Hi [[ session.user.profile.firstName ]]

Negotiating State & Federal Cybersecurity Regulations

The proposed 23 NYCRR 500 cyber regulations are not the first state directives to govern businesses operating in New York - the Graham-Leach-Bliley Act already exists to regulate cyber standards at a federal level. While these new proposed rules are more stringent in their requirements, businesses will need to learn how to navigate both sets of regulations - even as they overlap.
Recorded Feb 23 2017 28 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Elias Okwara
Presentation preview: Negotiating State & Federal Cybersecurity Regulations

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Unprotected Files on a Public Cloud Server: Live Panel on the NSA Data Leak Recorded: Dec 8 2017 59 mins
    Chris Vickery, George Crump, David Linthicum, Charles Goldberg, Mark Carlson
    Public, private and hybrid cloud are nothing new, but protecting sensitive data stored on these servers is still of the utmost concern. The NSA is no exception.

    It recently became publicized that the contents of a highly sensitive hard drive belonging to the NSA (National Security Agency) were compromised. The virtual disk containing the sensitive data came from an Army Intelligence project and was left on a public AWS (Amazon Web Services) storage server, not password-protected.

    This is one of at least 5 other leaks of NSA-related data in recent years. Not to mention the significant number of breaches and hacks we’ve experienced lately, including Yahoo!, Equifax, WannaCry, Petya, and more.

    The culprit in this case? Unprotected storage buckets. They have played a part in multiple other recent exposures, and concern is on the rise. When it comes to storing data on public cloud servers like AWS, Azure, Google Cloud, Rackspace and more, what are the key responsibilities of Storage Architects and Engineers, CIOs and CTOs to avoid these types data leaks?

    Tune in with Chris Vickery, Director of Cyber Risk Research at UpGuard and the one who discovered the leak, along with George Crump, Chief Steward, Storage Switzerland, David Linthicum, Cloud Computing Visionary, Author & Speaker, Charles Goldberg, Sr. Director of Product Marketing, Thales e-Security, and Mark Carlson, Co-Chair, SNIA Technical Council & Cloud Storage Initiative, for a live panel discussion on this ever-important topics.
  • Cyber Security Is Dead Recorded: Nov 15 2017 44 mins
    Chris Vickery, Director of CyberRisk Research at UpGuard
    The data is in: cybersecurity is dead. Even as global cybersecurity spending is expected to balloon to over $100 billion by 2020, the frequency and severity of cyberattacks continue to grow, with seemingly no end in sight.

    While exploits and hacking tools become even more widely available and simple to deploy, there has been little commensurate progress in beating back attackers, who continue to find success striking at persistent, common weak points. How is this possible?

    The answer is one that must chagrin any CISO spending exorbitant amounts of money on cybersecurity programs: The entire conception upon which cybersecurity rests -- of constructing a castle, against which any marauding attackers stand little chance of breaching -- is barely of use.

    Join UpGuard’s Director of Cyber Risk Research Chris Vickery in conversation to learn:

    - Why silver bullet security solutions that are stacked around the perimeter don’t protect against breaches
    - How data exposures occur, and how they can be prevented
    - Why vendor risk should be an integral part of the cyber risk assessment
    - What steps to take to become cyber resilient
    - How UpGuard can help
  • The Silent Killer: How Third-Party Vendor Risk Threatens Everyone Recorded: Oct 11 2017 44 mins
    Mike Baukes, CEO, UpGuard
    Enterprises are becoming increasingly cognizant of the massive business risk posed by incidents of cyber attacks resulting in data breaches. Less well-known, and perhaps more potent a threat, is the danger posed by third-party vendors entrusted with sensitive data in the course of a business partnership. While an enterprise can have the best and most resilient internal IT practices, there are no such guarantees their external partners will take the same care. The consequences can be enormous.

    The UpGuard Cyber Risk Team has made it its mission to find data exposures where they exist, aiding in securing them against malicious use and raising public awareness about the issues driving cyber risk today. In this talk, UpGuard CEO Mike Baukes will discuss how third-party vendor risk has proven a potent and pervasive threat in the digital landscape of 2017, as illustrated by a newly discovered third-party vendor data exposure case involving the leaking of sensitive data from major transnational corporations.

    Learn how you can mitigate such third-party vendor risk and begin to evaluate and enforce your business partners’ cyber resilience against such threats.
  • Cut Cord: How Viacom's Master Controls Were Left Exposed Recorded: Sep 28 2017 27 mins
    Dan O'Sullivan, UpGuard Analyst
    Learn about Viacom's critical data exposure.

    Exposed in the leak are a vast array of internal access credentials and critical data that could be used to cause immense harm to the multinational corporation’s business operations.

    Dan O’Sullivan, the analyst who first broke the story, will go through the details of the discovery and the significant impact of this data exposure.

    For the original article: https://www.upguard.com/breaches/cloud-leak-viacom
  • How to Hire DevOps Recorded: Sep 14 2017 37 mins
    Cliff Moon, CTO, UpGuard
    The rise of DevOps teams is upon us. The most recent State of DevOps survey found that 16% of respondents were part of a DevOps department with 55% of respondents self-identifying as DevOps engineers or systems engineers. Interesting. And if you simply Google ‘DevOps jobs’ you get over 4.5 million hits. So like it or not, this DevOps thing is going mainstream.

    If your organization is among those who embraced DevOps, you are probably looking for people with wide-ranging interests who will help you to get rid of silos.

    Hear from Cliff Moon, UpGuard's CTO, as he shares his experience on sourcing and hiring the right people.
  • Breaking Down Silos - DevOps Meets ITIL Recorded: Aug 17 2017 42 mins
    Greg Pollock, VP of Product at UpGuard
    Big things are happening in software. Agile Software Development and DevOps are delivering innovations at a rate never seen before. Prompting many to ask 'Is this the end of ITIL?'.

    There is a perception that DevOps and ITIL cannot play well together. That an you must choose one over the other or risk catastrophic failure. This is simply not true.

    Many do not realize that DevOps relieson core concepts and processes of ITIL to be successful. Ignoring this relationship means missing out on service improvements that may be introduced and developed by integrating key areas of the ITIL framework and the collective body of knowlege that is DevOps.

    In this webinar we will take a close look at the simple things organizations can do to get most out of a balanced blend of traditional and modern IT practices.
  • Blackout: How Engineering Firm Exposed Critical Infrastructure Data Recorded: Aug 15 2017 31 mins
    Dan O'Sullivan, UpGuard Analyst
    Learn about a data exposure discovered from within the systems of Texas-based electrical engineering firm Power Quality Engineering (PQE), revealing the sensitive data of clients like Dell, the City of Austin, Oracle, and Texas Instruments, among others.

    Left accessible to the wider internet via a port used for rsync server synchronization but configured to allow public access, the breach allowed any interested browser to download sensitive electrical infrastructure data compiled in reports by PQE inspectors examining customer facilities.

    Dan O’Sullivan, the analyst who first broke the story, will go through the details of the discovery and the significant impact of this data exposure.

    For the original article: https://www.upguard.com/breaches/data-leak-pqe
  • Are Your Third Party Vendors Creating Uninvited Cyber Risk? Recorded: Aug 10 2017 36 mins
    Greg Pollock, VP of Product at UpGuard
    Many of the largest and most well known breaches are cases of third party information exposure.

    One of the largest leaks of all time was discovered when an RNC vendor, Data Root Analytics, exposed 198 million voter records, including personal details, voter information, and predictively modeled attributes such as race and religion.

    Outsourced information work is crucial for organizations to scale and remain competitive, but it should be done with careful forethought to the risks the company faces should that information be compromised.

    In this webinar you will learn:

    - Why cybersecurity is dead
    - How to mitigate cyber risk in a cost effective way
    - How vendor risk becomes your risk
    - Steps to become cyber resilient
    - How to measure success on your path towards cyber resilience
  • Cloud Leak: How a Verizon Partner Exposed Millions of Customer Accounts Recorded: Jul 18 2017 32 mins
    Dan O'Sullivan, UpGuard Analyst
    A misconfigured cloud-based file repository exposed names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon. UpGuard’s Cyber Risk team discovered this critical data repository was not exposed by the enterprise holding primary responsibility for the information, but by a third-party vendor to the enterprise.

    Beyond the sensitive details of customer names, addresses, and phone numbers—all of use to scammers and direct marketers—the prospect of such information being used in combination with internal Verizon account PINs to take over customer accounts is hardly implausible. Dan O’Sullivan, the analyst who first broke the story, will go through the details of the discovery and the significant impact of this cloud leak.

    For the original article: https://www.upguard.com/breaches/verizon-cloud-leak
  • Untangling ITSM Recorded: Jun 29 2017 38 mins
    Phillip Palmer, Chief Evangelist at UpGuard
    The Alphabet Soup of International Standards, Best Practice Frameworks, Governance Models and the like can be daunting and confusing at first. Which one is ‘Right’? Which one is the ‘Best’? Which one of these should a business use to improve?

    The good news is that it doesn’t have to be that difficult.

    Phillip Palmer has been educating and advising organisations in best practices for over 15 years. A self-described ‘Service Management Evangelist and Process and Quality Purist’, Phillip has garnered praise and awards for his infectious enthusiasm and practical application of best practice guidance.
  • The RNC Files: Inside the Largest US Voter Data Leak Recorded: Jun 27 2017 37 mins
    Dan O'Sullivan, UpGuard Analyst
    In what is the largest known data exposure of its kind, UpGuard's Cyber Risk Team confirmed that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC).

    Dan O'Sullivan takes us through exactly what happened and why. As the analyst who first broke the story that is now being referenced in the House Intelligence Committee hearing, he will shed more light on the events leading up to the finding and what was exposed.

    For the original article: www.upguard.com/breaches/the-rnc-files
  • WannaCry: The Cost of Unnecessary Exposure Recorded: Jun 15 2017 31 mins
    Chris Vickery, Cyber Risk Analyst at UpGuard
    Global in scale, with across the board press coverage, the WannaCry ransomware attack has quickly gained a reputation as one of the worst cyber incidents in recent memory.

    Despite the scale, this attack relied on the same tried and true methods as other successful malware: find exposed ports on the Internet, and then exploit known software vulnerabilities.

    About our speaker: as a security researcher, Chris Vickery possesses a long track record of professional distinction and success discovering major data breaches and vulnerabilities across the cyber landscape.

    To learn more about Chris Vickery's work check out http://gizmodo.com/top-defense-contractor-left-sensitive-pentagon-files-on-1795669632
  • Compliance or Risk Management: Implications of NY DFS Cybersecurity Requirements Recorded: May 16 2017 33 mins
    Elias Okwara, Team Lead, Integrations & Content at UpGuard
    The coming into effect of New York's cybersecurity compliance requirements for banks, insurance companies and their third party service providers on March 1, 2017 marked a major development in the cyber risk regulatory environment. While the impact of these rules is far from certain, the lessons in managing risk are universal. UpGuard's Elias Okwara, CIPP/E, CIPP/US, will discuss practical steps for compliance and the implications amid rapidly changing cyber threats.

    In this webinar you will learn:

    - What do the New York Department of Financial Services (DFS) cybersecurity regulations mean for financial institutions
    - Practical steps for compliance
    - Implications of the regulation amid rapidly changing cyber threats
  • Why Hackers Keep Winning Recorded: Mar 15 2017 31 mins
    Jon Hendren, Senior Security Researcher, UpGuard
    Cybersecurity is officially dead.

    Worldwide spending on security-related hardware, software and services rose to $73.7 billion in 2016 from $68.2 billion a year earlier, according to researcher IDC. This number is expected to approach $90 billion in 2018.

    Yet data breaches have been increasing steadily over the past five years. Simply adding more layers is not a sustainable approach. A deep understanding of your company and IT infrastructure is required.

    About the presenter:

    Jon is an IT security and cyber risk evangelist at UpGuard. He doesn't *like* like risk, he just likes talking about it. More importantly, he likes talking about how it intersects with business risk, and how an accurate picture of cyber risk is one of the most important steps organizations can take toward proper cyber resilience.
  • Banking Best Practices: How Financial Institutions Can Ensure Cybersecurity Recorded: Mar 9 2017 33 mins
    Elias Okwara
    The Conference of Bank Supervisors (CSBS), a national consortium of state banking regulators, has released its recommendations on how banks can best institute practices which meet or exceed the legal standard for cybersecurity. With bank executives accountable for ensuring these standards are met, CISOs working in the financial sector must have a clear understanding of how they can fulfill these regulatory requirements.
  • Getting Covered: Understanding the Insurance Data Security Model Law Recorded: Mar 2 2017 29 mins
    Elias Okwara
    The proposed New York cyber regulations will not be the only state-level rules with which many companies may have to contend in the coming months. The National Association of Insurance Commissioners (NAIC) have proposed the Insurance Data Security Model Law for all fifty states, as well as all US territories and Washington DC, in an effort to institute baseline insurance requirements across the country.
  • Negotiating State & Federal Cybersecurity Regulations Recorded: Feb 23 2017 28 mins
    Elias Okwara
    The proposed 23 NYCRR 500 cyber regulations are not the first state directives to govern businesses operating in New York - the Graham-Leach-Bliley Act already exists to regulate cyber standards at a federal level. While these new proposed rules are more stringent in their requirements, businesses will need to learn how to navigate both sets of regulations - even as they overlap.
  • How far can you trust AI Recorded: Feb 22 2017 44 mins
    Greg Pollock, VP of Product at UpGuard
    Machine learning is both cool and valuable, but to apply it effectively requires that we disregard the former in order to be rigorous about the latter. In this session we take a hard look at the qualities that make machine learning fit for purpose for problems in cyber security in order to lay out a global roadmap for how machine learning can solve security problems today. Even more importantly, our bottom-up analysis of machine learning will chart the areas where an excessive faith in automation can become harmful to a business' security posture.

    About the presenter:

    Greg has previously managed products and product teams for gaming and education startups with a focus on meaningful, measurable engagement loops. His games have been ranked in the top ten by traffic on Facebook, the top ten by revenue on the App Store, and as the Editor's Choice in the App Stores of over 70 countries.
  • New York's Game-Changing Cybersecurity Rules Recorded: Feb 16 2017 32 mins
    Elias Okwara
    New York Governor Andrew Cuomo recently announced the "first-in-the-nation" cybersecurity compliance requirements for banks, insurance companies, other financial institutions, and third party service providers.
The World's First Cyber Resilience Platform
The UpGuard platform provides Baseline Discovery, Infrastructure Compliance, CyberRisk Analysis, Vendor Risk Scoring for enterprise customers around the world

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Negotiating State & Federal Cybersecurity Regulations
  • Live at: Feb 23 2017 4:20 pm
  • Presented by: Elias Okwara
  • From:
Your email has been sent.
or close