Name: Best Practices for Effective Third-Party Management
Start: 2022-12-16T16:00:00Z
End: 2022-12-16T16:44:35.000Z
Location: BrightTALK
Rating: 4.8

Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

In this round table we will discuss topics including

• Relevant cloud certifications and courseware
• Experiences with the effect of cloud training on business performance
• How to integrate education into company policies, e.g., compliance training. 
• CSA sources for relevant specific knowledge
• How to get traction on cloud education.

Education for Cloud Security and DevSecOps

Whether they are Cloud Service Provider partners or internal staff, how do you empower the professionals responsible for protecting your cloud services to make better informed decisions? What is your strategy for keeping your teams and the operations current with zero-day threats? 

Moderated by CSA Board member and BlackRock CISO, Stephen Scharf, senior leaders from Robinhood (Caleb Sima, CSO), and National Australian Bank (CSO Sandro Bucchicheri) will discuss approaches to supporting the knowledge of cloud professionals to remain current with advancements in technology and strategy to managing to emerging risks.

People, Cloud and the Learning Curve

Today, thousands of services are available to pay a bank loan, accept a credit card payment, confirm a deposit, exchange cryptocurrency and countless other activities with your financial data from a SaaS solution. But how do you demonstrate your third-party is secure and adhering to the same regulatory obligations you attest to? This webinar will discuss common oversights when managing third-party relationships for financial services as well as recommendations and best practices for how to use the Shared Security Responsibility Model to improve understanding and transparency for all organizations involved.

The Quickly Evolving Landscape and Need for Third-party Assurance

Financial institutions face many major challenges across all IT services as their cloud journey progresses. Cyber security governance, risk management, compliance, third-party vendor management, and assurance and accountability are just a few that scratch the surface. An essential component to solving these challenges is a standardized and mature security control framework.

 

CSA’s Cloud Control Matrix (CCM) has been adopted by several financial institutions and is recognized and appreciated by regulators. In 2022, CSA established a partnership with the Cyber Risk Institute (CRI), that lead to the creation of the “Cloud Profile,” an extension of the CCM and of the CRI Profile. The goal of this collaboration is to support financial institutions in navigating the complexity of cloud security compliance and assurance. CSA is also working alongside organizations such as the European Cloud User Council, the European and UK Cloud Pooled Audits groups, and IBM Financial Services, to further extend the CCM, the Financial Service Addendum, and ultimately improve its relevance for Financial Institutions and their Regulators. 

 

This session will provide an overview of:

The Cloud Control Matrix
The Cloud Profile: what it is, key stakeholders involved, goal and objectives
The CCM Financial Service Addendum

The CRI-CSA Cloud Profile Has Arrived!

Use of scalable cloud services has and can saved Financial Service Indisury (FSI) organizations billions of dollars collectively in efficiencies and cost savings. How do organizations know they’re getting the most out their cloud services? How do cloud customers implement and operate their instances securely by default and by design? How to users gain confidence in the security of your workloads through both assurance reports and various technical means? Do you know how you will engage with your CSP if you or they have or suspect a security incident? This session will discuss recommendations for financial service organizations to work most effectively with their cloud providers and lessons learned in growing migration to more cloud services.

Leverage Cloud Service Providers Effectively to Scale Cloud Usage Securely

In this presentation you will learn what embedded payments is and how it relates to you. Embedded payments increase your PCI scope as well as your PII responsibilities. You will leave this presentation understanding the difference between fraud controls, ensuring the data is correct on the way in, and data security, not letting data be stolen in the first place. Are you in scope for PCI or out of scope? There is a lot we can do to protect data.

Protecting the Next Generation of Payments in the Cloud

Third-party cloud service providers are a critical component of the payments landscape. They are required to protect the confidentiality and integrity of the information and clearly demonstrate adherence to regulatory expectations to their customers. This panel discussion will explore how the PCI security standards help organizations and cloud service providers mitigate risks and secure payments in the cloud.

Protecting Payment Data in the Cloud

In order to scale your business using new and innovative technologies, harnessing cloud infrastructure is pretty much inevitable. As your organization finds themselves moving to the cloud faster than ever, maintaining security and compliance at the speed of development is often overlooked in the process.



Securing applications, the underlying infrastructure and the data, all while meeting compliance and governance requirements, in the cloud is a major undertaking. This requires organizational-wide collaboration, updated policies and processes, and the implementation of new, cloud-focused security solutions.



Join us in this session as we discuss:

Key challenges faced on your cloud journey, and how to overcome them
The importance of posture, risk, and vulnerability management in the cloud
Embracing the use of micro-services to achieve security objectives
How to enable partnership between development and security teams in order to secure applications

Navigating Cloud Security

With the accelerated journey to the cloud, companies often find themselves with hybrid and multi-cloud architectures, which amplify their information security risks. In this session we will discuss some of the biggest security threats and the criticality of applying consistent security policies and controls across your entire organization as well as securing the application journey.

Cloud Security Trends

Join Troy Leach, Chief Strategy Officer with CSA, and Craig Balding, Director for Resilient Security, as they unveil and discuss the results from CSA's State of Financial Institutions survey. 

Conducted in late 2022, the survey analyzes the level of adoption of cloud solutions and requirements from financial institutions’ perspectives. The goal was to better understand the current state of cloud computing in the financial sector and identify opportunities to create guidance on protecting financial data and related assets within secure cloud services.

CSA Initial Survey Results and Report on Financial Services

Financial services is moving quickly to embrace more critical infrastructure residing in cloud architecture. By 2027, an anticipated majority of all financial assets will likely be operated by cloud services. Protecting financial data in cloud can be complex, with the ability to misconfigure but it also has opportunities to hyperscale security efforts and improve response to threats. Chief Information Security Officers from financial services will discuss their vision for the future of securing financial data and assets in cloud architecture as well as what is required in the future to continue to build trust and assurance.

CISO Perspective

As financial services institutions strive to meet the need for instant gratification demanded by today’s digital-first customers, they also need to stay ahead of everchanging regulations and growing cyberthreats. Howard will share his perspective on how banks can find this balance as they modernize, while reducing 3rd and 4th party risk. This session will highlight the need for banks to innovate at the pace of change, with security and compliance at the forefront.

Navigating the Financial Services Digital Paradox

The cloud Shared Security Responsibility Model (SSRM) is inherent to the use of cloud services. It is critical for cloud service customers (CSCs) to be competent and up to date on how they and their cloud service providers (CSPs) share the responsibility for securing their cloud footprint. CSA’s Cloud Controls Matrix (CCM) and framework of underlying components help cloud organizations, CSPs and CSCs, delineate their controls ownership and implementation responsibility by conveying how a CSP is responsible for managing the security of public-cloud, while the CSC is responsible for securing what is in the cloud. In this presentation, we aim to demystify the most important cloud security construct, the SSRM, while leveraging the controls and toolsets provided by CCM v4.

Implementing the Shared Security Responsibility Model Using CCM/CAIQ V4

Operational resiliency continue to be a key area of focus for organizations, especially in the financial services sector, accentuated by recently published operational resiliency and outsourcing regulations. Given firms are cohabiting on the same CSPs, financial sector impacts can be multiplied if there is a disruption or incident. This session will focus on how financial institutions and CSPs can look to partner together to advance operational resiliency through cloud adoption.

Resilient Together: CSPs and FSIs Partnering to Strengthen the Financial Sector

Pooled audits are helpful for both the Cloud Service Provider (CSP) and the Cloud Service User as they reduce the costs to any one outsourcing institution and help avoid duplication with third-party audits by establishing a scope and methodology agreed upon by the outsourcing institutions and the cloud service provider.

Pooled audits ensure that a consistent method is used to assess the provider’s data and system protection practices as well as the processes and internal control systems of the CSP to adequately support the mitigation of the participants’ risks.

By agreeing on a scope and methodology for audits, as well as a compensation structure that reflects the collective audit effort, participating companies can pool their auditing resources to help reduce costs and avoid unnecessary duplication on an individual level as well.

Join us as we have a fireside chat with our panel of experts from members of Commerzbank AG who take part in the Collaborative Cloud Audit Group (CCAG) conducting pooled audits on Cloud Service Providers. The CCAG provides an umbrella over the common cloud relevant topics in need of auditing based on the CSA Cloud Control Matrix.

Topics to be covered:
·     Usage of the shared responsibility model in context of pooled audits
·     Regulatory framework on pooled audits
·     Benefits of pooled audits

Pooled audits – A cost-effective way of auditing Third-Party Risk

The National Institute of Standards and Technology will discuss the update to the NIST Cybersecurity Framework to keep pace with the evolving cybersecurity risks, standards, and technology landscape, including changes associated with the development and use of cloud computing.

Evaluating and Improving the NIST Cybersecurity Framework

Cyber criminals don't need to place malware on your system to get in. The vast majority of malware proliferates through online social engineering schemes that manipulate unsuspecting users to open the door wide for hackers. So, how do we stay vigilant in securing FSI infrastructure? Join Mastercard’s Deputy Chief Security Officer, Alissa ‘Dr. Jay’ Abdullah, for a discussion on her unique insights and experience.

Best Practices in Securing FSI Infrastructure

Cloud Service Providers (CSPs) are often the first line of defense regarding new technology. CSPs support various financial services companies, including banks, insurance firms, asset managers, and investment funds. The role of a CSP is to provide the tools and infrastructure required to support these organizations' operations, whether it be a data center, disaster recovery site or any other IT requirements.

Our panel of CSP representatives will discuss how cloud providers support the financial services industry and what the industry needs from the cloud, and how using STAR as due diligence facilitates implementing good security posture for high-risk sectors.

This is an excellent opportunity for anyone who works in the financial services industry or wants to learn more about what it means for their business moving forward!

CSP Perspective Working with Financial Services

Billions of financial transactions are routed digitally all over the world each day, requiring many third-party service providers to protect not only the confidentiality and integrity of the information but also be able to clearly demonstrate to their cloud customers adherence to regulatory expectations.

This session will explore the Top 5 risks for third-party cloud services and recommend risk-management best practices for successfully protecting financial data.

Best Practices for Effective Third-Party Management

Risk Management

Risk Assessment

Financial Markets

Cloud

Cloud Security

Cyber Security

Compliance

Cloud Compliance

Fintech

Fintech Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Best Practices for Effective Third-Party Management

Presented by

About this talk

More from this channel