Name: Attacker Economics and How to Beat the Adversary at Their Own Game
Start: 2022-03-09T18:00:00Z
End: 2022-03-09T18:01:00.000Z
Location: BrightTALK
Rating: 4.9

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Due to the popularity and benefits of the cloud, many organizations are moving to the cloud without a well-thought-out strategy, which increases the organization's risk profile. The primary goal of this presentation is to provide attendees with a roadmap for evaluating their Cloud Service Providers and making their organizations more secure. Additionally, we will discuss the impact of security and privacy in the cloud, which auditors should consider.

Assessing Your Cloud Service Providers:Impact of Security & Privacy in the Cloud

The reliance of development teams on open-source components is undeniable. It helps organizations get their software solutions to market sooner and free their engineers to focus on building intellectual property instead of “plumbing”.
Open-source projects are also an attack vector when bad actors compromise the open-source by injecting malware or developers unknowingly include releases with exploitable vulnerabilities.
Join Dave Roche, Director of Software Trust at DigiCert, as he shares the 5 best habits for securing your software supply chain from vulnerable or malicious open-source code. Gain valuable insights into: 
• Novel software supply chain attacks
• Getting visibility of the components in your software
• Spotting and prioritizing vulnerabilities
• Taming code signing without hampering innovation

Open-Source Webinar | 5 Habits to Avoid Security Flaws in Open-Source Software

Copilot for Microsoft 365 can drive productivity (and GenAI adoption), but left unchecked, increases security risk that can lead to data leaks, breaches, and toxic content. Security teams responsible for Copilot need to mitigate risk, enforce controls, and safeguard sensitive data. Join BigID & ISSA for a deep dive into how to reduce risk and secure your data for Microsoft
Copilot.

We’ll cover:
● How to ensure Copilot and AI model training data is safe for use
● Best practices for AI risk mitigation
● Critical capabilities for responsible MSFT Copilot adoption
● And more

Risks & Controls for Microsoft Copilot

ISSA International will soon hold elections for our new Board of Directors and invite you to meet the candidates.

Meet the ISSA International Board Candidates Webinar

With more than a dozen privacy laws in effect or coming into effect, digital advertising is increasingly becoming a regulated industry. While proper notice, fulfillment of opt-out rights, and post-transaction consumer requests (e.g., deletion) have dominated the enforcement and compliance landscape, attention is increasingly being paid to one of the fundamental changes in state privacy laws – their inclusion of requirements around vendor diligence and accountability. 

What does this mean for SSPs, DSPS, and the rest of the digital advertising ecosystem? We will examine how personal data traverses the digital advertising ecosystem, why the privacy diligence and accountability requirements under state privacy laws are paramount in light of those data flows,  changes in business practices needed to achieve compliance, and how technology solutions will need to evolve to meet these requirements.

Privacy Compliance and the Importance of Due Diligence: Redefining Privacy

Platform consolidation — the strategic integration of multiple tools and infrastructure into a single, cohesive platform — is a strategic priority for security and IT leaders, driven by increasing tech stack complexity and budgetary pressure. 
 
Unfortunately, platform consolidation projects often struggle to meet expectations due to gaps between what platforms can do and what it should do. As a result, IT and Security team productivity slows even further, and business initiatives attempting to connect and secure the organization’s technology stack fall short.  
 
IDC analyst and guest speaker Ghassan Abdo has helped dozens of organizations navigate these situations. In this webinar, he’ll discuss: 
• 3-5 common roadblocks in platform consolidation efforts
• Real-world examples of organizations that overcame those challenges
• Actionable strategies you can bring into your own organization

Common roadblocks when simplifying your IT stack

It’s all about the data.  Whether it's Data Subject Request or a Data Breach; the amount of effort, cost and impact on a company's reputation depend on the quantity and the type of personal data involved.  The more personal data, the larger the consequences.  This presentation is a practical approach to privacy and data protection that includes strategies to help you stay compliant with the evolving privacy regulations.  No legalese or technical jargon, just a talk about applicability.

Data Privacy Framework Program

In our presentation, we'll compare the European Union's GDPR with Caribbean data privacy laws, highlighting how both aim to protect personal data but differ in scope, compliance, and enforcement. We'll discuss the unique challenges Caribbean businesses face in meeting GDPR standards, due to different regulatory environments and penalties. The focus will be on how these differences present opportunities for the Caribbean to strengthen its data privacy frameworks, fostering trust and enabling international partnerships in a data-centric world.

Similarities and differences between GDPR and Data Privacy in the Caribbean

As with any piece of enterprise software, choosing and buying a PAM solution is a fraction of the battle. Many installations fail or never get rolled out fully due to deployment complications and competing priorities.
In this webinar, we will discuss common pitfalls, where implementations typically fail, and what you can do to make sure you are fully prepared to deploy and roll out PAM successfully in your organization.
Join this session to:
• Understand why many PAM rollouts fail
• Explore best practices around deployment
• Put a plan for success together
• Learn about new methodologies that can facilitate success

Navigating the Pitfalls of Privileged Access Management Deployment

Is the company talent management process helping your career advancements? How do we combat the assumptions about demographics and life choices; disparity starting from the first landing spot; women leave to start families; women don't aspire to upper management? The purpose of this webinar is to share some personal experiences in applying project management principles to a technical career planning and what you can do to track your own progress over time. Skills in cybersecurity is only the first step, technical proficiency, problem solving capabilities, knowledge in domain and context outside security and privacy as well as other soft skills are just as important for any technology focused career plans for women.

Women in Tech: Delusion or Progress and What you can do about it

We’ll look at current AI technology, legal and ethical issues, why human-machine trust is necessary, and why it’s not easy.

“Trust me – I’m an AI”: Why explainable AI is important

In the dynamic landscape of SaaS, the role of security transcends its traditional defensive function, becoming a powerful differentiator. In this talk, we delve deep into the paradigm shift where security is not just a safeguard but a strategic catalyst. 

Leading with security is more than a buzzword; it's a revenue-driving force. We will explore how proactive security measures can elevate SaaS organizations, foster customer trust, and be pivotal for both internal and external stakeholders - from auditors to customers, from GTM functions to board-level validation.

 You'll learn how this approach allows SaaS companies to not only detect and mitigate risks effectively - but also adapt swiftly to the ever-evolving threat landscape. 

Join us as we explore the transformative power of security in the SaaS industry and discover how it can be harnessed as a formidable force for growth, customer trust, and security by design.

Security By Design: Building Trust through Product Security

It’s all about the data.  Whether it's Data Subject Request or a Data Breach the amount of effort, cost and impact on a company's reputation depend on the quantity and the type of personal data involved.  The more personal data, the larger the consequences.  This presentation is a practical approach to privacy and data protection that includes strategies to help you stay compliant with the evolving privacy regulations.  No legalese or technical jargon, just a talk about applicability.

50 shades of data

In 1911, the first International Women’s Day was celebrated in Austria, Denmark, Switzerland and Germany.  But only in 1977, did the United Nations adopt March 8th for global celebration and advocacy of women’s rights and equality around the world.  We have made headway in the cybersecurity C-Suite level, but more inroads are required, to build out the middle.  We will review ways to accelerate that success and continue to build on accomplishments that matter.  We will share insights on the heavy hitters that will positively impact our individual careers going forward, actions that will help us achieve growth for women in the field overall, and those that can help us bridge the globe.

Celebrating International Women’s Day and the Successes in Cybersecurity

Third-Party Risk Management programs are in constant motion. They are a delicate balance between keeping up with new threats, navigating the evolving regulatory landscape, introducing new technologies and always trying to do more with less. Today, a static program is a failing program. What’s your plan to incrementally improve your processes over time? Join ProcessUnity for a discussion on how forward-thinking TPRM teams are incorporating new relationships, technologies and techniques to mature their risk-reduction capabilities.
Attend this session for trends, tips and techniques to help you:
• Build a strong partnership between procurement and information security to maximize both internal and external risk reduction
• Connect your internal controls to those of your vendors for a true assessment of your organization’s preparedness
• Leverage expert content, enterprise data and industry subject-matter expertise to reduce workloads, streamline assessments and confirm results are acceptable
• Employ artificial risk intelligence to significantly reduce the most time-intensive assessment activities

Beyond the Questionnaire: Tips to Modernize Your TPRM Program

In the last twenty years, privileged access management (PAM) has gone through many evolutions to keep pace with the ever-changing cyberthreat landscape. Still, a vital risk remains front and center: Privileged accounts are crucial for the day-to-day work of admins, but they are usually needed for only short periods of time — the rest of the day, they can be compromised by attackers and misused by insiders.

Old-school PAM solutions reduce this risk only to some extent, while being costly and time-consuming to deploy. But it doesn’t have to be this way! In this session, we’ll explore a modern, easy-to-adopt approach that deals with this core problem head-on.
Join this session to learn how you can:
- Leverage privilege orchestration to remove known attack surfaces when at rest
- Dynamically delegate access according to use case without impeding admin efficiency
- Quickly adopt modern PAM tools to centrally control and audit access

Security Renaissance: Why it's time to break with old-school PAM solutions

A recent report on cybersecurity and generative AI made an extraordinary claim: 75% of the information security professionals surveyed witnessed an increase in cyber-related attacks over the prior 12 months, and 85% attributed that increase to attackers using AI. If this is true, it represents a sea change in the cyber threat landscape and raises some critical questions about how we respond to it. In this presentation, we will review examples of AI-enabled threat vectors, evolving attacks on AI systems, and the different approaches taken to combat them by the United States and the European Union.

 Takeaways include:
 * Attack types that leverage AI as well as unique threats to AI systems
 * Defending against AI-powered attacks and protecting the integrity of AI systems
 * A comparison of the proposed EU AI Act with the White House Executive Order on AI

Cybersecurity considerations for AI: comparing U.S. and EU approaches

The recent new SEC rules around cyber-risk governance, management, and disclosure have reverberated across all echelons of American corporations.  In this webinar, three seasoned cybersecurity executives discuss the implications for today’s information security professionals, their leaders, and what can be done to address the new requirements using an integrated risk management and reporting approach that appeals to all stakeholders. Join us on February 14th at 1pm EST for this ISSA webinar, sponsored by AuditBoard, where we will explore time tested strategies for getting it right the first time.

Cyber Risk IS Business Risk

Last year saw the growth of ransomware trends — from supply chain attacks, double extortion, and ransomware-as-a-service (RaaS), organizations were seemingly under constant attack. The escalation of these types of attacks were predominantly driven by the cost-benefit of limited attacker investment, in both time and resources, versus the significant financial opportunity.  Furthermore, these attackers are becoming more innovative, automated, and sophisticated in their attacks, reducing their costs even further. 
How CISOs prepare and respond to these types of attacks can flip this cost-dynamic, making it more expensive and less lucrative for the attackers, and reducing damage for the CISO’s organization. 
In this session, Derek Krein, SafeBreach Security Services Director, will discuss:
• The motivations and return-on-investment of cyber attacks
• How CISOs may be inadvertently 'opening the door' to an attack
• How CISOs can level the playing field or flip the cost dynamic against an attacker
• How CISOs should respond when they have been attacked via ransomware and infiltrated

Attacker Economics and How to Beat the Adversary at Their Own Game

Cyber Attacks

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Attacker Economics and How to Beat the Adversary at Their Own Game

Presented by

About this talk

More from this channel