Hi [[ session.user.profile.firstName ]]

Quantifying Cyber Risk: Bits and bytes to dollars and cents

addressing this threat and how they are managing the risk of a data breach. Leveraging the Factor Analysis of Information Risk (FAIR) Methodology, organizations can simplify the concepts of cybersecurity, analyze and express risk in terms of dollars and probabilities, and provide clearly defined business cases to prioritize and treat cybersecurity risks. We will provide an overview of the FAIR methodology, as well as tips for maturing your organization’s approach to quantifying cybersecurity risk.
Recorded Oct 13 2020 64 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Daniel J. Stone, Senior Manager at Protiviti
Presentation preview: Quantifying Cyber Risk: Bits and bytes to dollars and cents

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Novel File-level Encryption and Regulatory Compliance Dec 4 2020 3:00 pm UTC 60 mins
    Daniel H. Gallancy, CEO, Dimitri Nemirovsky, COO at Atakama
    State and federal cybersecurity regulations are expanding and becoming increasingly more onerous. Whether your company is trying to comply with California's CPA, New York's DFS cybersecurity requirements, GDPR, etc., granular file-level encryption solutions will help you get there and please your regulators in the process.
  • The new CPRE (sometimes called CCPA V 2.0) Nov 17 2020 4:00 pm UTC 60 mins
    Michael Lester, Chief Security Office at Magenic
    CPRE (California Privacy Rights and Enforcement Act) is on the ballot for November 2020 in California and will be more strict than CCPA (California Consumer Protection Act) and more akin to GDPR (General Data Protection Regulation). The discussion with focus on what is means for individuals and companies.
  • Privacy Certifications and what you need to know Nov 10 2020 3:00 pm UTC 60 mins
    Justin Orcutt (RMG Specialist) and Joe Meyer (Director of Privacy Services) both from NCC Group.
    For the past several years privacy has been a major area of focus for companies. Ever since GDPR came into force companies are starting to realize privacy is not joke. Privacy is not something you can easily bolt on to a product and typically requires a team to test and verify that privacy is properly in place. Certifying your privacy program can help your company demonstrate your company’s commitment to privacy but also provide a mechanism to standardize. Today there are two main certifications associated with privacy APEC CBPR and ISO22701. During this event we will answer the following questions:

    o What is APEC CBRP and ISO27701?

    o Who is in scope for these certifications?

    o What is the difference between the two?

    o Common challenges implementing?

    o What about HIPAA and all the state regulations; how do those pay into the privacy certification landscape?

    o What do these certifications mean for your third party risk management program?
  • You CAN get there from here! Nov 5 2020 5:00 pm UTC 60 mins
    Maryann Douglass, CISM, CISA, QSA, PCIP - Senior Consultant Sherri Collis, QSA, CISSP, CISA - Director, PCI Services Rosemary
    Guide women through process to align current strengths and responsibilities to Cyber security job requirements. Establish a path to reach their goal to move into a new Cyber Security position.
  • Identity - The key to securing data in the public cloud Oct 27 2020 8:00 pm UTC 45 mins
    Daniel Martin, Principal Security Consultant, vCISO, Veristor Systems Inc.
    Securing the public cloud can feel like a dark gray storm off the horizon; however, aligning a cloud identity solution can be your first glimpse into the silver lining. Join us as we talk about the new perimeter of cloud security and how your Identity and Access Model can securely extend your reach into the cloud while simplifying the user’s login experience.

    Executing a digital transformation strategy results in a continuous outcome to have more sensitive data transitioning into our cloud environments and applications. The data security perimeter has changed, making perimeter firewalls less effective and insufficient for protecting data at scale in environments where the data can reside virtually anywhere. This has led to the importance of tracking user identities across multiple applications and environments to build a true story of what correlated actions a user may be taking throughout the enterprise. As a result, we must transition to an identity and access ecosystem that enriches contextual environmental, biological, and technological information to create a seamless user authentication and authorization process - no matter where the data or application resides.

    This session will illustrate the building blocks for leveraging a strong foundational directory service that will extend across your corporate and newly extended home offices while utilizing automation to increase user satisfaction and a reduction in support hours spent dealing with passwords and access requests.
  • Security Policy Automation Oct 27 2020 7:00 pm UTC 45 mins
    Rebecca Finnin, Director of CyberSecurity, AT&T
    In the past, determining security requirements relevant to a particular project or technology was not a simple or speedy task, and required reading though dry policy documentation or engaging a subject matter expert. Now, DevOps teams must contend with new architectural components - like containers - which add new security requirements. Additionally, complex support models in cloud environments - like IaaS vs. SaaS - shift the responsibility for traditional security requirements onto new parties. This challenge lead AT&T to develop a new service which provides a report of only relevant security requirements to a project team, after they answer a few simple questions in an online, self-service format.

    This talk will introduce this new service and demonstrate how it is saving DevOps teams time while simultaneously helping them ensure they have addressed all relevant security requirements.
  • Scaling Risk Evaluations: Turn internal teams into sources of efficiency Oct 27 2020 6:00 pm UTC 45 mins
    Jason Rohlf, Vice President Solutions, Onspring
    Learn how to scale risk evaluations across an enterprise to measure effectiveness within all parts of your organization without adding headcount and burdensome efforts.

    Learning Objectives:
    - How to find the right assurance approach for your organization
    - Measurements to assess effectiveness in your risk management model
    - Considerations on how to plan for the unknowns of the future
  • Is Ransomware Winning? Oct 27 2020 5:00 pm UTC 45 mins
    Chris Goettl, Director of Product Management – Security and Phil Richards, Chief Information Security Officer, Ivanti
    Ransomware is a prevalent cybersecurity threat. Threat actors are constantly changing tactics looking for new ways to force ransom payments. With each new emerging ransomware threat family, the size and scope of threats are getting nastier too. This has led to incredible increases in the average ransoms paid over the past eighteen months.

    In this session, we will look at recent ransomware trends, the critical changes to threat actor behaviors, and discuss the strategies and technologies organizations need to defend themselves against this evolving threat.
  • Expert Panel: Building Operational Resiliency Oct 27 2020 4:00 pm UTC 45 mins
    Moderated by Patrick Potter, Risk Strategist, RSA
    ISACA members such as IT Auditors, Compliance, and Risk teams are in a unique position to help their organizations find opportunities to mature from reactive recovery to build operational resiliency across the business units and IT.

    These teams should be thinking about IT disaster recovery transitioning to a continuous availability focus, especially in cloud environments; how IT auditors are changing to focus on operational resiliency topics and capabilities in their audits; and how the IT organization needs to think differently to play their part in building operational resiliency across the company.

    Attend this panel discussion of highly experienced individuals who can lend insight into this timely and relevant topic of Operational Resiliency.
  • Pseudonymization Vs. Anonymization Oct 27 2020 3:00 pm UTC 45 mins
    Clyde Williamson, Product Manager, Protegrity
    Pseudonymization and anonymization offer varying levels of privacy, and shouldn’t be used interchangeably. But what is the difference? This session will demystify these terms with practical use cases.

    The practice of data security has historically focused on ensuring that only authorized people have access to sensitive data and systems. What unintended consequences may result when giving access to sensitive data? Generally, this focuses on what is known as direct identifiers, such as an individual’s name, street address, government identification, credit card number, phone number, or email. These identifiers allow someone to quickly and directly identify the individual.

    To meet privacy standards and secure even the most sensitive personal identifiers, many businesses are turning to techniques such as pseudonymization and anonymization. However, these two distinct terms are often confused in the data security world. Pseudonymization and anonymization offer varying levels of privacy preservation, and should not be used interchangeably.

    This session will present the best practices for pseudonymization and anonymization services, with a framework for when each technique should be used – both nationally, as well as for trans-border communication. Audience members will be presented with use cases for pseudonymization and anonymization for the protection of specific types of PII, such as personal health information. The talk will also provide guidance for how practitioners can extract new information out of an anonymous or pseudonymous database through re-identification, with a policy framework for the operation of these services.
  • The Secret Recipe to a Remarkable Security Awareness Program Oct 27 2020 2:00 pm UTC 45 mins
    Nick Santora, CISA, CISSP, CEO, Curricula
    Everyone knows they have to be doing something for security awareness training, but can you be doing something better? When it comes to cyber security training, studies have shown that employee engagement is essential to help prevent the next attack or data breach.

    In this session, learn firsthand from Nick Santora, CISA, CISSP, about how your organization can do something remarkable with your security awareness training program — a winning recipe that your employees will love.
  • Ransomware Round Up: How Threat Intelligence Helps Oct 27 2020 1:00 pm UTC 45 mins
    Kacey Clark, Threat Researcher, Digital Shadows
    Ransomware operators are consistently seeking new ways to monetize the data they have encrypted and have emboldened their demands to tens of millions of dollars. These developments highlight the continuous evolution of the ransomware threat landscape.

    When it comes to ransomware, it seems that a new variant or method is always lurking around the next corner. Ransomware operators are consistently seeking new ways to monetize the data they have encrypted and have emboldened their demands to tens of millions of dollars. These developments highlight the continuous evolution of the ransomware threat landscape.

    In this session, Digital Shadows will analyze and expand on reported ransomware attacks and delve into how security teams can strengthen their operations. During this presentation, we will cover:
    - An overview of the pay-or-get breached ransomware model
    - Popularized methods used by heavy-hitting ransomware operators
    - Vulnerabilities and attack methods related to ransomware attacks
    - Defense strategies your organization can implement to deter ransomware attacks
  • Welcome to Digiville: Managing Risk in a Digital World Oct 27 2020 12:00 pm UTC 45 mins
    Steve Schlarman, Lead Portfolio Strategist, RSA
    Trying to manage risk as your company faces a case of massive digital urban sprawl? Welcome to Digiville - where data comes to feel safe. Getting around this massive metropolis is easy with the Digital Risk Management Transit Authority.

    This session will provide an interesting way for you to think about your own Digiville and how to approach risk management in an integrated strategy.
  • A Risk-Based Management Approach to 3rd Party Data Security, Risk and Compliance Recorded: Oct 21 2020 61 mins
    Robert Putrus- CISM, PMP, PE, CMC, CFE
    The presentation describes process guidelines and framework for the enterprises’ board of directors and senior management teams to consider when providing oversight, examination and risk management of third-party business relationships in the areas of information technology, systems and cyber security.

    The methodology is based on examining third-party vendors against the development of a three-dimensional risk-based model. The final deliverables of the risk impacts, findings, enterprise requirements, and remediation are presented quantitatively.

    A number of professional surveys reported that significant data breaches are linked directly or indirectly to third-party access. Outsourcing certain activities to a third-party poses potential risk to the enterprise.
  • Quantifying Cyber Risk: Bits and bytes to dollars and cents Recorded: Oct 13 2020 64 mins
    Daniel J. Stone, Senior Manager at Protiviti
    addressing this threat and how they are managing the risk of a data breach. Leveraging the Factor Analysis of Information Risk (FAIR) Methodology, organizations can simplify the concepts of cybersecurity, analyze and express risk in terms of dollars and probabilities, and provide clearly defined business cases to prioritize and treat cybersecurity risks. We will provide an overview of the FAIR methodology, as well as tips for maturing your organization’s approach to quantifying cybersecurity risk.
  • Cloud Breach Incident Response & Forensics Recorded: Oct 7 2020 61 mins
    Mike Raggo, Cloud Security Engineer at CloudKnox Security
    Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look among the plethora of services available through Cloud Service Providers such as AWS and Azure. In this session we'll enumerate sources of forensic evidentiary data among the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more. A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real world breaches will be highlighted providing practical approaches to exposing the attacker's methods and compromise.
  • M&A and Cybersecurity: The Intersection of Risk and Opportunity Recorded: Sep 29 2020 62 mins
    Justin S. Daniels, Cybersecurity SME and Lawyer at Baker Donelson
    Phishing is the favorite attack vector as it typically leads billions of dollars of wire fraud every year. Lets take a real world scenario and learn how to protect your network from phishing. Since it only takes one phish to ruin your day, we also discuss what do to when a phish leads to a fraudulent wire.
  • Voluntary Compliance: Change Management in InfoSec Recorded: Sep 23 2020 59 mins
    Jonathan McCoy, Organizational Strategist
    Information Security is critical and employees know that, yet the #1 security threat to companies is people. How do we help employees close the Knowing / Doing gap? Mandates only get companies so far and traditional change management isn’t much help. This discussion will share proven strategies backed in neuroscience that help get people aligned, engaged and moving towards new directions.
  • Critical Steps to Build Operational Resilience Recorded: Sep 15 2020 63 mins
    Patrick Potter, Risk Strategist at RSA
    Abstract:
    Cyberattacks have been the number one risk on almost every organization’s agenda – and these attacks are becoming more pervasive, sophisticated and creative. The global health crisis has brought on new disruptions with people, public and private infrastructure, economies and third parties. Combatting these risks requires more than security measures. Responding to them requires more than incident response. Recovering from them requires more than business and IT recovery plans. Dealing proactively and effectively with today’s disruptions demands an approach that combines security and resiliency, business and IT, incident and crisis response, risk and third-party management – it requires Operational Resilience.

    Attend this session to learn:
    1. What the digital transformation is and how it is impacting the operational resilience of organizations
    2. The risks and challenges of building operational resilience
    3. What resilient organizations can do to deal effectively with disruptions, and not only survive – but thrive

    All attendees will receive a copy of the new RSA white paper, Key Principles in Building Operational Resiliency.
  • What you need to know about CMMC Recorded: Sep 1 2020 62 mins
    Justin Orcutt (RMG Specialist) and Jeff Roth (Director of Government Services) both from NCC Group.
    The Cybersecurity Maturity Model Certification (CMMC) is a new framework that requires Department of Defense (DoD) contractors to certify their security against one of five levels using an independent third party auditor. During this presentation we will cover:
    oWhat is the CMMC
    oWho has to Comply
    oWhat is the timeline for compliance
    oCommon challenges implementing compliance
    oLessons learned for the commercial market regarding supply chain risk and vendor risk management
Creating meaning engagements for out membership
Welcome to the ISACA Atlanta Chapter web site. The aim of our Chapter is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help further promote and elevate the visibility of the IT audit, risk, control and security professions throughout the local area.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Quantifying Cyber Risk: Bits and bytes to dollars and cents
  • Live at: Oct 13 2020 3:00 pm
  • Presented by: Daniel J. Stone, Senior Manager at Protiviti
  • From:
Your email has been sent.
or close