posses the best talent, expertise, and certifications, how do you separate the marketing hype from reality?

Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data.

The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.

Join this interactive webinar to learn more about:
- The latest trends and strategies for securing sensitive data in cloud and the enterprise
- How to discover and capture your data inventory
- What’s needed to prevent a data breach by securing your critical data and protect your reputation