Hi [[ session.user.profile.firstName ]]

Stop Reading the WSJ and Focus on Your Cyber Risks

Too many organizations are focused on what issues others are having and don't pay enough attention to what inherent cybersecurity risks they are facing.
Today's speaker, Jay Schulman, Principal Security and Privacy at RSM US LLP will walk through a concept called "Organizational Threat Modeling." Learn to take a holistic approach to security and look at the overall threats to the organization and then determine a method to address, accept or hedge risks.
Recorded Sep 6 2016 41 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jay Schulman, Principal Security and Privacy at RSM US LLP
Presentation preview: Stop Reading the WSJ and Focus on Your Cyber Risks

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • [*CPE] Cloud Security Tips for the WFH Enterprise Dec 17 2020 6:00 pm UTC 75 mins
    Moderated by Colin Whittaker, Founder of Informed Risk Decisions.
    TBC
  • [*CPE] Executive Tips to Present Cybersecurity to the Board Nov 19 2020 6:00 pm UTC 75 mins
    Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions
    Cyberattacks can cost an organisation its reputation, its customers and a great deal of money, making CEOs and board members more accountable. Yet, research shows that a high percentage of corporate boards are not actively involved in cybersecurity oversight. Nonetheless, Gartner estimates by 2021, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually.

    When communicating your cybersecurity program to the board, it is important to translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.In order to justify the desired cybersecurity expense, you must clearly present the risks, the plan you will implement to protect the company’s assets, and the rationale behind the cost. In this webinar, our expert panel will discuss how to present cybersecurity to the board and get buy-in, including how to:

    - Map out your cybersecurity program.
    - Get an independent view of your current cybersecurity state and present the facts.
    - Translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.
    - Propose concrete solutions and demonstrate ROI.
  • [*CPE] Accelerating Threat Detection with Real-Time Security Intelligence Oct 22 2020 5:00 pm UTC 75 mins
    Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions
    Many organizations rely on governance, risk, and compliance (GRC) technology to consolidate risk information from internal sources (such as finance, IT, and operations) and external sources to understand their threat landscape. Yet as vendor ecosystems grow in size and complexity, risk management teams are increasingly struggling to procure and maintain high-quality, real-time data to feed their GRC systems.

    Creating a threat intelligence strategy is essential for a company to identify and prioritize threats effectively. But when it comes time to choose threat intelligence services and products it can be hard to know where to start. In this webinar, our expert panel will discuss how to use real-time threat intelligence to accelerate threat detection, including how to:

    - Understand the important distinction between threat data and intelligence.
    - Establish what types of intelligence will prove beneficial to your organization and be critical for ROI.
    - Ensure logging and reporting mechanisms are in place that can provide data per API to simplify forensic and compliance reporting.
    - Gain complete visibility into all of your organization’s API traffic, and analyze relevant intelligence effectively from large volumes of threat data.
    - Empower your teams to leverage automation to detect and block threats to your organization. 
  • [*CPE] A Third-Party Risk Management Masterclass Sep 24 2020 5:00 pm UTC 75 mins
    Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions
    TBC
  • [*CPE] Executive Tips to Modernize Your Compliance Program Aug 27 2020 5:00 pm UTC 75 mins
    LogicGate
    Under the weight of new and changing regulations around the world, many organizations struggle to achieve compliance. They often lack a holistic view of their compliance profile and face increasing challenges due to digital transformation. Chief Compliance Officers who take a top-down approach are often met with resistance, but a successful program requires management to actively participate, not just sign off.  

    Organizations can no longer afford to apply check-the-box approaches to compliance. Executive management must take a variety of actions to demonstrate leadership and commitment to the company’s compliance management program. On this CPE accredited webinar our panel of experts will discuss the current compliance landscape and challenges facing today's organizations, and they will address best practices to modernize your compliance program, including how to:

    - Use a risk-based approach to meet regulatory demands.
    - Employ digital transformation in the management of compliance obligations.
    - Understand the impacts of regulatory changes and minimize resource-intensive manual processes.
    - Get buy-in from other departments and create a working group of stakeholders to develop and improve your compliance program.
  • [*CPE] Privacy in a Pandemic: Implementing a Global Framework for Compliance Jul 30 2020 5:00 pm UTC 75 mins
    Colin Whittaker, Founder of Informed Risk Decisions, with speakers from ProcessUnity and OneTrust
    In response to the Coronavirus Pandemic, countries are turning to tech to find solutions for containing the spread of the virus. New government initiatives including contact tracing apps are being implemented at lightning speed, and tele-health regulation is being approved in days instead of years. The world is rapidly digitising in response to all users working from home simultaneously, companies are adding network technology to expand coverage and capability, and online video conferencing is exploding.

    But what does this all mean for privacy, and how can companies maintain compliance with regulations such as the GDPR in the current climate? Join this CPE accredited webinar to learn from our panel of security and privacy experts as they discuss how to implement a framework for compliance in the current climate, including how to:

    - Better align global privacy data regulations,
    - Enable business agility in a changing environment,
    - Foster greater interplay between CIOs, CTOs, DPOs and CEOs,
    - Create successful privacy frameworks that are globally aligned, and locally deployed.
  • [*CPE] Automated Integrations for Third-Party Risk Management Jun 25 2020 5:00 pm UTC 75 mins
    Colin Whittaker, with LogicGate, Allan Liska, Recorded Future; Jonathan Ehret, RiskRecon, ProcessUnity
    High-Profile Data Breaches have placed a spotlight on the risk of cyber security breaches with vendors and subcontractors, expanding the need to have greater rigor in third-party risk management and ongoing risk assessments. By integrating third-party risk management systems with other enterprise systems, external data sources, and analysis and reporting applications, and organization can deliver significant benefits and centralize processes into a single, automated platform that standardizes workflows and reduces manual effort.

    On this CPE accredited webinar our panel of experts will address how to strengthen your third-party risk management process for improved efficiency and effectiveness, and get more from your platform investment through automated integrations with a broader digital ecosystem. Attendees will learn:

    - How integrations with external data sources accelerate the assessment process and improve security, financial, and reputation risk reviews,
    - Where to connect to internal systems — ERP, GRC, CRM, Contracts, and more — throughout the third-party management lifecycle,
    - The pros and cons of various integration methods and how to make a best-fit choice,
    - How to strengthen and streamline your third-party risk management efforts.
  • Data Privacy in 2020 and Beyond Jun 17 2020 3:00 pm UTC 60 mins
    Mali Yared, Robert Razavi, Baber Amin & Proofpoint Speaker TBD
    Is your organization aware of the main differences in data regulations around the world?

    Join this panel of industry leaders for an interactive Q&A roundtable to get a comprehensive look into the different data privacy and security requirements. The panel will also discuss what to expect in 2020 and beyond.

    Viewers will learn more about:
    - What's new on the data privacy and compliance landscape
    - Main differences between data regulations around the world and what this means for your organization
    - Expert recommendations regarding best tools and practices for achieving and maintaining compliance
    - The future of data privacy
    - What to expect in 2020 and beyond

    Moderator: Mali Yared, Practice Director, Cybersecurity and Privacy, Coalfire
    Robert Razavi, Senior Security Architect CTO Office, IBM Canada
    Baber Amin, CTO West, Ping Identity
    Speaker TBD, Proofpoint
  • Multi-factor Authentication and How it can Save You! Jun 16 2020 5:00 pm UTC 60 mins
    Elisabeth Happel, Director of Cyber Security, TRG Networking, Inc. & David McHale, Principal, HailBytes
    Everywhere you turn, someone is talking about MFA. When you strip away the jargon, the platform marketing and ads, what does MFA really offer to the end-user or to a business? As more and more services move into the Cloud, you’ll want to understand multi-factor authentication as a possible solution for your business or personal needs.
    A little history:
    Authentication is one means of identity management – it is how a computer system knows which user has access to what resources. In the not too distant past, this was usually controlled via active directory on a server that sat in a closet where you worked. And that worked well, because all the applications, printers, and employees were in that physical place called the office.
    But, things change! Servers and applications are more likely to reside in the Cloud than in your office. Employees could be working from home, out in the field, or half-way around the globe. Each of the resources that a person needs to access must have a way of authenticating them, but traditional authentication is no longer sufficiently secure on its own!
    Enter Multi-factor Authentication – which adds an additional and out-of-band way of authentication identity management. In this webinar we will discuss:
    What is MFA?
    Why as a Service Cloud services can be vulnerable to authentication breaches
    What is out-of-band, and why is that important?
    How utilizing MFA can be an important part of your strategy to shore your network or system defenses
    How risk factor is reduced using MFA
    The different genres of MFA, and how they can be implemented
    We will wrap up our discussion with a brief Q & A session at the end, so warm up your questions!
  • Privacy in the Time of COVID Recorded: May 22 2020 58 mins
    Chenxi Wang | Vishwanath Raman | Michelle Dennedy | Tom Pendergast
    In the fight against COVID-19, countries are taking urgent actions to address the crisis. Some are turning to tech to find solutions for containing the spread of the virus. Digital contact tracing, in particular, is gaining a lot of traction. For example, Apple and Google recently announced a rare collaboration to jointly facilitate contact tracing within their mobile platforms for public health monitoring applications.
    So, what does this mean for privacy? 
    While some efforts are being made to preserve user privacy, like not tracking user location or collecting other identifying information, digital contact tracing can still reveal more user information than necessary.

    Join this panel of security and privacy experts lead by Chenxi Wang to learn more about the different implications associated with digital contact tracing, how it is being used around the world, and the long-term effects of COVID-rushed decisions.

    Speakers:
    - Chenxi Wang, Founder & General Partner of Rain Capital
    - Vishwanath Raman, Lead, Privacy Technologies, Oasis Labs
    - Michelle Dennedy, CEO Drumwave
    - Tom Pendergast, Chief Learning Officer, MediaPRO
  • Privileged Access Management: A Zero-Trust Approach to COVID-19 Recorded: May 21 2020 76 mins
    Colin Whittaker with Chad Wood, Galvanize; Joseph Carson, Thycotic; Chad Carter, Wallix; and Ilia Sotnikov, Netwrix
    Security practitioners around the world are struggling to cope with the challenges posed by remote workers during the COVID-19 pandemic. With all users working from home simultaneously, there is a tremendous load and increased security risks across private networks and the cloud. In light of more workers accessing data from the cloud, many organizations are taking a "zero trust" approach, including the use of solutions such as Privileged Access Management (PAM).

    If your organization is just getting started with a Privileged Access Management (PAM) program, or you are focused on implementing advanced PAM strategies to align with a COVID-19 environment, this CPE accredited webinar will address what you need to know for data security. Our panel of experts will outline the key challenges and offer some clear recommendations that emphasize the critical role of people, processes and technology in effectively mitigating PAM risk, including:

    - Tracking and Securing Every Privileged Account
    - Governing and Controlling Access
    - Recording and Auditing Privileged Activity
    - Operationalizing Privileged Tasks
    - Creating a Zero Trust environment
  • Become an Expert at Managing a Cybersecurity Risk Program Recorded: May 13 2020 35 mins
    Mick Vaughan and Brent Gage, Cybersecurity Engineers at SecurityGate.io
    In this discussion, cyber assessment leaders from SecurityGate.io, Mick Vaughan and Brent Gage, will delineate the top things you need to do in order to make sure your business is secure from cyber attacks.

    Learn how to employ an easy-to-use framework that you can take and put into action inside your company. If you’re not an expert in OT/IT cyber security, don’t worry! This presentation is all you’ll need to get started and show meaningful results in reducing risk. Put this in practice and you’ll be known as the expert.

    Join us so you may learn how to use a trusted methodology that scales from the smallest companies to the largest enterprises.
  • The PCI Dream Team Celebrates GDPR's 2nd Anniversary Recorded: May 13 2020 61 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    May 2020 marks the 2nd anniversary since EU's General Data Protection Regulation (GDPR) came into effect. How has the world of regulations changed in the last two years, and what else can we expect on the privacy and compliance landscape?

    Join the PCI Dream Team as they celebrate GDPR's 2nd birthday - while social distancing from home - with a fun and insightful Q&A discussion on all things GDPR, CCPA & PCI DSS.

    Grab a seat, eat some cake and bring us your toughest compliance-related questions.

    Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.
  • [PANEL] How to Simplify Cyber Risk Management? Recorded: May 13 2020 60 mins
    Kalani Enos (Immersion Security), Terence Jackson (Thycotic), Rick Holland (Digital Shadows), Joseph Carson (Thycotic)
    In today’s multi-cloud and hybrid environments, CISO's are struggling to secure assets, manage security policies across clouds, monitor and mitigate risks, while also supporting the business. How are CISOs solving the challenge of complexity?

    Join this panel of experts to learn how to simplify cyber risk management as well as maximize the value of your team and technology.
    - Risk scoring and security controls
    - How to identify risks for organizations and their third-party vendors
    - How to prevent, detect, and respond to, privacy and network security incidents
    - Best of vulnerability and risk management in a multi-vendor environment
    - Best practices and use cases across industries

    Speakers:
    Kalani Enos, Partner/VCISO/Threat Analysis, Immersion Security (Moderator)
    Terence Jackson, Chief Information Security Officer, Thycotic
    Rick Holland, CISO, Vice President Strategy, Digital Shadows
    Joseph Carson, Chief Security Scientist, Thycotic
  • Coronavirus & Surveillance: How To Protect Privacy Sensitive Data Recorded: Apr 29 2020 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    In Singapore, the Government launched an app using short-distance Bluetooth signals to connect one phone using the app with another user who is close by. It stores detailed records on a user's phone for 21 days decrypt the data if there is a public health risk related to an individual's movements.

    China used a similar method to track a person's health status and to control movement in cities with high numbers of coronavirus cases. Individuals had to use the app and share their status to be able to access public transportation.

    The keys to addressing privacy concerns about high-tech surveillance by the state is de-identifying the data and giving individuals control over their own data. Personal details that may reveal your identity such as a user's name should not be collected or should be protected with access to be granted for only specific health purposes, and data should be deleted after its specific use is no longer needed.

    We will discuss how to protect privacy sensitive data that is collected to control the coronavirus outbreak.
  • Faster Business Growth Starts with Better Vendor Onboarding Recorded: Apr 23 2020 69 mins
    Speakers: Evan Tegethoff, Will Ricciardi, and Andrew Calo of BitSight Technologies
    Companies work with third-party vendors to help them become leaner, more agile, flexible, and efficient, so they can go to market faster and beat the competition. However, onboarding remains the most time consuming and pressurized part of the process, as security leaders try to balance meeting the demands with the business with the fundamentals of good security. According to Gartner it now takes an average of 90 days to onboard a new vendor, 20 days longer than four years ago.

    Furthermore, the recent large scale shift to work from home in response to COVID-19 has accelerated the adoption of new vendors as companies try to enable a newly remote workforce, adding even more pressure on third-party risk managers to onboard and operationalize third-parties faster than ever. Join BitSight’s Evan Tegethoff, Will Ricciardi, and Andrew Calo to learn how third-party risk managers can create faster, less costly and more scalable onboarding processes that enable the business to grow faster and become adaptive to a changing environment, including how to:

    - Reduce time and cost to onboard new vendors
    - Scale your program more efficiently
    - Use tiering to prioritize your assessment process
    - Use an adaptive process to monitor your vendors
  • Navigating Internal and External Comms When Business Continuity is Tough Recorded: Apr 22 2020 45 mins
    Missive
    Crisis communications experts from Missive Comms will share best practice guidelines and top tips for communicating with internal and external stakeholders during a crisis that may impact your business continuity, using COVID19 as a live example.
    The webinar will be primarily targeted at technology companies that have a dedicated marketing budget, but will contain principles relevant to all sectors. It will cover:
    • Guiding principles for internal comms during a crisis, including top tips and hurdles to avoid.
    • Navigating external communications in the current media landscape, including a step by step guide on crafting statements.
    • Answers to your questions on communicating when business continuity is tough.
  • The threat within: Are we ready for the future of DDOS attacks? Recorded: Apr 9 2020 47 mins
    Udaya Wijesinghe, Senior Cybersecurity Architect, Optus
    •Why the threat landscape is changing so rapidly in terms of DDOS?
    •Why do we need to understand the anatomy of cyber-attack?
    •What is the impact on 5G, IoT and DarkWeb on cybersecurity?
    •What are the limitations of current cybersecurity architectures?
    •How to improve cybersecurity architecture to deal with an emerging threat?

    The proliferation of IoT devices, 5G mobile devices and the Darkweb leads to a new attack vector which sits on your backyard. In 2016, attackers leveraged vulnerabilities in IoT devices to launch massive botnet-based DDoS (Ex. Mirai botnet). Last two-year evidence that the massive DDOS attack has the potential to do more significant disruption in the world. Current security architectures are not effective if the attack originates from their backyard. The talk will discuss the limitations of existing security architectures of Telcos in terms of DDoS detection and mitigation. With today’s changing threats, the reality is that security professionals need to continually evaluate and adjust their game plans to remain productive and resilient against cyber threats. Then the talk looks into modified security architecture to deal with emerging DDoS attacks.
  • Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed Recorded: Apr 8 2020 47 mins
    Murray Goldschmidt, Chief Operating Officer, Sense of Security Pty Ltd
    A case-study for static and dynamic testing of Win10 enterprise rollout images. How this saved an organization from deploying an image that would have resulted in 10,000+ machines being remotely controlled by an adversary for ransom. Hardening reviews, configuration management, app whitelisting effectiveness, encryption recovery, and the ability to detect and defeat sleeper malware are described.
  • Data Protection & Privacy During the Coronavirus Pandemic Recorded: Apr 2 2020 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    Remote work is quickly becoming the new normal and criminals are taking advantage of this chaotic situation.

    The EU Agency for Cybersecurity's providing guidance for the huge increases in the number of people working remotely, using tele-health it is vital that we also take care of our cyber hygiene.

    Viewers will learn more about:
    - How to use encryption, controlling new storage of regulated data and data sharing in this new situation.
    - Anonymization leaves personal data open to re-identification, which exposes firms to GDPR non-compliance risks.
    - How are the HIPAA rules changing in this situation?
    - GDPR prescribing pseudonymization and how is that work.
    - How is CCPA changing the rules?
    - How to secure wi-fi connections preventing snooping of your traffic and fully updated anti-virus and security software, also on mobile phones.
    - How important files can be backed up remote or locally. In a worst case scenario, staff could fall foul of ransomware for instance.
    - What apps are secure to use in this new era?
    - Should we use MFA, PW managers or local PW management?

    We will also discuss how to use the CERT-EU News Monitor to stay updated on the latest threats and check the following basics.
Trends, developments, and technology
Increasing expectations for good data governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance for insights on how to implement successful GRC strategies and processes for your organization.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Stop Reading the WSJ and Focus on Your Cyber Risks
  • Live at: Sep 6 2016 6:00 pm
  • Presented by: Jay Schulman, Principal Security and Privacy at RSM US LLP
  • From:
Your email has been sent.
or close