Hi [[ session.user.profile.firstName ]]

Cybersecurity Compliance in 2021

Managing Cyber threats requires complete visibility to effectively make intelligent decisions about cyber threats. Cybersecurity compliance requirements are forcing Corporate Risk Managers to become more engaged with determining corporate cyber posture. With the most recent rollout of the mandatory Cybersecurity Maturity Model Certification (CMMC) for all Department of Defense (DOD) suppliers, it won’t be long before the commercial marketplace adopts a similar requirement. Increasing cyberattacks, lack of cybersecurity professionals, and mandatory cyber certifications are coming soon. These new regulatory requirements will force adoption of the NIST, ISO and GDPR frameworks. With more MSSPs and SOCs surfacing around the nations, CISOs will be re-evaluating inhouse vs outsourcing of cyber security services. Join in the discussion to learn more about these new compliance regulations and trends.
Live online May 6 5:00 pm UTC
or after on demand 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Martha V. Daniel. Founder, President and CEO Information Management Resources
Presentation preview: Cybersecurity Compliance in 2021

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Going Multicloud: Managing identities and privileges risk in AWS and Azure May 19 2021 5:00 pm UTC 60 mins
    Or Priel, VP Product Management
    Midsize and large organizations are moving rapidly to multi cloud, with 75% adopting a multi and/or hybrid cloud strategy by this year [Gartner].
    With a whopping 75% of cloud security expected to result from inadequate management of identities, access, and privileges by 2023 [Gartner], how do you protect your multi cloud infrastructure -- and organization -- from inappropriate access and privileges risk? The challenge is compounded by different approaches to managing permissions and privileges from one public cloud to the next.
    Join Ermetic’s Or Priel, VP Product Management, for insight into how AWS and Azure handle identities, permissions and resources and how to manage identities and privileges risk in both environments. We will cover:
    - Azure’s RBAC vs AWS’s IAM roles and policies
    - Strategies for enforcing least privilege
    - Governing access and protecting sensitive resources
    - Using automation and analytics to mitigate risks across clouds
  • Secure Multi-Party Computations May 18 2021 5:00 pm UTC 60 mins
    Dan Bogdanov
    Secure multi-party computation is a cryptographic technology for running a computation on the confidential inputs of two or more parties so that nobody learns the inputs of others. To simplify, it is a kind of a distributed computer that can process data without seeing it. This has applications in protecting sensitive data such as cryptographic keys, personal data or business secrets. The benefit of the technology is greatest when multiple organisation wish to collaborate, but find themselves unable to share the data.

    MPC Alliance (https://www.mpcalliance.org) is an industry union of companies building key management solutions, virtual HSMs, privacy-preserving statistics, ML and AI systems for finance, healthcare and public sector. In the talk, we'll talk of the technology, its applications in security and privacy, with example use cases.
  • How to ensure security at the most transparent company in the world May 12 2021 5:00 pm UTC 60 mins
    Wayne Haber, director of engineering at GitLab
    GitLab is the most transparent company in the world due to having an open-source product combined with a company handbook that is fully public. This talk will cover our processes for maintaining our security stance while operating with the highest possible public transparency.
  • Cybersecurity Compliance in 2021 May 6 2021 5:00 pm UTC 60 mins
    Martha V. Daniel. Founder, President and CEO Information Management Resources
    Managing Cyber threats requires complete visibility to effectively make intelligent decisions about cyber threats. Cybersecurity compliance requirements are forcing Corporate Risk Managers to become more engaged with determining corporate cyber posture. With the most recent rollout of the mandatory Cybersecurity Maturity Model Certification (CMMC) for all Department of Defense (DOD) suppliers, it won’t be long before the commercial marketplace adopts a similar requirement. Increasing cyberattacks, lack of cybersecurity professionals, and mandatory cyber certifications are coming soon. These new regulatory requirements will force adoption of the NIST, ISO and GDPR frameworks. With more MSSPs and SOCs surfacing around the nations, CISOs will be re-evaluating inhouse vs outsourcing of cyber security services. Join in the discussion to learn more about these new compliance regulations and trends.
  • The Cost of Cloud Compromise and Shadow IT May 5 2021 5:00 pm UTC 60 mins
    Larry Ponemon, Ponemon Institute and Itir Clarke, Proofpoint
    With the increased use of SaaS applications, cloud account takeover and Shadow IT present an increasing security risk to organizations. As the network perimeter is replaced by a user-defined security perimeter, it becomes critical to evaluate access controls, threat detection and data security in the cloud. So how can you better protect your company?

    Join us for this special webinar with experts from Proofpoint and Ponemon Institute. They will discuss the findings of the newly conducted research among IT and security professionals to determine the risk and cost of cloud account takeovers and Shadow IT.
    In this session, we’ll cover:
    • The state of cloud usage in organizations
    • Security risks and practices to secure the cloud
    • Cloud compromises and the end user risk
    • The cost of compromised cloud accounts
  • Life of a CISO May 4 2021 4:00 pm UTC 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • Standardize and Automate Security Compliance in Public Sector Agencies Apr 21 2021 5:00 pm UTC 60 mins
    Sameer Kamani. Senior DevOps Solutions Architect, Public Sector
    Federal agencies are improving their cybersecurity posture to some degree, particularly as they develop better basic cyber hygiene and modernize their legacy systems. At the same time, hackers are getting better at finding new ways to attack and access federal IT. Yet certain pain points remain, particularly around managing compliance and achieving Authority to Operate (ATO) while implementing the Risk Management Framework (RMF) principles.
    This session will discuss current challenges faced in dealing with emerging threats, securing a more remote workforce and sharing strategies for staying ahead of adversaries.
    • Building efficiencies in your existing Risk Management Framework

    • Automating the implementation of security control to achieve a continuous Authority to Operate process
    • Hearing how your peers are implementing new ways to expedite compliance and audit lifecycles
  • Taking Responsibility for Someone Else's Code Apr 20 2021 5:00 pm UTC 60 mins
    Serge Egelman
    Taking Responsibility for Someone Else's Code: Studying the Privacy Behaviors of Mobile Apps at Scale

    Modern software development has embraced the concept of "code reuse," which is the practice of relying on third-party code to avoid "reinventing the wheel" (and rightly so). While this practice saves developers time and effort, it also creates liabilities: the resulting app may behave in ways that the app developer does not anticipate. This can cause very serious issues for privacy compliance: while an app developer did not write all of the code in their app, they are nonetheless responsible for it. In this talk, I will present research that my group has conducted to automatically examine the privacy behaviors of mobile apps vis-à-vis their compliance with privacy regulations. Using analysis tools that we developed and commercialized (as AppCensus, Inc.), we have performed dynamic analysis on hundreds of thousands of the most popular Android apps to examine what data they access, with whom they share it, and how these practices comport with various privacy regulations, app privacy policies, and platform policies. We find that while potential violations abound, many of the issues appear to be due to the (mis)use of third-party SDKs. I will provide an account of the most common types of violations that we observe and how app developers can better identify these issues prior to releasing their apps.
  • How to build in flexibility to create a more effective security strategy Apr 14 2021 5:00 pm UTC 60 mins
    Ray Espinoza
    If the past year has taught us anything, it's that what we put on paper doesn't always pan out. Cybersecurity professionals know that a security strategy can quickly turn into projects with many twists, turns, roadblocks and surprises. We’ve invited two seasoned CISOs to get their take on how to navigate the challenges of making things happen in the day-to-day of this fast-paced industry, and how to build in flexibility for the unknown surprises along the way. Expect answers to questions like:

    - Can you plan an effective security strategy for the unknown?
    - What parts of planning do you have to get right to reduce issues during execution?
    - What tips have served you well in your career to stay on top of disruptions?
    - How do you keep your team motivated when blockers just keep coming?
  • Digitally Evolving Credit Unions: A Business Case for Evolving Member Experience Apr 14 2021 5:00 pm UTC 45 mins
    Elizabeth Kaspern, SVP at TruMark Financial Credit Union, Jay Levin, CRO at Relay Network & Karen Diamond, pureIntegration
    Today’s credit union members expect a consistent, personalized experience—no matter how or where they interact with you: in person, by telephone, through a smartphone application, or on your website. Join us to hear from industry leaders who will break down what it really means to evolve the member experience, how to plan your member’s digital journey, and how small changes make a big difference.
  • Life of a CISO Apr 13 2021 4:00 pm UTC 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • How modern cyber threat intelligence can enrich system security risk measurement Recorded: Apr 7 2021 59 mins
    Christopher Strand, Chief Compliance Officer at IntSights.
    Threat Intelligence is normally used to enrich the process of security assessment, providing proof on the enforcement of security controls required to be secure and compliant. As threat intelligence technology evolves, it has become more valuable and instrumental to security audit, providing needed context to the process of gap analysis, data collection, threat identification, and prioritization. During this session we will explore examples based on real world data where contextual threat intelligence can be applied directly to data security, compliance, and regulatory requirements in order to prioritize and accelerate the assessment process, obtain measure of business risk or liability, and reduce threats targeting the business.

    During the presentation, you will learn the following:
    • What Cyber Threat Intelligence (CTI) is and why is it important for cybersecurity
    • How to use CTI to prioritize system security gaps and enhance security posture.
    • How to examine your Digital Footprint in order to help predict targeted threat patterns.
    • Understanding of how to use CTI findings to accelerating risk assessment.
  • Leadership in Technology, Security and For-Profit Boards Recorded: Apr 1 2021 61 mins
    Julie Cullivan
    Julie will share what it takes to lead as CTO of a large organization supporting sales and technology in a fast moving world, and her advice for other women looking at different aspects of technology careers. Julie will also give insights on board and advisory roles with technology organizations in for-profit companies, the advantages of these roles, and what it takes to find such opportunities, and to meet the obligations of taking on these roles.
  • Digitally Evolving Credit Unions: A Business Case for Automation Recorded: Mar 25 2021 28 mins
    Ashwin Krishnamurthi, Large credit union and Karen Diamond, pureIntegration
    Credit unions that seek digital solutions to improve overall operating efficiency and member satisfaction will hear how a large credit union successfully implemented process automation to achieve significant business goals. We will discuss the lessons learned, as well as best and worst decisions made along the way. Join Ashwin Krishnamurthi, a Process and Automation Expert at a large credit union and Karen Diamond, VP of Enterprise Accounts at pureIntegration for this fascinating discussion.
  • Hot topics to watch in privacy and security this year Recorded: Mar 17 2021 61 mins
    Margot Romary, Dennis Dayman and Arlo Gilbert
    Some of the most significant biggest impacts to the privacy and security landscape came in 2020. It can be challenging to track all of the changes and understand their potential effects on our businesses and personal lives. As the U.S. considers passing a federal privacy law, many states are pushing forward with their own, and there’s legislative movement in many countries as well. In this session, privacy and security experts Arlo Gilbert, Dennis Dayman and Margot Romary will have a conversation on things you need to know. Hear about: What’s causing the latest U.S. states’ to push fast on privacy bills? How might the Solar Winds hack impact the future of the software-as-a-service supply chain, and how Covid-19 impacts employee privacy issues. Plus: understand how to interpret the buzz that third-party cookies are … well, dead. Are they?!
  • ISO 27701 versus NIST Privacy Framework Recorded: Mar 16 2021 59 mins
    Scott Giordan, Spirion
    Two new standards were adopted around a year ago. In August of 2019, ISO published 27701 an extension to 27001 requirements and guidelines for privacy information management. In January of 2020, NIST published the Privacy Framework, a mirror of the Cybersecurity Framework, adopted five years prior. How are these two standards alike and how do they differ? Which is best for your organization? Learn more from two experts in the area.
  • Zero Trust & Data Protection Recorded: Mar 10 2021 60 mins
    Ashish Malpan, Senior Director of Solutions Marketing, Forcepoint
    As with businesses today, cybersecurity isn’t a static concept and to be effective it must continue to evolve with technological advances -- be it in mobility, digital transformation, Zero Trust, or the growing sophistication of attackers and their ability to steal what’s most valuable to the organization -- intellectual property.
    The traditional product-centric security paradigm is contributing to the near record number of infrastructure compromises and data breaches. Today’s distributed work environment requires modern cybersecurity that is proactive, risk-adaptive and delivered through a converged platform approach that understands users and data no matter where they are. Join us to learn more on moving your company left of breach utilizing an approach to security designed for today’s sophisticated threat landscape that provides a seamless path to grow your security capabilities when and where you need them.
    Attendees will learn…
    • How understanding human behavior underpins modern cybersecurity strategies to finally move left of compromise
    • Operational benefits driven through the power of proactive and adaptive security capabilities
    • Future-proofing your investment and the value proposition in a SASE converged security platform approach that removes operational complexities and lowers TCO
  • Life of a CISO Recorded: Mar 5 2021 64 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • Cyber Security Job Market Today and Going Forward Recorded: Mar 4 2021 60 mins
    Kris Rides, CEO, Tiro Security and Kim Jones, Intuit Director of Security Operations
    Join us for a 2-person panel on job market for pay, skills, and the certifications in demand and those that are not. We will discuss how hot the security market really is and when people say they have a lot of openings they can't fill, what does that really mean. Overall, what does this look like today and going forward in the industry? Hear from our experts on how organizations and individuals should prepare.
  • The Steak and the Sizzle: Threat Intel, SecOps, and Cyber Fundamentals Recorded: Mar 3 2021 58 mins
    Brandon Hoffman, Head of Security Strategy & CISO
    Threat intelligence has always been a hot topic and remains to be so. Understanding how your organization can benefit from threat intelligence is the first step. The second step would be how to dissect the world of threat intelligence and build real requirements that can provide value. Once you set requirements for intelligence and obtain access to threat intelligence, it needs to be applied in an operational manner. Where it belongs in security operations and how it can impact the processes and tools in place can make a world of difference. Coming full circle, threat intelligence being a hot topic has people focused on other hot topics in security. Many of these new technologies and approaches are interesting and can provide value, but in many cases, fundamentals are left behind. Taking a risk-based approach and focusing efforts on the building block of a comprehensive cyber program often gets overshadowed by the allure of trendy and new solutions. Telling the difference between the steak and sizzle can mean a make or break for the security posture of your organization.
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cybersecurity Compliance in 2021
  • Live at: May 6 2021 5:00 pm
  • Presented by: Martha V. Daniel. Founder, President and CEO Information Management Resources
  • From:
Your email has been sent.
or close