Hi [[ session.user.profile.firstName ]]

Zero Trust Security: An Enterprise Guide

Zero Trust security has become a major industry trend, and yet there still is uncertainty about what it means. Register today to learn from Jerry Chapman from Optiv Security as he provides the realistic guidance and requirements your security team needs to successfully plan and execute a journey to Zero Trust while getting more value from your existing enterprise security architecture.
Recorded Jul 14 2021 58 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jerry W. Chapman, Optiv Security
Presentation preview: Zero Trust Security: An Enterprise Guide

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • CCAK Webinar Series: Modules 3 & 7 Aug 25 2021 2:00 pm UTC 60 mins
    Daniele Catteddu, Harry Lu, and John-Michael Brook
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 3: Introducing CCM and CAIQ
    - Describe the CCM and CCM domains.
    - Explain the Consensus Assessment Initiative Questionnaire (CAIQ).
    - Outline the CCM and CAIQ structure.
    - Recall the CCM relationship with other frameworks: the mapping and gap analysis.
    - Compare transition changes from CCM V3.0.1 to CCM V4.

    Learning Objectives- Module 7: CCM Auditing Guidelines
    - Describe CCM Auditing Guidelines.
    - Define the CCM Audit Scoping Guide.
    - Explain the approach used in the CCM Risk Evaluation Guide.
    - Evaluate the CCM Audit Workbook.
    - Apply the CCM Auditing Guide.
  • CCAK Webinar Series: Modules 4 & 9 Aug 18 2021 2:00 pm UTC 60 mins
    John-Michael Brook, Michael Roza and John DiMaria
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 4: A Threat Analysis Methodology for Cloud Using CCM
    - Describe threat analysis essentials.
    - Use the Top Threat Analysis Methodology to analyze attack details.
    - Document attack impacts based on the Top Threat Analysis Methodology.
    - Apply Threat Analysis Methodology for cloud using CCM.
    - Evaluate a Top Threats method use case.

    Learning Objectives- Module 9: Security Trust Assurance and Risk (STAR) Program
    - Outline the components of the STAR program.
    - Explain the security and privacy implications of STAR.
    - Describe the Open Certification Framework.
    - Recall CSA STAR attestation and certification.
    - Detail STAR continuous auditing.
  • CCAK Webinar Series: Module 2 - Cloud Compliance Program Aug 11 2021 2:00 pm UTC 60 mins
    John Guckian, Jaques Nack, Jon-Michael Brook
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 2:
    - Explain the fundamental criteria for cloud compliance programs.
    - Build and design a cloud compliance program.
    - Describe legal and regulatory requirements and standards and security frameworks.
    - Define controls and identify technical and process controls.
    - Recall CSA certification, attestation and validation.
  • CCAK Webinar Series: Module 1 - Cloud Governance Aug 4 2021 2:00 pm UTC 60 mins
    Moshe Ferber and Craig Balding
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 1:
    - Describe cloud governance concepts.
    - Explain cloud trust, transparency and assurance.
    - Identify cloud governance frameworks and requirements.
    - Discuss cloud risk management and cloud compliance considerations.
    - Distinguish between cloud governance tools and their use.
  • Zero Trust Security: An Enterprise Guide Recorded: Jul 14 2021 58 mins
    Jerry W. Chapman, Optiv Security
    Zero Trust security has become a major industry trend, and yet there still is uncertainty about what it means. Register today to learn from Jerry Chapman from Optiv Security as he provides the realistic guidance and requirements your security team needs to successfully plan and execute a journey to Zero Trust while getting more value from your existing enterprise security architecture.
  • Getting Sassy With SASE Recorded: May 20 2021 61 mins
    Mike Jordan, Founder/Principal of 23Advisory and contributing Cloud Security Alliance | Delaware Valley Board Member
    Join the CSA Delaware Valley and Triangle chapters and our panel of experts in discussing the emerging technologies and challenges around SASE (Secure Access Service Edge).


    By tuning in to this panel discussion one can expect to come away with an understanding of what SASE is, the problems it solves, and what a well thought out implementation looks like. Our panel of experts will discuss multi-cloud use cases, how to operationalize the service and the impact SASE has on digital transformation initiatives.
    Confirmed Speakers

    Panelist – Larry Bilker, EVP CIO of Pyramid Healthcare
    Panelist – Barrett Gobeyn, CISO for UnitedHealthcare
    Panelist – Richard Scott, Chief Security Architect at Optum
    Panelist – Greg Young, VP of Cybersecurity of Trend Micro

    Moderator – Mike Jordan, Founder/Principal of 23Advisory and contributing Cloud Security Alliance | Delaware Valley Board Member
  • Hyperledger Fabric 2.0 Architecture Security Controls Checklist and Report Recorded: May 13 2021 42 mins
    Urmila Nagvekar & Carlos Dominguez, Lead Authors, CSA Blockchain/DLT Working Group
    Learn about the latest releases from CSA's Blockchain and DLT Working Group titled "Hyperledger Fabric 2.0 Architecture Security Controls Checklist" and "Hyperledger Fabric 2.0 Architecture Security Report"
  • Blockchain in the Quantum Era Recorded: Apr 30 2021 12 mins
    Ashish Mehta, Co-chair for Blockchain Working Group, and Bruno Huttner, Co-chair for Quantum Safe Security Working Group
    CSA recently released a document provides an introduction to DLT/blockchain technology, some of its representative applications, and an overview of the leading post-quantum algorithm candidates that are actively being pursued. In this webinar, Ashish Mehta, Co-chair for the Blockchain/DLT Working Group, and Bruno Huttner, Co-chair for the Quantum-safe Security Working Group, talk about what to expect in the document.
  • C-Suite Success in an Age of Digital Transformation Recorded: Apr 15 2021 23 mins
    Illena Armstrong, CSA
    It’s no surprise that organizations of all sizes have embraced the cloud in some capacity, especially this last year as we all contend with a global pandemic. What may be surprising to some of CISOs and other executive stakeholders, however, have been the myriad challenges they face as they move their organizations’ journeys along in their digital transformations. For instance, not only do concerns about network security or regulatory compliance come up when embracing cloud environments, worries concerning a lack of cloud security expertise on staff, too few team members to manage the migrations of various workloads to the cloud, and integrations with current IT infrastructures also plague their embrace of often multiple cloud offerings. With the goal of better supporting the C-suite and the evolution of their cloud strategies, CSA is in the throes of establishing a C-level initiative to help address these and still other challenges. During this talk, we’ll share an initial look at the pillars underpinning this offering and just a few of the components that it ultimately may comprise.
  • Cloud Controls Compliance Assessment for Small and Mid sized XaaS Providers Recorded: Apr 15 2021 66 mins
    Ricky Arora, BP; Rolf Becker, UBS; Friedrich Rub, Raiffeisen Group; Nicolas Weibel, Swiss Re
    Many small service providers have seemingly great and good value service offerings, which are mostly cloud-based. Yet, it is often that exactly these small service providers may have limited security awareness, resulting in uncontrolled and unwanted exposure of sensitive data. The European User Group Enterprise & Cloud Data Protection, together with the Cloud Security Alliance are proposing to establish a trusted cloud controls assessment and certification service for such small service providers who may not be in a position to run through a comprehensive CSA STAR L2 or SOC2 certification but still want to be able to offer an acceptable level of assurance to their clients. The intention is to raise security standards for small cloud-based services, establish an industry-standard trusted assurance level, and reduce overall effort spent by service providers and their clients due to multiple and extensive assessments performed for the same service.
  • The CSA Enterprise Architecture Recorded: Apr 15 2021 30 mins
    Jon Michael Brook
    Overview of the CSA Enterprise Architecture.
  • Cloud Security Under the NIS Directive Recorded: Apr 15 2021 30 mins
    Marnix Dekker, ENISA
    Marnix will speak about the cloud security provisions in the NIS Directive, the work ENISA has been doing with the EU Member States on implementing these provisions, and briefly touch on other relevant policy developments like the EU cloud certification scheme and the Commission's NIS2 proposal, which aims to update the current NIS DIrective, and which brings cloud services into the category of essential services.
  • On the Road to Zero Trust Recorded: Apr 15 2021 32 mins
    Bob Flores & Juanita Koilpillai, CSA Zero Trust WG
    In this session you will learn how to navigate the various technologies and processes to transform your organisation to fundamentally change the effectiveness of security and data sharing across DoD networks.
  • What An Auditor Needs to Know About Cloud Computing Recorded: Apr 15 2021 33 mins
    Moshe Ferber, Cloud Security Expert
    As cloud computing continues to grow and mature, it becomes clear that proper governance, risk management and audit processes play vital roles in assuring cloud workloads are secure. In this presentation, we will review the foundation of cloud governance programs that every cloud professional should know: cloud policy, provider evaluation methodologies and risk management frameworks.
  • Taking Control of IoT: An Enterprise Perspective Recorded: Apr 14 2021 23 mins
    Hillary Baron, CSA
    The proliferation of Internet of Things (IoT) devices has dramatically changed the connected ecosystems in homes and enterprises over the past decade. Many enterprises have implemented these devices for the endless potential of these devices to address current business challenges and improve overall efficiency. To do this these devices collect data on everything from the mundane to highly confidential. Due to the nature of the data being collected, IoT devices are of the utmost importance to secure. However, this is a difficult task for many enterprises. This presentation will answer the questions...
  • How Do We Tell Security Truths That Might Hurt? Recorded: Apr 14 2021 29 mins
    Edward Amoroso, TAG Cyber LLC
    Eleven uncomfortable truths (inspired by an iconic classic note from Edsger Dijkstra) are shared about the current state of cybersecurity.
  • Strategia e tattica nella protezione dei container e microservizi Recorded: Mar 22 2021 59 mins
    Paolo Foti, CSA Italy; Yvette Agostini, CSA Italy; Marco Rottigni, Qualys
    I container applicativi e le architetture dei microservizi vengono utilizzate, come definito nel documento NIST SP 800-180, per progettare, sviluppare ed implementare applicazioni software che sfruttano metodologie di sviluppo agili come il DevOps.
    L’agilità e il dinamismo dei container applicativi richiedono tuttavia alcune attenzioni in tema di sicurezza, con l’obiettivo di preservare la sicurezza ed integrità dell’intero Software Development Life Cycle.
    CSA Italy presenterà alcune raccomandazioni di CSA elaborate nell’ambito del gruppo di lavoro «Application Containers and Microservices» (https://cloudsecurityalliance.org/research/working-groups/containerization/), mentre QUALYS ci farà vedere come implementare una security “built-in” nelle tre fasi del ciclo di vita di un container (build, ship, run) e supportare l’identificazione della superficie vulnerabile per difendere in modo attivo la fase di runtime.
  • How do you get into a CyberSecurity or Cloud Security Career in 2021? Recorded: Mar 18 2021 61 mins
    CSA Triangle Chapter
    How do you get into a CyberSecurity or Cloud Security Career in 2021?



    Panelists:

    Caroline Wong

    Caroline is the CSO at Cobalt.io, a Pentest as a Service (PtaaS) platform that simplifies security and compliance needs of DevOps-driven teams with workflow integrations and high-quality talent on-demand.

    Caroline is a strategic leader with strong communications skills, cybersecurity knowledge, and deep experience delivering global programs. My practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga and is also an author. Her writings have helped many in DevSecops and Security Metrics.

    Email: caroline@cobalt.io





    My-Ngoc "Menop" Nguyen

    Menop is An accomplished, highly skilled, solutions-oriented Executive with notable success in leading, growing, maturing, and sustaining businesses and is a SANS Certified instructor holding the GSLC, GSTRT, GPEN and GCIH certifications and is a SANS certified instructor. She is also CISSP certified and is the current CEO of Secured IT Solutions, a Las Vegas based security firm that specializes in Cyber Security, IT and management consulting.

    Email: myngocn@gmail.com



    Jessica Donahue

    Hays

    Principal CyberSecurity Account Manager

    Jessica Donahue is a Principal Account Manager at Hays, specializing in Cybersecurity. Located in Raleigh, NC, she is a consultant, advisor, and expert in the Triangle on Security, IT, and Tech hiring and recruiting. Jessica helps her clients with their hiring strategy and provides valuable market insight and information on salary trends. She connects her clients with highly qualified and skilled candidates who meet their hiring needs through contract, contract-to-hire and full time employment. If you are having trouble filling your Cybersecurity position, reach out to Jessica!

    Email: jessica.donahue@hays.com
  • Cloud Breach Incident Response & Forensics Recorded: Mar 16 2021 62 mins
    Mike Raggo, Cloud Security Engineer, CloudKnox Security
    Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look among the plethora of services available through Cloud Service Providers such as AWS and Azure. In this session we'll enumerate sources of forensic evidentiary data among the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more. A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real world breaches will be highlighted providing practical approaches to exposing the attacker's methods and compromise.

    Speaker: Mike Raggo, Cloud Security Engineer, CloudKnox Security

    Michael T. Raggo has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in products including Samsung, Checkpoint, and Netgear. His current research focuses on hybrid cloud security risks and threats. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
  • CCSK Training and Certification Guidelines & Introduction to the CCM Recorded: Mar 11 2021 52 mins
    Eleftherios Skoutaris, Innovation Analyst, CSA EMEA, & Ryan Bergsma, Training Director, CSA
    Join the CSA South Florida Chapter as we explore the Certificate of Cloud Security Knowledge (CCSK). The Certificate of Cloud Security Knowledge (CCSK) enables everyone the ability to utilize cloud services more securely and speak with confidence about cloud security concerns. The CCSK gives a broad overview of cloud security and affords critical insights into issues such as data security, key management and identity and access management.

    This event will introduce Cloud Controls Matrix (CCM), a cloud security controls framework specifically designed to provide fundamental security principles that guide cloud service vendors toward the most secure practices and to assist prospective cloud customers in assessing the overall security of cloud providers.
Exploring the latest research from CSA.
Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Zero Trust Security: An Enterprise Guide
  • Live at: Jul 14 2021 4:00 pm
  • Presented by: Jerry W. Chapman, Optiv Security
  • From:
Your email has been sent.
or close