Hi [[ session.user.profile.firstName ]]

The Role of the CISO and the Digital Security Landscape

Enterprises wrestle with who is responsible and who is accountable for organizations’ digital security. Do organizations expect the CISO to be a technology wizard, business savvy or a hybrid of both?
Recorded Jun 17 2020 55 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Robert Putrus, Information Risk Officer
Presentation preview: The Role of the CISO and the Digital Security Landscape

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Novel File-level Encryption and Regulatory Compliance Dec 4 2020 3:00 pm UTC 60 mins
    Daniel H. Gallancy, CEO, Dimitri Nemirovsky, COO at Atakama
    State and federal cybersecurity regulations are expanding and becoming increasingly more onerous. Whether your company is trying to comply with California's CPA, New York's DFS cybersecurity requirements, GDPR, etc., granular file-level encryption solutions will help you get there and please your regulators in the process.
  • Privacy Certifications and what you need to know Nov 10 2020 3:00 pm UTC 60 mins
    Justin Orcutt (RMG Specialist) and Joe Meyer (Director of Privacy Services) both from NCC Group.
    For the past several years privacy has been a major area of focus for companies. Ever since GDPR came into force companies are starting to realize privacy is not joke. Privacy is not something you can easily bolt on to a product and typically requires a team to test and verify that privacy is properly in place. Certifying your privacy program can help your company demonstrate your company’s commitment to privacy but also provide a mechanism to standardize. Today there are two main certifications associated with privacy APEC CBPR and ISO22701. During this event we will answer the following questions:

    o What is APEC CBRP and ISO27701?

    o Who is in scope for these certifications?

    o What is the difference between the two?

    o Common challenges implementing?

    o What about HIPAA and all the state regulations; how do those pay into the privacy certification landscape?

    o What do these certifications mean for your third party risk management program?
  • You CAN get there from here! Nov 5 2020 5:00 pm UTC 60 mins
    Maryann Douglass, CISM, CISA, QSA, PCIP - Senior Consultant Sherri Collis, QSA, CISSP, CISA - Director, PCI Services Rosemary
    Guide women through process to align current strengths and responsibilities to Cyber security job requirements. Establish a path to reach their goal to move into a new Cyber Security position.
  • A Risk-Based Management Approach to 3rd Party Data Security, Risk and Compliance Oct 21 2020 4:00 pm UTC 60 mins
    Robert Putrus- CISM, PMP, PE, CMC, CFE
    The presentation describes process guidelines and framework for the enterprises’ board of directors and senior management teams to consider when providing oversight, examination and risk management of third-party business relationships in the areas of information technology, systems and cyber security.

    The methodology is based on examining third-party vendors against the development of a three-dimensional risk-based model. The final deliverables of the risk impacts, findings, enterprise requirements, and remediation are presented quantitatively.

    A number of professional surveys reported that significant data breaches are linked directly or indirectly to third-party access. Outsourcing certain activities to a third-party poses potential risk to the enterprise.
  • Quantifying Cyber Risk: Bits and bytes to dollars and cents Oct 13 2020 3:00 pm UTC 60 mins
    Daniel J. Stone, Senior Manager at Protiviti
    addressing this threat and how they are managing the risk of a data breach. Leveraging the Factor Analysis of Information Risk (FAIR) Methodology, organizations can simplify the concepts of cybersecurity, analyze and express risk in terms of dollars and probabilities, and provide clearly defined business cases to prioritize and treat cybersecurity risks. We will provide an overview of the FAIR methodology, as well as tips for maturing your organization’s approach to quantifying cybersecurity risk.
  • Don’t Let the Phish Get You! Sep 29 2020 1:00 pm UTC 60 mins
    Justin S. Daniels, Cybersecurity SME and Lawyer at Baker Donelson
    Phishing is the favorite attack vector as it typically leads billions of dollars of wire fraud every year. Lets take a real world scenario and learn how to protect your network from phishing. Since it only takes one phish to ruin your day, we also discuss what do to when a phish leads to a fraudulent wire.
  • What you need to know about CMMC Sep 1 2020 2:00 pm UTC 60 mins
    Justin Orcutt (RMG Specialist) and Jeff Roth (Director of Government Services) both from NCC Group.
    The Cybersecurity Maturity Model Certification (CMMC) is a new framework that requires Department of Defense (DoD) contractors to certify their security against one of five levels using an independent third party auditor. During this presentation we will cover:
    oWhat is the CMMC
    oWho has to Comply
    oWhat is the timeline for compliance
    oCommon challenges implementing compliance
    oLessons learned for the commercial market regarding supply chain risk and vendor risk management
  • Securing Open Source Software Aug 28 2020 1:00 pm UTC 60 mins
    Rebecca Finnin, Director CyberSecurity at AT&T
    This talk will outline an actionable approach to inventory and secure the use of open source software within enterprise applications.
  • Making Phishing Training Fun Aug 5 2020 3:00 pm UTC 60 mins
    Nick Santora, CISA, CISSP - CEO of Curricula
    Most employees tune out in 'death by PowerPoint' security awareness training and try to simply complete their required training as quickly as possible. That's not very helpful when you're relying on them to help protect your organization from cyber attacks. In this session, Nick Santora, CEO of Curricula, will discuss how you can make training fun, relatable, and have employees apply critical thinking to make better security decisions.
  • Practical Data Security and Privacy Jul 29 2020 3:00 pm UTC 60 mins
    Ulf Mattsson
    The data privacy landscape is changing. There is a need for privacy models in the current landscape of the increasing numbers of privacy regulations and privacy breaches. Privacy methods always use models and it is important to have a common language and privacy models when defining privacy rules. This article will discuss practical recommendations to find the right practical balance between compliance, security, privacy and operational requirements for each type of data and business use case.
  • Understanding & Achieving CMMC Compliance Jul 22 2020 4:00 pm UTC 60 mins
    Tony UV, CEO at VerSprite
    Presentation will walk thru NIST 800-171 compliance and discuss the DoD's Cybersecurity Maturity Model Certification (CMMC) audit program. Attendees will have answers to the common questions of what CMMC is, how CMMC relates to NIST 800-171 and cover the 5 compliance levels supported by the model.
  • Building a Foundation for Effective GRC in Your Organization Jul 21 2020 3:00 pm UTC 60 mins
    Antonio Newman, IT Risk & Compliance Technology Director at State Farm
    Building a Foundation for Effective Governance, Risk & Compliance in Your Organization.
  • 5G: Breakout or Break-in Technology Jul 16 2020 3:00 pm UTC 60 mins
    Sam Aiello, Principal Security Solution Architect- Verizon
    The impact of 5G technology continues to expand. Today’s cyberattacks can already evade mobile network security, and simply making legacy security run faster is not an effective strategy. Complicating the picture is that the 5G security architecture has been designed to integrate 4G equivalent security into the 5G system bringing with it its own set of vulnerabilities.
    As operators densify their networks, 5G will significantly affect both the wireless and wireline side of the network infrastructure and this evolution further expands the threat landscape by increasing the number of intrusion points.
    A more intelligent and powerful network infrastructure known as Mobile Edge Compute (MEC) is taking hold. It’s the concept of a cloud-based application or service not necessarily needing to pass through a cell tower on its way back to a cloud data center but runs entirely within the cell making local security all that more important.
  • Writing to Achieve Results Recorded: Jun 23 2020 58 mins
    William Woodington, President of Woodington Training Solutions LLC
    The attendees will learn about the Building Blocks of Writing to Achieve Results. The presentation will focus on writing from the viewpoint of the audience.
  • The Role of the CISO and the Digital Security Landscape Recorded: Jun 17 2020 55 mins
    Robert Putrus, Information Risk Officer
    Enterprises wrestle with who is responsible and who is accountable for organizations’ digital security. Do organizations expect the CISO to be a technology wizard, business savvy or a hybrid of both?
  • The Anatomy of Type 1, 2 & 3 Business Email Compromise Attacks Recorded: Jun 16 2020 62 mins
    Dominic Yip, Director of Sales Engineering at Area 1 Security
    Business Email Compromise phishing is one of the most significant cyber risks organizations face. In fact, according to Gartner, through 2023, Business Email Compromise (BEC) phishing will “continue to double each year to over $5 billion and lead to large financial losses for enterprises.”

    Get practical advice on how to automatically identify and block all categories of BEC threats, which:
    ●Look benign to email gateways, Office 365 with ATP, Gmail and DMARC;
    ●Now entail bad actors infiltrating your suppliers/vendors to communicate with (and steal data/funds) from employees over many months; and
    ●Are particularly damaging and effective at reaching employees through social engineering in the Covid-19 era
  • The Clutter That's Choking AppSec Recorded: Jun 10 2020 59 mins
    Rahul Raghavan - Co Founder and AppSec Strategist at we45
    This is a talk that focuses on the issue of managing application vulnerabilities in scale, that often times cripple even the most mature application security programs.

    Increasingly shorter agile development sprints and mandatory
    security assessments are putting pressure on product teams to deliver
    secure applications faster than ever. Further, inorganic adoption of
    security tooling sometimes creates information overload that does more
    harm than good.
  • Ransomware Best Practices Recorded: Jun 4 2020 113 mins
    Lance James, CEO Unit 221B & Mark Rasch, Chief Legal Officer 221B
    The DRMI will be conducting a Ransomware Best Practices working session on _______ at______
    This will be an educational interactive session that will delve into the intricacies of a ransomware Attack, covering such topics as:
    • What are my options if I am the victim of a Ransomware Attack?
    • Do I need Cyber Insurance?
    • What should you be aware of in a Cyber Insurance Policy that specifically covers a Ransomware Attack?
    • How do I respond to a Ransomware Attack?
    • Do I have a Ransomware “Play Book”?
    • What should a Ransomware “Play Book” consist of?
  • Make an Impact, Tell a Story… with data Recorded: May 21 2020 60 mins
    Nelson Davis, Visual Analytics leader and Founder of Analytic Vizion
    The marketplace is full of use cases for business dashboards, yet we often find them landing flat with end users that need help finding impactful insights. They need to understand the stories in the data in an impactful way that resonates and drives conviction with decision making. Bringing together the art of storytelling with the impact of data visualization, creates outcomes that are greater than the some of their parts. Together we’ll discuss the differences between dashboards and data storytelling, along with providing examples of different approaches to data storytelling, most of which leverage in the box capabilities of Tableau.
  • Winning the Compliance and Technology challenge Recorded: May 12 2020 64 mins
    Kevin Carlson, Partner, Fractional CTO | CISO at TechCXO
    I've seen companies struggle to meet compliance standards with HIPAA, PCI, GDPR, and more. Is your company approaching compliance and its impact on technology in an efficient way? Kevin will discuss the three things companies can do to deliver technology projects that meet compliance requirements more easily, on time, and on budget.
ISACA Atlanta Chapter
ISACA Atlanta Chapter

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Role of the CISO and the Digital Security Landscape
  • Live at: Jun 17 2020 4:00 pm
  • Presented by: Robert Putrus, Information Risk Officer
  • From:
Your email has been sent.
or close