Name: Implementing the NIST Cybersecurity Framework Shouldn’t be Scary
Start: 2017-10-31T17:00:00Z
End: 2017-10-31T17:00:46.000Z
Location: BrightTALK
Rating: 4.6

Cavirin - Hybrid Cloud Security.  De-risk your cloud migrations, combining on-premise, AWS, GCP, Microsoft Azure, Docker, and SaaS capabilities. Follow best practices and if regulated, remain in compliance.  Learn how!

So much talk around the techniques used to achieve regulatory compliance utilizing 2nd generation automation in the cloud, but do they fall short?  Has Machine Learning finally made its way into becoming the most accurate way of mapping, weighting, and verifying compliance in the cloud;  further, allowing the system to effectively prioritize remediation actions and automatically carry out this guidance?  Join us for this enlightening webinar where Cavirin experts will explore:

*  What is real and what is not when it comes to Machine Learning to automate compliance 

*  What use cases have been identified where Machine Learning has been successfully applied

*   Can Machine Learning be attacked and how to avoid such threats

*   What is Cavirin's approach to Machine Learning and how do we validate our assumptions.

Machine Learning - Hype vs Reality

As 2019 approaches, DevOps & SecOps are looking to minimize the risks due to change management delays and manual processes. Today's existing approaches are good at monitoring and presenting what is wrong, but don’t take that vital next step in automating the correction of any issues. 

In this Webinar we show you how to close the security gap through auto-remediation, combining AWS Lambda functions and Ansible Playbooks.   Auto-remediation extends from your cloud security posture to your VMs and container instances, on-prem, or in the cloud.

Closing the DevOps/SecOps Security Gap

Our day-to-day life depends on the country’s 16 sectors of critical infrastructure.  From healthcare and financial services to energy and network systems, any disruption can be a threat to our democratic society.  Security professionals are tasked with putting together a security program to protect our most valuable assets. 

We have asked Joe Kucic, creator of the Verizon Risk Report, and Ken Williams, security leader from Nissan Motor Corporation, to provide us with their top ten tips to creating a successful security program and where NIST CSF fits in.

The discussion will include, but is not limited to: 

• Getting management buy-in
• Mapping the NIST CSF Framework to your infrastructure
• The importance of system hardening

Protecting Our Critical Infrastructure Starts with NIST CSF [NCSAM]

Pacific Dental Service (PDS) is one of the country’s leading dental support organizations, providing supported autonomy to more than 630 dental practices.  As a support services provider in the healthcare space, PDS is subject to HIPAA and other regulations, which plays a vital role in their journey to the AWS cloud.

Join us on September 25th as Nemi George, Sr. Director of Information Security and Service Operations at PDS, walks us through the AWS cloud journey:  the required planning, timing, best practices, and their experience to-date.  Plus, how Cavirin’s CyberPosture intelligence continues to strengthen Pacific Dental’s security posture and meet compliance regulations.   

Then we are lucky to have Thomas Robinson, Solution Architect for AWS look at the shared responsibility model, validating AWS responsibilities, and the tools available for building HIPAA workloads and maintaining compliance.  Topics include AWS CloudTrail and Lambda Functions.

If you are considering migrating to the cloud, this is a must-see event.

Pacific Dental Cloud Migration Strategy on AWS

Pacific Dental Service (PDS) is one of the country’s leading dental support organizations, providing supported autonomy to more than 630 dental practices.  As a support services provider in the healthcare space, PDS is subject to HIPAA and other regulations, which plays a vital role in their journey to the AWS cloud.

Join us on September 12th as Nemi George, Sr. Director of Information Security and Service Operations at PDS, walks us through the AWS cloud journey:  the required planning, timing, best practices, and their experience to-date.  Plus, how Cavirin’s CyberPosture intelligence continues to strengthen Pacific Dental’s security posture and meet compliance regulations.   

Then we are lucky to have Thomas Robinson, Solution Architect for AWS look at the shared responsibility model, validating AWS responsibilities, and the tools available for building HIPAA workloads and maintaining compliance.  Topics include AWS CloudTrail and Lambda Functions.

If you are considering migrating to the cloud, this is a must-see event.

Putting Together a Successful Cloud Migration Strategy

This summer, California passed a new privacy legislation implementing the strictest privacy controls of any state in the United States going into effect on January 1, 2020.  We have asked security expert, Joe Kucic, creator of the Verizon Risk Report, to walk us through what this newest regulation means to a CSO, CISO, and other security professional.  Plus what changes enterprises have made to address the GDPR regulations that went into effect earlier this year.

Join us as Kucic, who held security management leadership roles at Citigroup and GM and is currently the CSO at Cavirin, shares his thoughts on what organizations need to do to survive during this major movement to user privacy and transparency. Joe will be available to answer all your questions and take on a few of ours too.  This is 45 minutes of insight through a CSO's eyes that you are not going to want to miss..

California Consumer Privacy Act – A CSO’s Perspective

Just when you thought you had container security covered, a vulnerability appeared in the Docker container runtime—an insecure opening of the file-descriptor allowing privileged escalation—Now what? 

Yes, container hardening and image scanning are essential for container security, but automating anomaly detection and threat defenses in the container runtime is now essential. Watch this technical webinar, to learn more about the threat to the evolution of the container runtime layer as well as a simplified approach to container runtime protection as well as how automation enables DevSecOps.

In this technical webinar/demo, hosted by ISSA (the Raleigh Chapter) you will learn:

* How container runtime protection complements image, instance, and orchestration security

* How to automate full stack container security across multiple public clouds even on-prem

* Automating code promotion through scripting

Practical Full-stack Container Security

The credit rating single score is used to represent consumer credit risk. While easy to understand, a credit rating score incorporates several signals of consumer credit risk. We believe hybrid cloud infrastructures will benefit from an easily-understood “CyberPosture Score” that provides a meaningful, comprehensive, defensible and extensible view of Security and Compliance risk.  
 
Join us as Cavirin experts discuss what’s required to obtain a CyberPosture Score—Learn about Cavirin’s breakthrough approach to Security Posture assessment and scoring including:

>> Verify where your risks are coming from

>> Identify the differences and correlations of risk and compliance

>> Determine the criticality of your assets, using the CIA (confidentiality, integrity, and availability) framework across your hybrid infrastructure

>> Remediate risks utilizing actionable intelligence

>> Manage configuration drift and maintain golden posture

Can Hybrid Cloud Security Posture be Monitored by a “Credit Rating Like" Score

3.5 million unfilled security jobs in the coming years coupled with increasingly sophisticated attacks doesn’t paint a pretty picture.  As Cisco’s SVP security said at RSA this year, ‘we are completely screwed.’  But we don’t have to be, and you don’t have to be a genius either!
 
Join us, as we share results of recent surveys from ESG, Cybersecurity Insiders, and Cavirin that look at key concerns when migrating to the hybrid cloud, things like DevSecOps, container monitoring, and continuous compliance.
 
We will then provide you a sneak peek into Cavirin’s CyberPosture Intelligence and its simplicity which provides you with a real-time view across your hybrid cloud, both account security posture as well as workload continuous compliance.  One button assessments and immediate comparisons to your desired ‘golden posture’ help you maintain control without hiring more security experts.

Finding Out Your Cybersecurity Posture Doesn’t Take a Genius

Summer is quickly approaching and unfortunately, many organizations let the GDPR deadline slip away.  If you are one of the thousands of organizations that missed the deadline, then this is the webinar for you.  Download this on-demand Webinar, to find out from experts on GDPR means to US companies and an action plan to automate your compliance and address this global regulation.

GDPR – An Action Plan to Address the New Regulation

Cyber threats are looming in 2018.  Join Byron Acohido, Pulitzer Prize winner and executive editor of lastwatchdog.com, to learn about the current threat landscape and how your organization can utilize current frameworks and guidelines to become better prepared to handle these threats.  Cavirin will demonstrate how customers have incorporated the NIST CSF to strengthen their cybersecurity infrastructures against these looming threats.     

Watch this webcast to learn:

-  The spectrum of cyber threats looming in 2018
-  The major forces in motion to mitigate cyber threats 
-  The implications for company decision makers
-  How the NIST Cybersecurity Framework will strengthen your cybersecurity infrastructure

Cyber Threats are Looming - Leverage NIST CSF

Download this on-demand webinar as DevSecOps expert and writer, Gregory S. Bledsoe (@geek_king on Twitter), provides insight into balancing quickness with security into the DevOps environment.  In addition, Dr Ravi Rajamiyer, VP Engineering at Cavirin, demonstrates the steps required to securing the container (Docker/Kubernetes) lifecycle. 
 
Competition is fierce and today’s businesses cannot afford to slow down their development processes to wait for security to catch up. Development lag time could mean the difference between success and failure, so DevOps and SecOps must find ways to unite. Securing the application lifecycle from the beginning has become key to making DevSecOps real. 
 
What you will learn:
 
>> The why, the what, and the how of DevSecOps
>> Repackaging security  and looking at change as an opportunity
>> How to refine a standard DevOps workflow to address security requirements
>> Automating security through the container lifecycle

Automating Security into the DevOps Process

Is your cybersecurity protection making the grade?  Healthcare rates a 'C' in security, almost half of US residents have been compromised, and the end-user impact is tens of billions of dollars a year.  

An easy first step is understanding the attack vectors and automating HIPAA technical controls.  This automation lets you quickly understand your baseline security posture both on-premise and within the public cloud, where you have gaps, and how to remediate them.

Protection of HIPAA Data Not Making the Grade?   Automate Risk and Compliance

Docker adoption has surged, up 40% over the past year, taking the lead for DevOps tools on AWS. With this transformation, enterprises are looking for ways to confidently introduce Docker into their Cloud environment. Join us as Cavirin experts guide you through: 

> Securing EC2 Container Services, as well as Docker images, brought in from different registries
> Integrating CloudTrail and CloudFormation
> Today's best Docker security practices on AWS
> The latest on Kubernetes

Confidently Securing Docker on AWS

Image, Container, and Orchestration security with Cavirin

Cavirin Docker Ecosystem Contributions and Solutions

Describes Cavirin platform's automation and manual controls, and includes a demo of capabilities.

Cavirin GDPR Support and Demo

Are containers & Docker secure?  We look at best practices across their lifecycle, including image scanning within CI/CD process, container OS hardening, and orchestration security with Kubernetes.  Guest speaker is Izak Mutlu, former CISO at Salesforce.

Lifecycle Container & Docker Security - The CISO's Perspective

According to Gartner, “The NIST Cybersecurity Framework is an absolute minimum of guidance for new or existing cybersecurity risk programs, and is a legal framework for aligning IT to OT security.” However, even with this strong guidance, many organizations are still hesitant to implement the security framework because, at first glance, it can appear overwhelming. 

In this on-demand Webinar Cybersecurity and compliance experts, Pravin Goyal and Anupam Sahai, will provide insight on successfully implementing and automating CSF and NIST 800-171 across cloud, on-premise, and hybrid cloud infrastructures.

What You Will Learn:  

>> The five NIST Cybersecurity Framework functions
>> NIST’s seven steps for establishing a cybersecurity program
>> How to map and automate technical controls defined in CSF
>> How CSF works with other security frameworks (including NIST 800-171)
>> NIST 800-171 compliance

Implementing the NIST Cybersecurity Framework Shouldn’t be Scary

NIST

Security Framework

Cloud Security

Critical Infrastructure

Hybrid Cloud

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Implementing the NIST Cybersecurity Framework Shouldn’t be Scary

Presented by

About this talk

More from this channel