Name: Applying Generally Accepted Privacy Principles to Assessing Compliance
Start: 2024-07-17T15:00:00Z
End: 2024-07-17T15:00:47.000Z
Location: BrightTALK
Rating: 4.9

Increasing expectations for good data governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance for insights on how to implement successful GRC strategies and processes for your organization.

There was a time that Americans were beginning to be as attuned to data privacy as their European counterparts.  Recently though, the pace of passage of privacy legislation has slowed.  If commercial advertising is to be believed, the public’s concern is more about cybersecurity and AI than privacy.  Even in countries subject to GDPR, the growth in the number and amount of fines does not indicate greater adoption of privacy measures, but rather the reverse.  This session will provide guidance to security and privacy professionals on maintaining data privacy investments and efforts in the face of diminishing mindshare.

Tune in to this webinar to learn:
- Where data privacy sits in relation to other security imperatives.
- Why laws and regulations alone will not help meet privacy objectives.
- How to maintain data privacy as an enterprise commitment.
- How to incorporate provisions for privacy in cybersecurity and AI efforts.

Who Still Cares About Data Privacy?

New regulations like EU DORA, NIS 2, and state AI laws are shifting liability from organizations to individual cybersecurity professionals, creating unprecedented personal legal risks. This shift means practitioners now risk individual prosecution and career-ending consequences for security decisions made under pressure.

The modern CISO must balance technical expertise with legal acumen, understanding how incident response choice, from ransomware payments to breach notifications, can create personal liability. As litigation increasingly targets individual practitioners alongside organizations, developing legally defensible security strategies has become essential for professional survival.

Join Dr. Ilia Kolochenko (CEO at ImmuniWeb and Attorney-at-Law in Washington, DC) to explore practical legal frameworks that protect your career while maintaining operational security effectiveness.

Takeaways: 
- Identify specific personal liability risks under current regulatory frameworks. 
- Master incident response protocols that protect both organization and individual standing. 
- Recognize critical gaps in cybersecurity insurance that leave practitioners exposed. 
- Develop strategies demonstrating due care to mitigate personal legal exposure. 
- Balance technical security requirements with evolving legal obligations.

Navigate Personal Liability Risks in Today's Cybersecurity Landscape

The US data privacy laws in the US are shifting from a "harms-prevention-based" approach to a "rights-based approach exemplified by the European Union's General Data Protection Regulation (GDPR). Following California's lead, four other states, including Colorado, Connecticut, Utah, and Virginia, will begin enforcing new GDPR-inspired statutes in 2023. The shift in the philosophical framework will have profound implications for data privacy protection.

The US has historically allowed businesses and institutions to collect personal information without consent while regulating those uses to prevent or mitigate harm in specific sectors. The EU, on the other hand, has long pursued a rights-based regime for protecting personal information, which holds that data privacy is a fundamental human right. This has roots in Europe's history of suffering through the infamous data collection of the Nazis and the similar collection of data by the formerly communist East Germany's secret police. The GDPR, which became enforceable in 2018, codified several key principles reflecting the Europeans' human rights philosophy. The new laws will be applicable to specific industries and types of institutions and will impose restrictions on industries and institutions regarding their handling of personal information. More states are likely to follow the GDPR in the coming years.

This webinar entails to:
- Introduce the market drivers of the US privacy laws industry and their roles.
- Illustrate the shift in the philosophy underlying data privacy laws in the US.
- Comparison of the US "harms-prevention-based" approach vs the European Union's approach is more rights-based.
- Summary of the EU ‘s General Data Protection Regulation (GDPR), which became enforceable in 2018.
- Understanding how the principles reflected in the new data privacy framework will have profound implications in the years to come.

The New Era of Data Privacy Laws

The International Standards Organization’s ISO 27701 privacy information management standard is a framework that covers both security and privacy compliance aspects of various privacy regulations around the world. As a certified ISO 27701 Lead Auditor, Ralph Villanueva is more than happy to help the audience and their organizations resolve their data privacy risks and issues by pointing out how to use this very useful framework. 

Tune into this informative talk to learn the benefits of this new frameworks and how to make the best use of it. Even better, this framework will make enterprise-wide privacy compliance more cost effective across geographic locations, and add more value to the audience’s privacy work within the company as well.

How to Leverage ISO 27701 to Fulfill Data Privacy and Compliance Requirements

There is no shortage of privacy laws and regulations. We keep hearing that the latest privacy laws “will change everything”, but have they made a real difference? This session proposes an alternative approach. Privacy can be treated as an attribute of personally identifiable information and can be managed using data management techniques. Rather than building privacy programs on compliance with laws, it may be more productive to manage the data itself.  

Key takeaways include:
1.      Why and how data privacy has been managed in recent years.
2.      How the compliance-based approach to privacy has shaped organizational approaches to the issue.
3.      How data management principles can offer a different, and perhaps better, way for managing privacy.
4.      How a data management approach would alter organizational structures.

Have We Been Doing Data Privacy The Right Way?

Ransomware and other forms of malicious cyberattacks are a top threat to IT availability; and generally speaking, to ongoing business viability.  A key element to reducing business impact and downtime is having well thought out options, both IT and business led options for compromised data recovery that can be adapted and undertaken quickly to address the particulars of a successful ransomware attack.

Join us for this session that will shed some new insights on what it takes to reduce the risk of a failed data recovery effort. 
Key takeaways include: 
1. The IT and non-IT led approaches to data recovery (its far more than restoring from backups).
2. Determining what data is most worthy of advanced levels of protection and recoverability.
3. How to get the business community ready to do their part.

About the speaker:
John Beattie has been a Principal Consultant with 11:11 Systems for more than 15 years where he has consulted with organizations looking to reduce operational risk by establishing or transforming their operational resilience programs including, business continuity, disaster and data recovery, and crisis management programs. He currently leads 11:11 Systems’ cyber-compromised data recovery consulting team.  

Prior to joining 11:11 Systems,  John was the Global Director of Business Continuity for News Corporation. He also worked at Ernst & Young for more than 15 years where he worked closely with clients across many industries on a wide variety of strategic and tactical information technology and business process improvement engagements.

John has attained FBCI certification from the Business Continuity Institute and Certified Third-Party Risk Professional (CTPRP) from the Shared Assessments Program. He is an alumnus of the New Jersey Institute of Technology where he earned undergraduate degrees in Industrial Engineering and Applied Mathematics and a Masters degree in Computer and Information Science.

Compromised data risk management: It's everyone's business

Compliance and risk management on Wall Street is vitally important to the health of a well-functioning economy and its financial markets. Regulation across all sectors of Wall Street, from broker-dealers to registered investment advisor firms to hedge funds and other financial service firms, has become increasingly more robust and stringent over the past decades. 

This presentation will discuss practical ways that firms can improve their compliance and risk management strategies to mitigate the many risks to their clients and to the firms themselves that can arise from lax and ineffective compliance and risk management strategies. This presentation will be given by Dr. Paul Wendee, a 40-year veteran of Wall Street who has owned and/or managed several Wall Street firms (broker-dealers, investment banking firms, investment advisory firms, and hedge funds).

Here are some of the topics attendees can expect:
1. Why is compliance and risk management on Wall Street important?
2. Compliance and risk management for securities broker-dealers.
3. Compliance and risk management for registered investment advisors.
4. Compliance and risk management for investment banks.
5. Compliance and risk management for hedge funds.
6. Compliance and risk management for other financial service firms.
7. Some interesting examples of frauds that have been perpetrated on Wall Street.

Compliance and risk management on Wall Street

Financial systems must follow certain rules that may seem the same on the surface, but in practice have significant differences. Financial institutions are highly regulated entities, which are required to comply with various statutory regulations. Many of these compliance rules pertain to cybersecurity. One might assume that compliance with these rules will make a company secure. While compliance is necessary, that alone is rarely sufficient to guard against tomorrow’s security threats. Compliance are rules based on the past; effective cybersecurity must anticipate the future. 

Tune into this webinar from industry expert Jerald Murphy (Nemertes Consulting) will discuss actions organizations can take to overcome hurdles to ensure companies can be compliant, with maximum agility in dealing with the latest cybersecurity threats.

Overcoming security and compliance challenges in finance

In the digital business world, reliability of service and customer satisfaction are fundamental benchmarks for application success. Google’s Service Level Objectives (SLOs) are a way of setting measurable goals around customer satisfaction and reliability to determine the level of service quality an application provides.  

Within the financial services sector, while reliability and customer experience are important, in the face of continued regulatory reform, application teams are also responsible for ensuring that all regulatory requirements and processes are being followed. SLOs can be used to directly implement these requirements, e.g., Payment Service Directive 2 (PSD2), with the necessary KPIs and automated alerts. 

In this session, Xue Liu (Reliability Lead in Deutsche Bank’s Private Bank Center of Expertise,) shares tips and best practices for embedding regulatory requirements into your SLOs. 

Join the session to discover:  
- Why incorporating compliance within SLOs matters and how it contributes to overall application success. 
- Best practices for integrating regulatory requirements within your SLO frameworks to ensure customer satisfaction, site reliability and adherence to industry regulations. 
- Collaboration strategies and processes to bridge the gap between compliance and application teams. 
- And more...

Drive compliance and regulatory requirements with service level objectives

According to The Life and Times of Cybersecurity Professionals 2021 report by the Information Security Systems Association, the ongoing cybersecurity skills crisis has steadily continued for over five years. Organizations are consistently on the prowl for talented cybersecurity professionals to combat increasingly prevalent and sophisticated cyber attacks. However, is hiring the “best fit” the only option organizations have to address the ongoing cybersecurity skills shortage? 

After working alongside the constant cybersecurity skills shortage, CISOs understand that only looking to hire talent won’t cure the longstanding problem. So how are security executives addressing the growing need for cybersecurity skills? Join Hosts Dan and Earl with guests as they take a deeper look into the cybersecurity skills shortage and:

- Innovative new strategies organizations are utilizing to tackle the cybersecurity skill shortage from integrated security architectures to partnerships with third party services or vendors
- Investing in IT and security staff through cybersecurity training
- Embracing automation and analytics to streamline security processes

The Cybersecurity Skills Shortage: Why, How, and What To Do About It

The increasingly distributed nature of the modern enterprise is making zero-trust security approaches more relevant than ever. In this research-led session, John Grady, ESG Principal Analyst, will focus on how organizations are thinking about, planning for, and implementing zero trust across their environments.


Join to find out how zero trust can provide a framework to secure even the most complex environments, whether implementing least-privilege tenets for user access or securing the connections to and between the disparate aspects of today’s hybrid multi-cloud deployments. You'll learn exactly what a zero-trust initiative should entail, where to begin, and how best to overcome the organizational obstacles that result from such a cross-functional undertaking.

Zero Trust Security Strategies to Safeguard the Enterprise

As organizations are looking for ways to stay on top of an evolving threatscape, many are
looking towards AI to enhance their security strategies and fend off cyber attacks before they
happen. In the 2022 CIO and Technology Executive Survey by Gartner, 66% of respondents
reported that they expected to increase cyber and information security investments for the
next year. More than half of respondents reported that they planned to heavily invest in
business intelligence and data analytics.

However some security leaders are cautious about adding artificial intelligence into their
security arsenal. Despite rapid advancements in AI, these solutions can also come with their
own unique set of drawbacks. Some skeptics say that AI technology is still immature and
that there may be simpler, more cost-effective solutions. With all the interest surrounding AI
in cybersecurity, it’s important for organisations to establish realistic expectations.

Join this panel to learn more about:
- The current state of AI in security
- What CISOs and their teams should keep in mind about AI
- How AI impacts your workforce strategy
- And more!

Speakers:
- Dan Lohrmann, Field CISO at Presidio
- Earl Duby, CISO at Lear Corporation
- Aidan Walden, Director, Public Cloud Architecture & Engineering at Fortinet
- Warsamé Ahmed, Co-Founder & CEO at BR[AI|YT.ai

Using AI in Cyber Security: Boon or Bust?

Secure access to cloud is broken. By now, you must already know that the traditional VPNs are the weakest links when it comes to secure access into your mission critical infrastructure. This is due to two fundamental flaws. 

VPN aka virtual private network, as it suggests, provides a virtual network extension over a secure link. That means, if the endpoint that is connecting over the VPN, is compromised, an attacker can gain secure access your infrastructure.

Once insider your network, the intruder now has the license to roam within the subnet/VLAN and, unless you have an error free setup, perhaps the intruder has the license to roam across the enterprise.
 
Time and again, we have witnessed VPNs being exploited by the adversaries and, if you want to stay protected, please ensure that you get off the traditional VPN train first.

The modern-day alternative to VPNs is called Zero Trust Network Access (ZTNA). However, the ZTNA solutions lack end to end segmentation. That means, if the attacker somehow gains access to one of your hosts over ZTNA, the attacker will then be able to roam laterally withing your organization. This is the predominant way for Ransomware to spread and compromise most of your assets.

What you need is a combination of modern Secure Access technology coupled with an agentless micro-segmentation solution and a potent incident response tool.
 
This will be the focus of our session. In this session, you’d learn how to
• Provision agentless segmentation at scale across your organization for all your assets – TV, Toaster, Laptops, VMs, Servers, and even containers
• Gain end-to-end visibility and control for all traffic
• Secure high value assets distributed across your organization
• Deploy a Ransomware Kill Switch™ that prevents ransomware spread

The correct way to “Cloud-Access”

Working remotely has become the new normal. This, and many other changes organizations adopted last year in response to the pandemic are likely to stay for the long term. According to Gallup, about two-thirds of U.S. remote workers want to continue to work remotely. So, how can organizations continue to support their growing distributed workforce at a time where reports of security threats have increased by 400% compared to pre-pandemic levels? 

Here is where the zero-trust approach to security comes into play. 

Join this month's episode of The (Security) Balancing Act with Diana Kelley and guests as they discuss the emergence of zero trust (“Trust Nothing, Verify Everything”) and what it helps achieve for enterprises in the age of cloud and remote work.

Viewers will learn about:
- The evolution of the security perimeter and the shift to zero trust
- Why zero trust is an approach and not a product
- Zero Trust Network Access (ZTA) vs. corporate VPN
- Real-world stories and practical hands-on guidance from people who have deployed a ZTA

Speakers:
- Mari Galloway, CEO, Women's Society of Cyberjutsu
- Jonathan Nguyen Duy, Vice President, Global Field CISO Team, Fortinet
- Bob Rudis, Chief Data Scientist, Rapid7

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Zero Trust for the New Normal

Phishing and ransomware attacks continue to rise, according to Proofpoint’s State of the Phish report for 2020. Organizations in the U.S. are at risk, the increase in remote work due to the pandemic has fueled a spike in attacks, and phishing attempts are up by 14 percent compared to the previous year. 

Email continues to be the number 1 delivery vehicle, but other social engineering schemes that rely on social media, voicemail (“vishing"), SMS phishing (“smishing”), and malicious USB drops are also of concern for organizations. Ransom demands are also on the rise, but according to the report, paying the ransom is not guaranteed to work as many companies that paid the ransom failed to receive a decryption key. 

Join this month's episode of The (Security) Balancing Act as Diana Kelley and guests discuss why ransomware is surging again, which sectors are most at risk, the threat to enterprises and how it is being used for more than just ransom (ex: distractionware, destructionware, etc).
- The rise in ransomware under the cloak of the pandemic 
- Why email continues to be the channel of choice 
- The difference between fully automated and human-operated campaigns
- How to decide whether or not to pay or not to pay the ransom
- Why your backups may not be immune to ransomware
- Addressing the threat with best practices

Speakers
-  Nicole Hoffman, Intelligence Analyst, GroupSense 
-  Courtney Radke, CISO for National Retail, Fortinet 
-  Patrick Lee, Senior Incident Response Consultant, Rapid7

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Ransomware in the Remote Work Era

Requiring non-security specialists to describe their posture and informing the management hierarchies on our current security posture is difficult. The language is foreign and does not lend itself to exactness. The eternal question is “Are we secure? The expected answer then cannot be “It depends…”, but rather an aggregated statement, very close to a single “Yes” or “No”. 

In case of a negative response, it is also expected to hear of the gaps and the plans to fill them to become secure again.

 

To accomplish this aggregated statement, a traditional assurance cycle of up to a year is too slow. The product owners need to have security activities in their backlog, they need to know when circumstances change to be able to address them based on risk. The management hierarchy needs to be informed with the current security posture and what implications that brings.


The road to prevent breaches is paved with measurements, a quick feed-back loop and AI assisted decision making. All meant to push security decisions out in the organization.

Here one could add the analogy of driving a car, where the driver, or senior manager, has to take decisions based on situational awareness and information provided by the car. The driver does not need to know the exact oil pressure or the cooling temperature, but rather if it has reached a hazardous level. The driver cannot base decisions on oil pressure solely by dipping the stick before starting the journey, which would be equivalent to classic compliance.

To prevent breaches senior management need to know that circumstances have changed, when they change, and ultimately that they are about to change.


In this webinar you will be inspired by a Proof of Concept and an idea of how to implement and extend it.

Proactive Breach Prevention using Automated Compliance and Continuous Auditing

This month's episode of The (Security) Balancing Act will focus on botnets as a growing threat to the enterprise, examples from the real world, and what enterprises can do to better protect against botnet-fueled state sponsored attacks.

Join this interactive roundtable discussion with security experts and industry leaders to learn more about:
-  How botnets have become a tool for cyber criminals and nation state actors
-  Real-world examples & known botnet attacks 
-  Nation state ransomware attacks
-  DDoS attacks
-  Cyber espionage
-  ATPs
-  The trouble with attribution
-  What enterprises and governments can do to address the threat

Panelists:
-  Johna Till Johnson, CEO and Founder of Nemertes Research
-  Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet
-  Craig Harber, Chief Customer Success Officer, Fidelis

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Taking Down Nation State Botnets

Are you struggling with complex identity relationships and complicated organizational assignments? To meet the demand for more complex user access requirements and to fulfill regulatory requirements, you need additional self-managed capabilities that augment your current Ping stack and help you manage user lifecycles across brands, relationships, consents, and permissions. 

In this webinar, you’ll learn how Ping’s Identity Management solution helps you:
• Create highly personalized experiences
• Ease administration of micro-relationships between users, devices, brands, and organizations
• Delegate responsibilities to scale administrative duties of identity data attributes and permissions across diverse identity populations
• Unify identity management to reduce redundancies and ensure consistent identity management practices

How To Untangle the Complex Web of Digital Relationships

In today's data-driven environment, enhancing data management requires a comprehensive approach that integrates forward-looking data governance and strategic data usage. By adopting integrated data governance strategies, organizations can ensure that data is not only compliant with regulations but also aligned with business objectives. Effective data governance promotes data quality, security, and accessibility, facilitating better decision-making processes. Moreover, strategic data usage encompasses the intelligent application of data insights to drive business growth, optimize operations, and maintain a competitive edge. Together, these strategies create a robust framework for managing data throughout its lifecycle, ensuring that it remains a valuable asset to the organization.

Optimizing efficiency through the implementation of data reduction techniques further enhances data management by addressing storage and operational cost challenges. Data reduction techniques, such as deduplication, compression, and tiered storage, significantly minimize the amount of data that needs to be stored and processed. This not only reduces the required storage capacity but also decreases associated costs, such as energy consumption and hardware maintenance. By leveraging these techniques, organizations can maintain high-performance data systems while managing their resources more effectively. Consequently, the combined approach of integrated data governance and data reduction techniques paves the way for a streamlined, cost-effective, and sustainable data management strategy.

To learn more about these innovative governance strategies and data management best practices, tune into this webinar where data science director Efe Ogolo will show viewers how to leverage established frameworks to ensure their data governance initiatives are successful.

Improve Data Management With Forward Thinking Strategies

Everyone has been talking about cyber incidents and breaches! In today's digital age, they are at the forefront of business concerns. The risks to data security and business continuity are now recognized as enterprise-level threats, demanding increasing attention from the Board of Directors. At the intersection of cybersecurity and operational disruption lies the critical need for comprehensive cyber incident response planning. 

This fireside chat will explore the multifaceted approach required to enhance an organization’s cybersecurity posture and achieve true cyber resilience. Key components include:
- Practicing good cyber hygiene – knowing your crown jewels and protecting them.
- Identity and access management.
- Identifying vulnerabilities and remediating them while looking out for emerging threats.
- Timely patching.
- Data security - confidentiality, integrity and availability.
- Governance risk and compliance management,
- Policies and standards.
- Training and awareness.

Discussion questions that’ll be explored in the presentation include: 
- How does disruption impact the business and its customers? 
- How can organizations build a strong resilience program? (Hint: there are 5 key steps) 
- What does the Board need to know when it comes to building resilience? 
- Are there any tools, frameworks and practices that can be leveraged at the Board level to facilitate strategic conversations?
- And more 

Attend this presentation to delve into these essential elements and gain insights to help you strengthen your organization's cyber resilience and ensure seamless business continuity in the face of cyber threats.

Understanding Resilience: A Board Level Concern

In an era where data is the cornerstone of strategic decision-making and business operations, ensuring its protection is paramount for C-suite leaders. This virtual webinar will provide an in-depth exploration of essential strategies and trends in data protection. 

Led by Shawnequa Albert, HR Director at KNZ Solutions, this session is designed to equip executives with the knowledge and tools necessary to safeguard their organizations against data breaches and cyber threats while fostering a culture of trust and compliance.

Not Your Ordinary Toolkit: An Essential Data Protection Toolkit for the C-Suite

Organizations are increasingly focused on Cyber Resilience, the ability to not only protect IT environments from intrusion, but also the ability to continue business operations in the face of a ransomware attack. Key components of a fully cyber resilient organization include the abilities to consistently and proactively prepare for the inevitability of a ransomware attack and the ability to rapidly recover when it happens. As corporate data continues to grow and become more valuable, the threat of ransomware and other malware also grows. New all-flash storage solutions are now being increasingly deployed as a preferred solution for storing backup data copies because of their inherent ability to restore large amounts of data quickly. In this session, join Tim Sherbak, an industry expert from Quantum Corp., to discuss:
• How all-flash solutions uniquely meet today’s requirements for rapid recovery and ideally fit into cyber resilience strategy
• How all-flash platforms fit into a multi-layered data protection strategy based on 3-2-1-1 industry best practices
• How to optimize both performance and cost-effectivity when deploying all-flash across your enterprise

All-Flash Storage for Rapid Recovery and Cyber Resilience

Protecting data of all kinds from loss, theft or damage is an essential part of a data management strategy. When identifying risks to data, a key action is to perform a data protection impact assessment (DPIA). In addition to being a requirement by the EU General Data Protection Regulation (GDPR), a DPIA protects critical data from threats and identifies potential vulnerabilities. 

This session describes a DPIA, why it is important, and how to perform one.

How to Perform a Data Protection Impact Assessment

Businesses, regulators and the public are more than ever focused on the security and reliability of our digital assets. Data loss can lead to financial setbacks, legal issues, and harm to an organization's reputation. Implementing a robust data loss prevention (DLP) policy is crucial for safeguarding sensitive information while enabling innovation. This presentation outlines a seven-step approach to creating an effective DLP policy.

Choosing the right DLP tools and making a compelling business case to secure buy-in from leadership are essential steps in the process. Testing policies, preparing for incidents, and continuous monitoring are also critical components of a successful DLP program.

By following these seven steps, organizations can proactively protect their data assets while fostering a culture of security and agility. Tune into this informative talk to learn both common pitfalls to avoid and best practices for implementing and managing DLP policies in dynamic business environments.

7 Steps to Create a Data Loss Prevention Policy

Ensure rapid resilience today.

Cybersecurity threats are multiplying faster than your defense. Ransomware, data breaches, natural disasters—the list keeps growing. But what if you had a foolproof solution to protect your data and ensure business continuity, no matter the challenge? 

Elisa Paik, Customer Education Manager at Zerto, a Hewlett Packard Enterprise company, will cover winning strategies to elevate your organization’s risk resilience and prepare for anything the future throws your way.

Join the webinar to learn more about:
-Practical approaches to mitigating cyber risks, data breaches, and natural disasters.
-Actionable tips for enhancing data protection and ensuring business continuity.
-How Zerto’s solutions can empower you to build compliant resilience strategies.

Whether you’re an IT professional, cybersecurity specialist, or business leader, this webinar is for you. Help future-proof your organization and gain a competitive edge. Register now to secure your spot.

Your Data Could Be a Single Cyberattack Away from Disaster

In the age of AI, data protection is more critical than ever. While AI tools offer incredible potential for safeguarding information, they can also introduce significant risks when employees lack clear guidance on their use. This session will explore the dual nature of AI in data security, emphasizing how uninformed or misdirected use by employees can lead to severe vulnerabilities.

We'll examine real-world cases illustrating the pitfalls of embracing new technologies without proper oversight. On the flip side, we'll highlight how well-informed employees can leverage AI to bolster data defenses effectively. Learn how to implement practical guidelines and best practices that empower your workforce to use AI responsibly, transforming potential risks into powerful security assets. 

Join us to understand the critical balance between embracing innovation, leverage your workforce cyber-self defense and maintaining a robust data protection.

The Double-Edged Sword: AI and Employee Awareness in Data Protection

In this presentation, we will start by exploring the history of Data Loss Prevention (DLP) and why it was such a significant challenge in the past. We will explain what has changed and then define DLP, outlining its main purpose and highlighting the essential role it plays in protecting sensitive information within organizations. We will discuss key elements of modern DLP, including data identification, data monitoring, and data protection techniques such as encryption, masking, and tokenization.

Next, we'll explore the latest trends in DLP, such as the significance of cloud DLP, the integration of AI and machine learning, and the importance of seamless integration with other security tools. We'll provide guidelines for effective data protection, including the development of robust data protection policies, the importance of employee training, and the necessity of regular security audits.

We will address common challenges in implementing DLP, such as complexity, cost, and the need to keep up with changing data protection regulations. Case studies will be presented, showcasing examples of companies that have successfully implemented DLP, highlighting their strategies and lessons learned from their experiences.

The future outlook of DLP will be discussed, covering emerging technologies and the evolving threat landscape, and how organizations can a

What attendees will learn:
- Understand the key components and strategies of modern Data Loss Prevention (DLP) and data protection techniques.
- Gain insights into the latest trends and best practices for safeguarding data, including AI integration and cloud security.
- Learn from real-world case studies and explore the future of DLP in the face of evolving threats and technological advancements

Safeguarding Data in the Digital Age: Modern DLP and Protection Strategies

The vital systems we use to fuel our everyday operations run on one thing: data. This means, when the scenario comes around that your data is not readily available and accesible, your business is no longer able to fuel the vital systems it runs on. In 2024, who can truly afford this disruption?

A recent Rubrik Zero Labs report showed how 98 % of organisations reported experiencing a cyber attack - which means that scenario of your data not being available and accesible is a lot more likely to happen to you too. Join this session to learn how you can secure your data while continuously monitoring for data risks and quickly recovering affected data with full integrity, when needed.

Spend 20 minutes with us in this session to learn:
-> Current overview of the landscape for enterprise data protection in 2024
-> What really is the Rubrik approach to enterprise data protection?
-> What's new in data protection technologies this year

Don't forget to look up additional information on this topic and more under attachments!

Enterprise Data Protection: Empower IT to Keep Your Data Safe and Resilient

How much sensitive data in Google Drive is exposed publicly?

In early 2023, we introduced the Google Drive Risk Scanner, a complimentary tool designed to offer insights into the security status of users' data stored on Google Drive. This scanner provides users with crucial information about their data's accessibility, including who has access, which files are publicly available, and actionable steps to implement data protection measures.

Our annual report, based on the findings from this scanner, serves as a cornerstone for understanding the extent of sensitive data exposure on Google Drive. 

Join us for an in-depth discussion led by Metomic's CEO, Rich Vibert, alongside industry experts, where we dive into:
 The findings from our ‘Risks of Storing Sensitive Data in Google Drive’ report
 The darker aspects of these widely embraced productivity tools in our work environments
 Effective strategies for managing data security and mitigating risks in productivity tools like Google Drive

Mitigating the Risks of Storing Sensitive Data in Google Drive

In the age of information, data classification has undergone a significant transformation. Gone are the days when it resembled Julius Caesar's  approach. Today, Piers Chivers and Ian Davies assert that the term "data classification" is now being co-opted by the market for various purposes. 

The question arises: Is the mere addition of sensitivity labels sufficient for software vendors to dub their product a comprehensive data classification solution? 

In this concise 30-minute webcast, our panel of experts will conduct an in-depth exploration of the following key aspects: 

- Identifying the criteria and attributes that truly matter when selecting a data classification partner. 
- Understanding the core functionalities and features that substantiate a genuine data classification solution. 
- Exploring why these capabilities are pivotal in safeguarding your data throughout its entire journey. 
- Real-world use cases

Data Classification - Great product; Awful name

Data Protection Strategies and Trends

Generally Accepted Privacy Principles (GAPP) was developed specifically to enable auditors to assess organizations’ attainment of their objectives for data privacy.  Not aligned with any specific laws or regulations, GAPP is built on ten basic principles that apply to all of them, supported by 73 auditable criteria. This session will illustrate how to use each of these criteria to identify specific artifacts that lead to comprehensive conclusions regarding compliance with internal and external requirements.

Learning objectives:
- What are the business benefits of privacy compliance?
- What are the risks of non-compliance?
- Establishing privacy baselines.
- Using GAPP to create a privacy compliant organization.

Applying Generally Accepted Privacy Principles to Assessing Compliance

Compliance

GAPP

Data Privacy

Data Compliance

Privacy

Generally Accepted Privacy Principles

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Applying Generally Accepted Privacy Principles to Assessing Compliance

Presented by

About this talk

Governance, Risk, and Compliance