Name: Software supply chain attacks, what they are, and how to threat model
Start: 2021-02-19T03:40:00Z
End: 2021-02-19T03:40:44.000Z
Location: BrightTALK
Rating: 5

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

In our presentation, we'll compare the European Union's GDPR with Caribbean data privacy laws, highlighting how both aim to protect personal data but differ in scope, compliance, and enforcement. We'll discuss the unique challenges Caribbean businesses face in meeting GDPR standards, due to different regulatory environments and penalties. The focus will be on how these differences present opportunities for the Caribbean to strengthen its data privacy frameworks, fostering trust and enabling international partnerships in a data-centric world.

Similarity and differences between GDPR and Data Privacy in the Caribbean

As with any piece of enterprise software, choosing and buying a PAM solution is a fraction of the battle. Many installations fail or never get rolled out fully due to deployment complications and competing priorities.
In this webinar, we will discuss common pitfalls, where implementations typically fail, and what you can do to make sure you are fully prepared to deploy and roll out PAM successfully in your organization.
Join this session to:
• Understand why many PAM rollouts fail
• Explore best practices around deployment
• Put a plan for success together
• Learn about new methodologies that can facilitate success

Navigating the Pitfalls of Privileged Access Management Deployment

Is the company talent management process helping your career advancements? How do we combat the assumptions about demographics and life choices; disparity starting from the first landing spot; women leave to start families; women don't aspire to upper management? The purpose of this webinar is to share some personal experiences in applying project management principles to a technical career planning and what you can do to track your own progress over time. Skills in cybersecurity is only the first step, technical proficiency, problem solving capabilities, knowledge in domain and context outside security and privacy as well as other soft skills are just as important for any technology focused career plans for women.

Women in Tech: Delusion or Progress and What you can do about it

We’ll look at current AI technology, legal and ethical issues, why human-machine trust is necessary, and why it’s not easy.

“Trust me – I’m an AI”: Why explainable AI is important

In the dynamic landscape of SaaS, the role of security transcends its traditional defensive function, becoming a powerful differentiator. In this talk, we delve deep into the paradigm shift where security is not just a safeguard but a strategic catalyst. 

Leading with security is more than a buzzword; it's a revenue-driving force. We will explore how proactive security measures can elevate SaaS organizations, foster customer trust, and be pivotal for both internal and external stakeholders - from auditors to customers, from GTM functions to board-level validation.

 You'll learn how this approach allows SaaS companies to not only detect and mitigate risks effectively - but also adapt swiftly to the ever-evolving threat landscape. 

Join us as we explore the transformative power of security in the SaaS industry and discover how it can be harnessed as a formidable force for growth, customer trust, and security by design.

Security By Design: Building Trust through Product Security

It’s all about the data.  Whether it's Data Subject Request or a Data Breach the amount of effort, cost and impact on a company's reputation depend on the quantity and the type of personal data involved.  The more personal data, the larger the consequences.  This presentation is a practical approach to privacy and data protection that includes strategies to help you stay compliant with the evolving privacy regulations.  No legalese or technical jargon, just a talk about applicability.

50 shades of data

In 1911, the first International Women’s Day was celebrated in Austria, Denmark, Switzerland and Germany.  But only in 1977, did the United Nations adopt March 8th for global celebration and advocacy of women’s rights and equality around the world.  We have made headway in the cybersecurity C-Suite level, but more inroads are required, to build out the middle.  We will review ways to accelerate that success and continue to build on accomplishments that matter.  We will share insights on the heavy hitters that will positively impact our individual careers going forward, actions that will help us achieve growth for women in the field overall, and those that can help us bridge the globe.

Celebrating International Women’s Day and the Successes in Cybersecurity

Third-Party Risk Management programs are in constant motion. They are a delicate balance between keeping up with new threats, navigating the evolving regulatory landscape, introducing new technologies and always trying to do more with less. Today, a static program is a failing program. What’s your plan to incrementally improve your processes over time? Join ProcessUnity for a discussion on how forward-thinking TPRM teams are incorporating new relationships, technologies and techniques to mature their risk-reduction capabilities.
Attend this session for trends, tips and techniques to help you:
• Build a strong partnership between procurement and information security to maximize both internal and external risk reduction
• Connect your internal controls to those of your vendors for a true assessment of your organization’s preparedness
• Leverage expert content, enterprise data and industry subject-matter expertise to reduce workloads, streamline assessments and confirm results are acceptable
• Employ artificial risk intelligence to significantly reduce the most time-intensive assessment activities

Beyond the Questionnaire: Tips to Modernize Your TPRM Program

In the last twenty years, privileged access management (PAM) has gone through many evolutions to keep pace with the ever-changing cyberthreat landscape. Still, a vital risk remains front and center: Privileged accounts are crucial for the day-to-day work of admins, but they are usually needed for only short periods of time — the rest of the day, they can be compromised by attackers and misused by insiders.

Old-school PAM solutions reduce this risk only to some extent, while being costly and time-consuming to deploy. But it doesn’t have to be this way! In this session, we’ll explore a modern, easy-to-adopt approach that deals with this core problem head-on.
Join this session to learn how you can:
- Leverage privilege orchestration to remove known attack surfaces when at rest
- Dynamically delegate access according to use case without impeding admin efficiency
- Quickly adopt modern PAM tools to centrally control and audit access

Security Renaissance: Why it's time to break with old-school PAM solutions

A recent report on cybersecurity and generative AI made an extraordinary claim: 75% of the information security professionals surveyed witnessed an increase in cyber-related attacks over the prior 12 months, and 85% attributed that increase to attackers using AI. If this is true, it represents a sea change in the cyber threat landscape and raises some critical questions about how we respond to it. In this presentation, we will review examples of AI-enabled threat vectors, evolving attacks on AI systems, and the different approaches taken to combat them by the United States and the European Union.

 Takeaways include:
 * Attack types that leverage AI as well as unique threats to AI systems
 * Defending against AI-powered attacks and protecting the integrity of AI systems
 * A comparison of the proposed EU AI Act with the White House Executive Order on AI

Cybersecurity considerations for AI: comparing U.S. and EU approaches

The recent new SEC rules around cyber-risk governance, management, and disclosure have reverberated across all echelons of American corporations.  In this webinar, three seasoned cybersecurity executives discuss the implications for today’s information security professionals, their leaders, and what can be done to address the new requirements using an integrated risk management and reporting approach that appeals to all stakeholders. Join us on February 14th at 1pm EST for this ISSA webinar, sponsored by AuditBoard, where we will explore time tested strategies for getting it right the first time.

Cyber Risk IS Business Risk

Renita will talk with us on today’s high risks for cybersecurity focus in the audit world, share insights on the tools to help us manage auditing and risk, identify current opportunities in cybersecurity and auditing, share insights on how we are innovating in audit given the current digital landscape, and present a picture of the current state of Audit.

Audit Leadership in a Cybersecurity World

The current state of cloud security is a dynamic landscape marked by rapid advancements in technology, increasing adoption of cloud services, and evolving cyber threats. This session explores the multifaceted world of cloud security, encompassing its landscape, risks, and the current job market.

Cloud security risks are diverse, ranging from data breaches and compliance challenges to Distributed Denial of Service (DDoS) attacks and vendor lock-in.

Overall, understanding the current state of cloud security is crucial for organizations and individuals seeking to navigate the complex landscape of cloud computing securely and capitalize on the burgeoning job opportunities in this dynamic field.

Current State of Cloud Security:  The Landscape, Risks and Current Job Market

What would you do if you could start from scratch? We've all been there. The Department of One. Responsible for everything from Endpoint Security, to compliance, to the locks on the office doors. In this talk through the lens of a case study, we will discuss prioritization, tooling, and which problems to tackle in house and which to farm out to vendors or service providers.

Department of One: Getting a security program off of the ground

Trust Assurance for Security Teams: A 6 Point Scorecard to Upgrade Your GRC Program

Is your security team struggling to keep up with the evolving demands and threats in today’s cyber landscape? Join us for an eye-opening session where we’ll address how to solve the pressing issues that security professionals grapple with daily.

Trust lies at the heart of all business relationships, and Trust Assurance offers a revolutionary solution to these challenges. This concept provides a consistent and adaptable framework to instill confidence in your information security and privacy controls, processes, and systems. It goes beyond conventional risk and compliance measures, ensuring transparency, predictability, and risk mitigation across diverse information security, cloud, and third-party relationships.

But the real transformation lies in the business value unlocked by Trust Assurance. It safeguards your company and board of directors from liability, reduces GRC program costs, accelerates revenue growth, and instills a company-wide culture of security and privacy.

Discover how Trust Assurance can help your security team overcome challenges, evolve into a strategic business partner, and revolutionize risk management. Join us and become a pioneer in the Trust Assurance revolution.

Trust Assurance for Security Teams : A Scorecard to Upgrade Your GRC Program

During this session we will discuss the SEC’s recently released cyber amendments and the potential impacts on cyber programs, business leaders and how organizations create transparency with their shareholders. We will also talk about key steps organizations should consider when preparing for these changes and anticipated pitfalls.

Staying Ahead of the SEC Cyber Amendments

Artificial Intelligence (AI) is everywhere, even in places we don’t expect. We will explore a few areas like content generation, surveillance, and tracking with a deep dive into how companies utilize AI by extracting personal data and impact our everyday lives. We will analyze these technologies and review some unintended consequences and privacy harms like economic loss, social stigmatization, loss of autonomy, and discrimination that can be caused without careful implementation.
We will provide recommendations and considerations regarding whether or not to integrate AI into your tech stack or engage in 3rd party service to perform the tasks for you.

Building a Responsible AI Culture

Matthew McConaughey

The news that SolarWinds was breached and used to distribute malicious code rocked the security world in December. In this session, Jake Williams founder and chair of the inaugural SANS Supply Chain Security Summit, will discuss software supply chain attacks, what they are, and how to threat model, and how to prepare for the inevitable next one.

Software supply chain attacks, what they are, and how to threat model

supply chain attacks

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Software supply chain attacks, what they are, and how to threat model

Presented by

About this talk

More from this channel