Beware the Botnets: Botnets as an Indicator of Breach Likelihood
A 2015 PwC survey found that 96% of CEO’s in the US have indicated rising concern about data breaches - and rightly so. With the record-breaking breaches of 2014 barely behind us, organizations want to take steps to avoid becoming the next victim and are looking for signs that can indicate troubling performance. BitSight Technologies may have found one such indicator. Using their Security Ratings data, recent research shows a solid correlation between a company’s botnet grade and their likelihood of experiencing a publicly disclosed breach, demonstrating that Security Ratings are a powerful metric for communicating cyber risk across the enterprise.
Join BitSight CTO and Cofounder Stephen Boyer to discuss this research and to learn why continuous security performance monitoring should be an essential part of your enterprise risk management strategy.
Attendees will learn:
-What is the correlation between botnet grades and publicly disclosed breaches
-Why botnet grades vary across key industries and what the top infections are by sector
-How Security Ratings are generated and the impact botnets and other risk vectors have on these security performance metrics
RecordedApr 28 201536 mins
Your place is confirmed, we'll send you email reminders
On May 25 the long-awaited General Data Protection Regulation (GDPR) will go into effect across Europe. GDPR is the biggest overhaul of data protection laws in more than two decades. How prepared is your organization for GDPR?
Join this interactive panel of experts as they discuss:
- What is GDPR?
- Why should you be GDPR-compliant?
- How to achieve compliance?
- Steps your organization should take today to prepare for GDPR
- Other GDPR considerations
The General Data Protection Regulation (GDPR), a key legislation covering privacy rights, data security, data control, and governance, is going into effect in May 2018. As organizations are scrambling to achieve GDPR compliance before the May 25th deadline, some are still not clear on the exact GDPR requirements.
Join this panel of experts as they discuss:
- The regulatory landscape in 2018
- What GDPR means for you and your organization
- GDPR requirements around data collection and governance, exposure and breach disclosure, identity and privacy
- Evaluating your cyber risk
- Last minute changes your organization needs to make
- Failure to comply & fines
- Recommendations for achieving compliance and other regulation on the horizon.
Dr. Branden Williams, with Timothy Yim, Imperva; Barbara Cosgrove, Workday; Sue Habas, ASG; and Naheed Bleecker, TrustArc.
The new EU General Data Protection Regulation (GDPR) rule looms and will take affect in May 2018, but only a third of companies are on track to be compliant by the due date. GDPR is the most significant change in data privacy regulation in more than 20 years. It represents an extraordinary shift in the way businesses will be expected to operate when they gather, process, maintain, and protect customer data. Any organization that retains information of EU citizens must be in compliance or face huge fines of up to 4% of worldwide turnover.
In this webinar series you will hear from industry experts facing the same challenges you face and find out how they're meeting and surpassing critical implementation check points, and you will learn what actions other organisations are taking preparation for data protection – not only for GDPR, but for long-term data protection.
Ben Rothke (Nettitude) | David Mundhenk (Herjavec Group) | Jeff Hall (Optiv)
One of the big priorities for companies in 2018 is to achieve compliance. GDPR is going into effect in May, but even before that new new PCI DSS 3.2 requirements are set to become operational in February. According to the PCI SSC, these requirements were previously considered to be 'best practices' until January 31, 2018, after which compliance with them becomes mandatory. Although this is not connected to GDPR, companies that implement this standard will be some way to becoming GDPR compliant, at least as far as payments are concerned. E.g. In PCI DSS 3.2., multi-factor authentication (MFA) becomes mandatory, offering retailers and other companies a way of protecting customer personal details.
Join the PCI Dream Team as they discuss:
- What are the new PCI DSS 3.2 requirements?
- Who needs to be PCI DSS 3.2 compliant?
- What is the impact on data protection and cyber security?
- David Mundhenk, Senior Security Consultant at Herjavec Group
- Jeff Hall, Principal Security Consultant at Optiv Security
- Ben Rothke, Principal Security Consultant at Nettitude Group
Todd will walk you through the 5 digital asset security risks someone should have warned him about. You will enjoy the stories, see the key learnings, and know what you need to do as you are likely headed down this path.
With examples in the media, at least on a weekly basis, where realities of risks to Revenue, Brand, Customer and Competitive are all too real. Join the leading expert in Digital Asset Security and Performance Engineering, ensuring you will know where to focus first; enabling you to mitigate some of the higher profile risks, which you and your team may not be aware of yet.
You will hear about:
•Domain Management and Strategy
•Online Brand Protection
•DNS Services and Analytics
•Social Media Username Registration and Management
It’s no secret that IT compliance management requirements are on an upward spiral. From growing and ever-changing external regulatory policies to tightening internal requirements, getting a complete view across the infrastructure is a major challenge, let alone proving it’s in a compliant state. Micro Focus Data Center Automation addresses these obstacles, providing a single solution for internal and regulatory compliance across heterogeneous servers, database, and middleware.
Join us to see:
Product in action including the new simplified portal for compliance use cases
New risk and security dashboards that give you ultimate visibility into the state of compliance across the entire data center
A well-designed Information Governance roadmap with appropriate milestones and metrics can drive a successful program forward. Join this webcast to learn more about:
• Key elements for launching an Information Governance Program
• How to incorporate these elements to meet your organization’s specific needs
• Creating a team to help you launch your program
Moderated by Colin Whittaker; Yo Delmar, MetricStream; Jason Ford, Contegix; and Cameron Jackson, Riskonnect
Attendees can earn 1 CPE credit on this session.
Digitization has become deeply embedded in enterprise strategy, as nearly all businesses and activities have been slated for digital transformations. The significant advantages of digitization, with respect to customer experience, revenue, and cost, have become increasingly compelling, and we are starting to see digital transformations in risk create real business value by improving efficiency and the quality of risk decisions.
The state of risk management at most global, multiregional, and regional banks is abundant with opportunity. Current processes are resource intensive and insufficiently effective, as indicated by average annual fines above $400 million for compliance risk activities alone. By improving the efficiency and effectiveness of current risk-management approaches, digital risk initiatives can reduce operating costs for risk activities by up to 30 percent, and a digitized risk function can provide better monitoring and control and more effective regulatory compliance. On this webinar our panel of experts will discuss digital innovations for risk management success.
Rebecca Herold, The Privacy Professor; M P. Suby, Frost & Sullivan; Deral Heiland, Rapid7; Bharath Vasudevan, ForcePoint
Attendees can earn 1 CPE credit on this session.
As the number of internet-connected devices skyrockets into the billions, a data security strategy is an increasingly important part of any organization’s ability to manage and protect critical information. Enterprises are migrating to the cloud in droves, however, protecting data in the cloud remains a challenge as employees push to access cloud apps from any device, anywhere. In the last year alone, 1 in 3 organizations were hacked more than 5 times, and with the increased number of attacks the financial cost of security incidents is also rising.
In many cases, breaches are caused by a combination of benevolent insiders, targeted attacks, and malicious insiders. For example, targeted attacks are often enabled inadvertently by well-meaning insiders who fail to comply with data or security policies, which can lead to a data breach. In this webinar, our panel will discuss major trends impacting cyber security – from the rising frequency of attacks and types of threats that organizations should be concerned about the most, and they will adress the risks, priorities, and capabilities that are top of mind for enterprises as they migrate to the cloud.
Dr. Branden Williams; Farshad Ghazi, HPE; Yo Delmar, MetricStream; Jordan Rogers, Rapid7; and Billy Sokol, MarkLogic
Over 90% of the world’s data has been generated in the last few years. Accompanying this rapid growth in data comes exponential risks, as witnessed by the spike in cyber attacks of which no organization seems immune. The financial rewards gained by the perpetuators of cyber attacks is blatant, and this is driving continued attacks on companies containing massive amounts of consumer data. For these companies securing data is only half the battle. The risks can be greater when data is transmitted externally, hence it is critical that organizations know where sensitive data is going, how it is being transmitted, and how it is being handled and stored.
On this webinar our panel of experts will discuss some of the best practices organizations can consider to reduce the risk of suffering from a data breach, and to proactively prepare for any subsequent breach that could happen.
Fraud detection is a classic adversarial analytics challenge: As soon as an automated system successfully learns to stop one scheme, fraudsters move on to attack another way. Each scheme requires looking for different signals (i.e. features) to catch; is relatively rare (one in millions for finance or e-commerce); and may take months to investigate a single case (in healthcare or tax, for example) – making quality training data scarce.
This talk will cover a code walk-through, the key lessons learned while building such real-world software systems over the past few years. We'll look for fraud signals in public email datasets, using IPython and popular open-source libraries (scikit-learn, statsmodel, nltk, etc.) for data science and Apache Spark as the compute engine for scalable parallel processing.
David will iteratively build a machine-learned hybrid model – combining features from different data sources and algorithmic approaches, to catch diverse aspects of suspect behavior:
- Natural language processing: finding keywords in relevant context within unstructured text
- Statistical NLP: sentiment analysis via supervised machine learning
- Time series analysis: understanding daily/weekly cycles and changes in habitual behavior
- Graph analysis: finding actions outside the usual or expected network of people
- Heuristic rules: finding suspect actions based on past schemes or external datasets
- Topic modeling: highlighting use of keywords outside an expected context
- Anomaly detection: Fully unsupervised ranking of unusual behavior
Apache Spark is used to run these models at scale – in batch mode for model training and with Spark Streaming for production use. We’ll discuss the data model, computation, and feedback workflows, as well as some tools and libraries built on top of the open-source components to enable faster experimentation, optimization, and productization of the models.
Learn how the EU General Data Protection Regulations affect US based companies.
Join CyberDefenses and Privacy Ref's Bob Siegel to review how the GDPR directly impacts US based corporations. These far-reaching regulations impact any company that stores or transmits identifying information of any individual within the EU.
In this webinar, you will be introduced to the basic elements of the GDPR and you will discuss the requirements that require action for US focused companies.
About Bob Siegel:
President and founder of Privacy Ref, Inc., Bob Siegel, started the company in 2012. After his time as Senior Manager of Worldwide Privacy and Compliance at Staples, Inc., Bob applied his experience and expertise to assisting companies implement and maintain strong privacy programs. Bob has worked with many different organizations, dealing with programs of all sizes and regulatory needs.
Always seeking to improve his own understanding of all things privacy, Bob has earned certifications from the International Association of Privacy Professionals. These include certifications in US private and public sector, European, and Canadian privacy laws. Bob has also earned certifications in Information Technology Privacy and Privacy Program Management. Bob Siegel has also been recognized as a Fellow of Information Privacy by the IAPP for his outstanding dedication to the privacy community. He has also served on the IAPP's Certification Advisory Board for the CIPM program and the IAPP's Publication Advisory Board. Bob also serves on the IAPP’s teaching faculty leading classes in the areas in which he is certified.
CyberDefenses is a premiere cyber security services organization, providing advanced security services to the commercial and federal sectors. CyberDefenses Academy provides advanced training the IT, security and privacy professionals that wish to be at the top of their field.
Today’s IT risk environment is more threatened than ever thanks to the growth in sophisticated cyber attacks and security vulnerabilities. Now, complex, hard-to-detect attacks could bring down not just a single institution but also large parts of the internet and the financial markets. Organizations need an intelligent approach when it comes to assessing IT risk and managing compliance.
Staying safe is no longer just about deflecting attackers. It’s about staying ahead of attackers who are already inside the organization, and banks are doing this through structured lines of defense that enhance security capabilities, involve IT risk managers in operations, and expand internal audits mandate so they can cover business disruption. On this webinar presentation we will address some ways how organizations can as a part of an Integrated Risk Management initiative orchestrate effective IT risk management across the lines of defense.
Moderated by Mark Chaplin, ISF; with panelists: Carole Murphy, HPE; Les McMonagle, Blue Talon; Cheryl Tang, Imperva.
In today’s threat landscape, traditional approaches to securing data are falling short. Since 2015 we have seen some of the largest data breaches ever and it is clear that no industry or organization is immune from cyber attacks. The threat landscape is increasingly dangerous, while new technologies are distributing sensitive data farther across locations, devices and repositories. Starting in May 2018, enforcement will kick in on the European Union’s General Data Protection Regulation (GDPR), a move that could have a stronger privacy/security standardization effect than any technological effort has to date. Globalization efforts will make GDPR compliance essential for global companies wherever they are located.
The development of a comprehensive data-centric security program, including data discovery, classification, encryption, and file protection, can uniquely position your organization to protect what matters most, and make security move with your data to comply with global regulations such as GDPR. On this webinar our panel of experts will discuss the key points that you should consider when developing such a program for your organization.
Scott Roller, Founder of 3WP; Rebecca Herold, Privacy Professor; Sam Kassoumeh, SecurityScorecard. James Christiansen, Optiv.
The challenges that organizations face today are increasingly more complex than in the past. The constant change of the global economy, dynamics of business risks and opportunities, and an increased threat of cyber-attacks add complexities we’ve never faced. As organizations rely on more and more third parties to grow and thrive, they’re exposed to higher levels of risk, and regulators are focused on the need for organizations to manage 3rd party risk more effectively.
Manual processes, silos in contract administration, and technology and resource constraints can all lead to significant errors in the third party supply chain that leads to violation of privacy guidelines and security breaches, which cause substantial fines, penalties, and damage to brand value. On this webinar our panel of experts will discuss the risks and repercussions associated with third party contract management shortcomings, common gaps in third party contract management processes, examples of how new solutions and technologies can help organizations optimize their third party processes, and effective strategies for managing 3rd Party Risk.
Colin Whittaker, Moderator; Vibhav Agarwal, MetricStream, Mark Bower, HPE Security - Data Security, and Brian Kelley, IDERA.
Data security and the challenge of data protection is increasing in scope and difficulty. The massive volume of data that businesses are collecting is growing exponentially, and managing compliance delivery is a daunting task with huge negative consequences for getting it wrong. While organizations have long needed to safeguard intellectual property and confidential information, changes in information technology and business models introduce new threats, and new regulations. Governments and industry bodies are imposing new regulations to motivate organizations to protect the privacy and confidentiality of information. Responsibilities can vary widely by region and by industry, and staying on top of an ever-shifting regulatory landscape is complex and challenging, but it isn't impossible.
Successful organizations coordinate enterprise-wide regulatory compliance activities with tools to identify and address new and changing regulations, and are able to map the impact of these regulations across the entire infrastructure, and prioritize compliance activities according to business impact. By deploying a consistent, sustainable, scalable and measurable process for managing regulatory change, they are able to eliminate manual, non-scalable and non-strategic activities to reduce the cost and improve the speed of regulatory compliance programs.
On this webinar our panel of experts will discuss the key points to streamline your data-security program and meet regulatory change.
Dr. Branden Williams; Smrithi Konanur, HPE Security; Kevin Eberman, Mineraltree; Asma Zubair, WhiteHat Security
In today’s digital landscape, it’s much easier for criminals to access sensitive payment card data, not only gaining direct access to a consumer’s available funds, but also their personal identity. With cyber attacks becoming much more advanced, the PCI DSS standard has been forced to adapt to address these new threats.
However, PCI compliance is something that any organization can successfully achieve. The requirements of PCI DSS are clear, but it takes work to accomplish compliance across an organization. On this webinar our panel will discuss some best practices, and solutions that provides your business with an easy, cost effective and highly automated way to achieve compliance with PCI DSS in 2017.
Struggling to manage time, cost and resources across your business applications? Are you missing real-time critical information to make the right investment decisions at the right time? Then join us as we hear how industry practitioners standardize, manage and capture execution of their projects, resources and operational activities.
Examine best practices by your peers who are using HPE Project and Portfolio Management to provide the business both visibility and data consolidation as they govern and collaborate across application projects and portfolio. Learn how they have differentiated their application delivery through speed and agility, while at the same time reducing costs for quality IT operations.
Explore out-of-the-box methods for tracking project time, cost and resources
Learn easy ways to establish standardization for your HPE PPM environment
Hear customer-proven methods for project governance and collaboration through HPE PPM
Scott Roller 3WP; Yo Delmar, MetricStream, Albert Biketi, HPE Security -Data Security, Russell McGuire, Riskonnect
Growing exposure to IT risks has made organizations across industries volatile. Recent IT vendor incidents like data and security beaches, violation of privacy guidelines, which caused substantial fines, penalties, brand value, highlight that IT vendor risks are business risks and require focus from the leadership. An immature ITVRM programs limits the insights which are necessary for strengthening vendor relationships and building a robust ERM program. Rather than treating each risk in isolation, organizations need to have an integrated approach to manage risks holistically and in line with their business operations and objectives. With the growing dependency on IT and IT vendors, organizations need to align enterprise and IT VRM objectives to build a resilient framework suitable for today’s environment.
During the session, panelists will discuss how organizations can strengthen vendor management in the current landscape and improve business performance.
- Causes of Vendor Risks incidents and the impact on the enterprise
- Best approach to align IT vendor risk to enterprise risk
- Building mature VRM Program
- Role of technology in integrating Vendor risk to Enterprise risk management
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.