Name: The Continuous Audit Metrics Catalog
Start: 2021-10-20T12:30:00Z
End: 2021-10-20T12:30:30.000Z
Location: BrightTALK
Rating: 0

Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

The transition to cloud computing has diminished the effectiveness of traditional network security perimeters, rendering identity as the final line of defense against attackers. While enterprises have allocated substantial budgets to identity programs and have made significant progress in safeguarding human identities through the enforcement of multi-factor authentication (MFA) and centralization of control via single sign-on (SSO), the broader attack surface presented by non-human identities remains unaddressed. In this presentation, we will delve into the security of non-human identities, exploring the various methods attackers can employ to exploit them in order to breach cloud-based organizations. We will also discuss effective strategies to efficiently mitigate these risks.

Breaking the Identity Perimeter: An Attacker’s Perspective

Artificial Intelligence (AI) has moved beyond hype and unrealistic expectations. Organizations are increasingly embracing AI yet its adoption is both promising and perilous. To harness its potential while mitigating risks, organizations must cultivate a forward-looking AI risk management strategy. 


In this session, experts from Coalfire, AWS, and CSA will provide practical guidance and best practices to navigate the complexities of responsible AI adoption. From identifying potential risks to implementing safeguards, we’ll discuss how to ensure businesses can embrace AI innovation securely and safely.

Key topics discussed will include:
• The evolution of risk management to address the unique risks AI poses.
• How to develop and implement a program for mitigating risks specific to AI.
• Practical strategies for integrating AI into your existing risk management program.

De-risking AI: Risk Management Essentials

While threat actors are pivoting to target cloud environments and cloud breaches on the rise, the trends and potential lessons to learn are still difficult to find and decipher. This session is dedicated to bringing some clarity to the nature of external cloud threats, and the most pressing people, process and technology challenges internally for organisations as they face cloud security posture and cloud detection & response. 

Join Chris Hosking, SentinelOne's Cloud Security Evangelist, and John Yeoh, Cloud Security Alliance's Global VP of Research, for a real-world examination of recent cloud breaches and an open discussion of the lessons that can be learned, as well as where cloud security priorities should be set.

Challenges From Within and Without: Trends in Cloud Attack & Defense

The age of AI is shining a light on the most vulnerable identities within organizations. At the top of this list: developers. They're one of the most valuable assets for digital enterprises. Attackers know this. Initial access to a developer's credentials, an organization's repository, or secrets management leaves your company exposed. In this webinar, join CyberArk to discuss the changing cloud landscape and how it's created new circumstances and attack methods for developers--and what to do to about it. 

You'll learn:
• Different methods of risk reduction to equip your security team to protect your organization
• How to maintain velocity of deployments without sacrificing security with zero standing privileges
• The T.E.A. on securing your cloud estate.

Securing Developers By Closing Credential Security Gaps

In the ever-evolving landscape of digital transformation, organizations are facing unprecedented challenges in securing and scaling their cryptographic infrastructure. The need for crypto agility has never been more critical as companies grapple with risks posed by advanced technologies such as AI, emerging threats like Post Quantum Cryptography (PQC), and the complex web of compliance mandates, management hurdles, and technology transformations.

Join this discussion to gain actionable strategies as we create a blueprint to:
• Reducing IT resource burdens and costs through centralized certificate management
• Preventing costly business outages and addressing potential security vulnerabilities
• Building private and public trust while eliminating human error

Don't miss this opportunity to learn best practices and elevate your organization's cryptographic resilience. Be part of the conversation that prepares for a quantum-safe future and shapes the future of secure digital landscapes.

Unleashing Crypto-agility: A Blueprint for Post-Quantum Cryptography

Conventional defense mechanisms often fall short with adversaries employing advanced AI methodologies to target cloud assets. This session delves into the use of cutting-edge AI strategies to counter these evolving threats, offering insights into how AI helps defend against sophisticated attacks.

Fighting Fire with Fire - Leveraging AI in Cybersecurity

In an era where cyber threats are increasingly sophisticated and pervasive, how can resource strapped teams stay ahead? 

This webinar explores how GenAI can support cybersecurity teams by enabling rapid security investigations, anomaly detection, and faster insight generation. Tim Chase, Field CISO at Lacework, will break down how you can leverage GenAI to: 
• Augment your security team: Address the cybersecurity skills shortage through rapid onboarding and learning curve flattening for security professionals.
• Detect anomalies: Identify outliers and anomalous behavior in cloud data, a crucial aspect in modern cybersecurity.
• Accelerate insight discovery: Use GenAI to sift through extensive data and enhance operational efficiency.
• Maintain data security and privacy: A crucial cautionary note on the importance of handling sensitive data with care when deploying GenAI tools.

5 Ways Cybersecurity Leaders can leverage GenAI

Over the past year, the proliferation of AI technologies has introduced new challenges and risks for CISOs to contend with. From creating new ways for data to be accessed to reshaping the threat landscape with deepfakes and automated malware, AI has added more complexity and more pressure to existing security programs.

But it’s not all doom and gloom. AI also presents transformational opportunities for CISOs to drive operational efficiencies and deepen trust with customers.

In this conversation, Jadee Hanson, Chief Information Security Officer at Vanta, and Daniele Catteddu, Chief Technology Officer from the Cloud Security Alliance will discuss how security leaders should be engaging with the rest of the organization to support this transformation and do so with the right security and privacy practices in mind. In this conversation, they will cover:
• Top risks when leveraging AI and how to mitigate these risks
• Vendor landscape changes and the expansion of AI in the solutions we use
• Practical ways to identify and address the expansion of AI use within your organizations

How CISOs can Leverage AI: A Fireside Conversation with Vanta and CSA

In cybersecurity it is important to understand all aspects of best practices and controls: what risks and threats are they solving, what regulations and standards are prescribing them, how to apply them, and how to test for them. Currently, this information is scattered across many different standards and publications in a complex and ever-changing security, legal, and regulatory landscape. OpenCRE solves this problem by connecting standards at the level of common requirements. One of the connected standards is CSA's Cloud Control Matrix. In this webinar you'll learn how to use OpenCRE as a gateway to all the available knowledge around your security controls.

OpenCRE: Simplifying Cybersecurity Standards

That’s a wrap! Join Illena Armstrong as she  closes out the busy day with some final thoughts and insights on how to turn the knowledge gained throughout the conference into actionable items to take back to the office.

CSA Research Summit 2023: Final Thoughts

Join us for an informative webinar as we delve into the recent release of the Cloud Control Matrix (CCM) version 4.0 by the Cloud Security Alliance (CSA) and its mapping to the latest iteration of the Payment Card Industry Data Security Standard (PCI DSS) version 4.0. In this session, we will explore the intricacies of these essential industry standards and how their alignment can enhance security and compliance within the cloud environment. 

Our expert panelists will discuss the key changes and updates in both the CCM 4.0 and PCI DSS 4.0 standards, highlighting their significance in today's evolving cybersecurity landscape. Through practical insights and real-world examples, attendees will gain a deep understanding of the intersection between cloud security best practices and payment card data protection.

Whether you are a cloud service provider, a PCI DSS-compliant organization, or a security professional seeking to bolster your knowledge, this webinar offers a valuable opportunity to stay current with industry trends and best practices. Don't miss the chance to explore the synergy between CCM 4.0 and PCI DSS 4.0 and how it can drive your organization's security posture to new heights.

Mapping the Cloud Control Matrix (CCM) 4.0 to PCI DSS 4.0

Confidential computing presents new methods to secure processes as they run, which in turn can isolate code and data from attack, insider threat and exposure to service providers and unauthorized oversight. This is ideal to address complex new problems facing enterprises today spanning intimate collaboration over sensitive code and data even between untrusted entities, and generative AI, which presents completely new challenges where rights management, privacy, and control are essential for success and to avoid common issues such as model poisoning, data leakage, model compromise, and theft.

This session dives into these challenges and illustrate the essential need to protect running code and data, particularly with emerging LLM technology. The session will include demonstrations and use cases covering financial services and healthcare where protecting models, data, and code with a confidential computing-based zero-trust architecture can help organizations meet the pressure of cloud and AI technology with a much-reduced risk profile.

Confidential Computing for AI Risk Mitigation in Cloud Deployments

HSMs and Key Management in the Cloud – Securing your Keys and Safeguarding your Data

HSMs and Key Management in the Cloud

There are many Cybersecurity and Privacy Frameworks to guide in governing IT-based business solutions, but do they address the unique risks and mitigation strategies required for DLT-based solutions? This presentation by the CSA DLT Security and Privacy Governance Team will share some insights into:
What is important when matching risk appetite to DLT solution options?
What are the inherent design risks that are unique to DLT and DLT solutions ?
Demo of an Inherent Risk Profiling Tool and Risk Mitigation Methodology for a sample Trade Finance Use Case
CSA DLT Security and Privacy Governance Team has taken the approach to build on existing frameworks rather than to try and duplicate their work, so our focus will continue to be on the unique characteristics of DLT solutions

DLT Security and Privacy Framework

It’s no surprise that LLM’s and AI are gradually being introduced into every product that we have been using over the course of the last few years. But what is the impact on identity? From being able to swiftly build powershell code to help enable organizational security groups, to creating automation and techniques from learning parameters, language models seem to have an endless curation of impacting security teams and technology they once knew. This panel aims to guide listeners from the current state of IAM, AI’s role in IAM currently, and how enhancements over time may help, or challenge the roles of security practitioners.

IAM in the Age of AI: Implications for Cloud

This panel discussion introduces one of CSA’s newest research initiatives,  Implementing Privacy by Design and Default (PbDD) within DevSecOps. Researchers discuss current findings, including their approach to successfully selling privacy internally. Using Design Thinking (DT) and Human-Centered Design (HCD) based methodologies, researchers discuss how they were able to identify what really matters to stakeholders—as well as key drivers that propelled the PbDD project under study forward.

Situated non-exclusively within the DevSecOps Six Pillars framework, the current research provides additional considerations to existing processes. Of note is the use of real-world Scenario-Based Design (or modeling) to further clarify the problem and solution spaces of implementation contexts, activating essential organizational dynamics where solution-based innovations may emerge.

The scenario? A global company diagnosing infectious diseases using a downloadable AI-assisted Software as a Medical Device (SaMD) with an opportunity—an exclusive government partnership and blank check. The feasibility challenge? Compliance with all global data protection and privacy regulations.

Escalating Privacy’s Privilege: Using Design Thinking to Identify What Matters

This session will provide an overview of the main provisions and novelties introduced by the proposed Artificial Intelligence Act (AI Act) and its relationship with the General Data Protection Regulation (GDPR). In particular, this session will provide an overview of the AI Act's overall structure and the field it aims to regulate. The session will also flag some possible overlaps (and potential tensions) with the GDPR and some situations where compliance with the AI Act may facilitate compliance with the GDPR (and vice versa). During this session, some thoughts will also be shared about the impact that this upcoming AI Act may have on Cloud Service Providers (CSPs) and, in particular, on the extent to which the provisions of the AI Act may capture CSPs (and under what conditions) their activities.

Understanding the AI Act and its Relationship with GDPR:

The panel will discuss the current state of Zero Trust planning, implementation and industry references for public and private sector organizations in the US and internationally. Initial CSA research focused on the Software Defined Perimeter (SDP), which has been subsumed into the broader Zero Trust strategy and conversation. Recent changes of note in the US include an updated CISA Maturity Model and new DoD ZT Strategy and Roadmap. Impactful environmental factors include the increases in ransomware attacks and escalating threats to critical infrastructure and operational technology.

Reviewing the Current State of Zero Trust

Cloud providers can take full advantage of continuous auditing once standards and best practices for automated assurance tooling exist. We have translated a subset of CCMv4 controls into quantitative characteristics of the cloud service in the form of ISO/IEC 19086 SLOs. The proposed practices for these metrics highlight interconnections between domains and demonstrates how even a small number of metrics can provide assurance for a large number of security objectives. This approach enables organizations to review and measure practices for effectiveness and supports automated certification and evaluation goals such as are found in CMMC Level4 and EU-SEC requirements.

The Continuous Audit Metrics Catalog

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Continuous Audit Metrics Catalog

Presented by

About this talk

More from this channel