Hi [[ session.user.profile.firstName ]]

ISO 27701 versus NIST Privacy Framework

Two new standards were adopted around a year ago. In August of 2019, ISO published 27701 an extension to 27001 requirements and guidelines for privacy information management. In January of 2020, NIST published the Privacy Framework, a mirror of the Cybersecurity Framework, adopted five years prior. How are these two standards alike and how do they differ? Which is best for your organization? Learn more from two experts in the area.
Live online Mar 16 5:00 pm UTC
or after on demand 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Scott Giordan, Spirion
Presentation preview: ISO 27701 versus NIST Privacy Framework

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Life of a CISO May 4 2021 4:00 pm UTC 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • Life of a CISO Apr 13 2021 4:00 pm UTC 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • Leadership in Technology, Security and For-Profit Boards Apr 1 2021 5:00 pm UTC 60 mins
    Julie Cullivan
    Julie will share what it takes to lead as CTO of a large organization supporting sales and technology in a fast moving world, and her advise for other women looking at different aspects of technology careers. Julie will also give insights on board and advisory roles with technology organizations in for-profit companies, the advantages of these roles, and what it takes to find such opportunities, and to meet the obligations of taking on these roles.
  • ISO 27701 versus NIST Privacy Framework Mar 16 2021 5:00 pm UTC 60 mins
    Scott Giordan, Spirion
    Two new standards were adopted around a year ago. In August of 2019, ISO published 27701 an extension to 27001 requirements and guidelines for privacy information management. In January of 2020, NIST published the Privacy Framework, a mirror of the Cybersecurity Framework, adopted five years prior. How are these two standards alike and how do they differ? Which is best for your organization? Learn more from two experts in the area.
  • Zero Trust & Data Protection Mar 10 2021 6:00 pm UTC 60 mins
    Ashish Malpan, Senior Director of Solutions Marketing, Forcepoint
    As with businesses today, cybersecurity isn’t a static concept and to be effective it must continue to evolve with technological advances -- be it in mobility, digital transformation, Zero Trust, or the growing sophistication of attackers and their ability to steal what’s most valuable to the organization -- intellectual property.
    The traditional product-centric security paradigm is contributing to the near record number of infrastructure compromises and data breaches. Today’s distributed work environment requires modern cybersecurity that is proactive, risk-adaptive and delivered through a converged platform approach that understands users and data no matter where they are. Join us to learn more on moving your company left of breach utilizing an approach to security designed for today’s sophisticated threat landscape that provides a seamless path to grow your security capabilities when and where you need them.
    Attendees will learn…
    • How understanding human behavior underpins modern cybersecurity strategies to finally move left of compromise
    • Operational benefits driven through the power of proactive and adaptive security capabilities
    • Future-proofing your investment and the value proposition in a SASE converged security platform approach that removes operational complexities and lowers TCO
  • Life of a CISO Mar 5 2021 5:00 pm UTC 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • Cyber Security Job Market Today and Going Forward Mar 4 2021 6:00 pm UTC 60 mins
    Kris Rides, CEO, Tiro Security and Kim Jones, Intuit Director of Security Operations
    Join us for a 2-person panel on job market for pay, skills, and the certifications in demand and those that are not. We will discuss how hot the security market really is and when people say they have a lot of openings they can't fill, what does that really mean. Overall, what does this look like today and going forward in the industry? Hear from our experts on how organizations and individuals should prepare.
  • The Steak and the Sizzle: Threat Intel, SecOps, and Cyber Fundamentals Mar 3 2021 6:00 pm UTC 60 mins
    Brandon Hoffman, Head of Security Strategy & CISO
    Threat intelligence has always been a hot topic and remains to be so. Understanding how your organization can benefit from threat intelligence is the first step. The second step would be how to dissect the world of threat intelligence and build real requirements that can provide value. Once you set requirements for intelligence and obtain access to threat intelligence, it needs to be applied in an operational manner. Where it belongs in security operations and how it can impact the processes and tools in place can make a world of difference. Coming full circle, threat intelligence being a hot topic has people focused on other hot topics in security. Many of these new technologies and approaches are interesting and can provide value, but in many cases, fundamentals are left behind. Taking a risk-based approach and focusing efforts on the building block of a comprehensive cyber program often gets overshadowed by the allure of trendy and new solutions. Telling the difference between the steak and sizzle can mean a make or break for the security posture of your organization.
  • 5 pillars for creating your modern Unbound Enterprise with data-centric SASE Recorded: Feb 17 2021 58 mins
    Jim Fulton is Forcepoint’s director of SASE and Zero Trust solutions
    Even before 2020, we knew where digital transformation was taking us. But we had no idea how quickly it would arrive. Because of the pandemic, our journey in cloud migration happened almost overnight. As a result, businesses today are less constrained by traditional network infrastructure and designated worksites. And, while we’ve always had some agility to shift work between on-prem and remote, we’re seeing the beginning of the new age of the Unbound Enterprise in which people have the freedom to work anywhere and anytime.

    Join this discussion to see how the new ways that people are accessing and using data—in multiple locations, on different devices, over the internet, in public and private clouds—are greatly accelerating the need to replace siloed infrastructure that can’t keep up. We’ll connect the dots on how you can take a “human-centric” SASE approach that puts users and data at the center of cloud-based security to make your business more agile and safer, all while cutting complexity and cost.

    Takeaways:
    1. Make working anywhere seamless and easy to deploy
    2. Protect data everywhere with a single set of policies enforced uniformly from endpoints to the cloud
    3. Automatically personalize security based on people’s behavior and the risk they present
  • Birth of Privacy Design Strategies Recorded: Feb 16 2021 59 mins
    Jaap-Henk Hoepman, Associate Professor Computer Science, Radboud University and IT Law, University of Groningen
    Some privacy regulations now have privacy by design/privacy by default obligation, and in the past, these have been difficult for engineers to define and implement. We will explore the history of how to translate these vague legal obligations into concrete design requirements. This session will explain how privacy design strategies were developed and how they break down into actionable tactics. We will provide real-world examples of how to apply the tactics in practice. You will walk away with knowledge of privacy-friendly processing techniques and how to process personal data responsibly.
  • Are Your Vendors a Threat to Your Business? Recorded: Feb 11 2021 66 mins
    Troy Vennon, Director, Cybersecurity & Trustworthiness, Covail
    Your vendors present a real operational risk to your business in 2021. The pandemic drove major shifts in not only how your business operates and partners, but also how your suppliers operate and partner. These systemic changes left unchecked can leave your business at significant risk to real cybersecurity threats.

    Join Troy Vennon, Director of Cybersecurity and Trustworthiness at Covail, for a quick session on:
    1. The 2021 outlook on supply chain risk and threats
    2. How MITRE ATT&CK can help prioritize threats and risks
    3. Practical, actionable steps to get you on the right path to managing third-party risk with confidence
  • 2021 State of the Phish Report Recorded: Feb 10 2021 60 mins
    ISSA International
    Cyber criminals are taking a people-centric approach to phishing attacks. Is your organization taking a people-centric approach to phishing prevention? Join this webinar for Proofpoint’s seventh annual State of the Phish report as it delivers critical, actionable insights into the current state of the phishing threat.

    Our experts will deep dive into:

    - The end-user awareness and knowledge gaps that could be negatively impacting your cybersecurity defenses.
    - The impacts infosec professionals are experiencing as a result of phishing attacks and the ways they’re attempting to combat these threats
    - How organizations are delivering phishing awareness training, and the ways they measure program success
  • Cyber Security Trends and Their Impact on Your Career and the World Recorded: Feb 4 2021 61 mins
    Diana Kelley, Co-Founder and CTO of SecurityCurve
    Diana will share her expertise on cyber security trends for the future, and what they mean to business, the world and your career. She will provide personal insights on executive career planning, what will help you build a successful security program, and how you can create your own impact and path to success.
  • Revamp Your Supply Chain Risk Strategy Recorded: Feb 4 2021 46 mins
    Brandon Ritze, Security Assessment Specialist, Covail
    Supply Chain Risk Management doesn’t need to be complex or resource intensive. A well-designed approach to your risk strategy can save you time, money, and headache.

    In this webinar, Security Assessment Specialist Brandon Ritze will share:
    1. The key building blocks to an effective risk strategy
    2. Common pitfalls organizations make that should be avoided
    3. Practical, actionable steps to get you on the right path to managing third-party risk with confidence
  • Shift Security Left. No, More Left Than That Recorded: Feb 3 2021 59 mins
    David DeSanto - Senior Director, Product Management - Security at GitLab
    The “shift left” approach is not a new concept within software testing and DevOps best practices and it is commonly thought of when discussing DevSecOps. This usually includes security testing earlier in the software development lifecycle with the goal of identifying security vulnerabilities and weaknesses prior to shipping code to operations. However, “shift security left” is commonly interpreted to be “get developers to run security tools”. This approach is fraught with issues as it requires developers to context switch out of their workflow, learn and use new tools, understand the output of these new tools, and file bugs to be remediated (in yet another tool). The “shift left” approach requires a harder shift left, bringing security testing as close as possible to the developer while not expecting them to learn new tools. Furthermore, security results need to be contextual and provide actionable next steps so they can be resolved as quickly as possible. Finally, security scans need to finish in minutes, not in hours or days. A harder shift left empowers you and your organization as it applies repeatable, defensible processes that automate security and compliance policies from the first line of code written.

    In this session, we will discuss:
    • Common pitfalls when implementing traditional “shift left” security
    • How to best apply different security scanning techniques available
    • Embedding security scanning into the developer workflow
    • Automating secure development best practices
  • Life of a CISO Recorded: Feb 2 2021 59 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • How to Prevent Organizational Risk when Faced with Modern Multifaceted Attacks Recorded: Jan 27 2021 61 mins
    Thom Bailey, Senior Director of Product Strategy
    In this session, Thom Bailey, senior director of product strategy at Mimecast, will explore the benefits of a consolidated cyber resilience platform to layer security, enhance visibility, and more effectively reduce mean time to remediate (MTTR). Attendees can expect to learn how to leverage an open API platform that uses shared threat intelligence to integrate with prevention, detection, and response technologies, and identify phishing emails with machine learning using real-life attacks to train and educate end users. With this knowledge session, attendees will gain an understanding of business risk with a Risk Score, comprised of aggregated data, to better gauge their organization’s security posture.

    5 Benefits of Attending Session:

    • Learn the benefits of a consolidated cyber resilience platform to layer your security, enhance visibility, and more effectively reduce time to respond/remediate (MTTR)
    • Leverage an open API platform that uses shared Threat Intelligence to integrate with the prevention, detection, and response technologies
    • Identify phishing emails with Machine Learning - and use real-life de-weaponized phishing attacks to both train and educate end-users
    • Understand and manage business risk with a Risk Score comprised of aggregated data to gauge the organization’s security posture
  • Trend Watch: Attacks on Remote Work (and How to Defend Your Business) Recorded: Jan 20 2021 61 mins
    Tony Lauro, Director of Security Strategy and Or Katz, Principal Security Researcher for Akamai
    Many businesses have now been supporting work from home for months now. After an initial rush to get the basics such as remote access to applications scaled up, what other changes need to be considered to protect and secure remote employees? Especially since it may be a considerable time before normality returns, this question is more imperative than ever.

    In this webinar, we will look at how attackers have adapted their techniques to exploit remote working, what changes has there been in user behavior and the top 5 approaches business should be considering to protect users when they are accessing the public internet.
  • Pseudonymization vs. Encryption: Fight! Recorded: Jan 19 2021 61 mins
    Patrick Walsh
    The user data you hold is now toxic -- meaning the penalties for losing control of that data are now potentially very costly. Technical measures must be taken to protect the privacy of that user data, which means you probably need to adopt a PET. But what PET is appropriate? Join us as we discuss the limits of pseudonymization and the landscape of encryption options available. We’ll examine a few well-known companies that are using encryption to make privacy a first-class part of their product by embracing end-to-end encryption and customer held encryption keys. We’ll also touch on encryption techniques like secure multi-party computation, homomorphic encryption, and transform cryptography.
  • Evolution of Identity Recorded: Jan 13 2021 59 mins
    Zulfikar Ramzan Chief Digital Officer (CDO) RSA, Chief Technology Officer (CTO) RSA Security Business Unit
    Most security leaders have entered 2021 understanding that securing rapid digital acceleration means greater reliance on Identity and Access Management programs than ever before. Many are embracing identity- and risk-centric concepts such as Passwordless Authentication, Zero Trust, and Mesh Security to address needs for greater resiliency and flexibility. Dr. Zulfikar Ramzan, Chief Digital Officer at RSA and a world-renowned expert on digital identity believes that success demands both clarity of vision and understanding for our current place on the continuum of identity evolution.

    Step into a time machine with Dr. Ramzan as he takes you on a journey to explore how the concept and practices of identity and access management have evolved over time. He’ll also show you where both are headed, and how your identity management strategy may need to change to keep pace with business and technology trends.
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ISO 27701 versus NIST Privacy Framework
  • Live at: Mar 16 2021 5:00 pm
  • Presented by: Scott Giordan, Spirion
  • From:
Your email has been sent.
or close