Bridging the Trust Gap for Identity Services Based Market Growth
In the age of digital transformation trust is key to the growth of services in both the public and private sectors. With more and more services evolving and innovating around digital identity there is a universal need to bridge and balance business incentives with government requirements. At Kantara Initiative we see the transformation cycle as a 4 stage process: strategy setting, innovation, deployment, and assurance. Few, if any, organizations can succeed at all of the strategic stages of change and innovation in isolation. We invite you to join us to discuss how trust frameworks will evolve to bridge the digital transformation of identity assurance.
RecordedMar 30 201548 mins
Your place is confirmed, we'll send you email reminders
Eric Dowsland, VP, Customer Success, Herjavec Group
Often times, even with the best technology and software, cybersecurity detection and response strategies don’t meet their maximum potential or, worse yet, fail without a team that has the right capacity and expertise behind them.
Join Herjavec Group’s VP of Managed Services, Adam Crawford as he discusses best practices and strategies for enterprise detection and response programs including layering your security approach, and properly leveraging the MITRE ATT&CK Framework.
Discover how implementing a Managed Detection and Response program to support your cybersecurity plan is key to identifying, disrupting, containing, and remediating the onslaught of malware and emerging threats that will occur this year.
SolarWinds Cyberattack came as a wake-up call to many. An attack that most cyber-aware /savvy organizations could not detect for many months. It is a reminder of how an interconnected world can impact us all in a short time.
Join Sunil Sharma, Director of Cyber Defense for Middle East’s leading provider of strategic consultancy and tailored information security solutions and services company, Help AG, the cybersecurity arm of Etisalat, to discuss supply chain attacks, techniques, and tactics used by advisories to execute such attacks and strategies to detect and respond to supply chain attacks.
Jo Peterson, Clarify360 | Neil Borne, USAA | Doug Saunders, Sweeping Corporation | Christopher Camalang, Alert Logic
Cloud computing, remote work and the increasing use of mobile devices has redefined the network edge. The concept of endpoint security and the strategies used to protect this new perimeter from sophisticated adversaries and advanced persistent threats has evolved as well
• The changing organizational view of the redefined endpoint
• Increased attack vectors
• Maturing threat detection and response tools
• The blurring line between End point security and data security
• The move to Zero Trust Network Access
Jo Peterson, Vice President, Cloud and Security Services, Clarify360
Neil Borne, Information Security Adviser Lead, USAA
Doug Saunders.CIO, Sweeping Corporation
Christopher Camaclang, Technical Partner Manager - US MSP, Alert Logic
Simon Ratcliffe, Ensono; Brian Robison, BlackBerry, Jason Allen, Digital Hands and Darrin Nowakowski, CGI
As organizations are making plans to extend working from home through next summer, what are some things employees and IT teams can do to better protect their devices and networks? Learn more about how endpoint security can be implemented and improved to protect your organization from breaches.
Join this interactive keynote panel with security experts and industry leaders to learn more about:
- COVID-19’s impact on home network security
- Why attackers are targeting the endpoint
- Why your connected devices may be at risk and what to do about it
- How to seamlessly integrate your endpoint security with existing solutions
- Identifying threats, solutions and breach prevention best practices
Over last three decades, evolution of Cyber Security & Cyber Attacks has gone hand-in- hand. Whenever one side gains an upper hand, the other comes up with novel ways to move forward. Because of this need for constant evolution, both sides have been at the forefront of new technology adoption. And Artificial Intelligence is no exception.
Cyber Security vendors have been utilizing AI based solutions in their products for a while now. As these solutions mature, the Attackers are gradually finding it harder to bypass the protection. Subsequently, we expect Cyber Attackers to also start utilizing AI for their purposes. Which would require Security vendors to alter their approach.
In this talk we will discuss:
- Current AI usage in Cyber Security and path forward.
- Potential use of AI by Cyber Attackers.
- How Cyber Security would have to evolve to counter the new threat.
Dr. Neelesh Kumbhojkar, Symbiosis International (Deemed University) Pune, India | Ajit Paul, Digital i2o
Enterprises are adopting digital transformation with an ever-increasing speed to drive growth through new business models with the advent of digital technologies. Digital transformation has now become a business imperative rather than technology imperative. The rapid adoption of digital transformation also coincides with growing focus on Cybersecurity.
Today, due to ubiquitous connectivity, increased device density and digital technologies such as IoT, the threat surface have expanded multifold . The multiplication of devices and the edge-based automation adds to the complexity and need to manage differently. A denial of service, theft or manipulation of data can damage the customer experience and cause significant damage to the brand value, penalty, revenue loss and jeopardize the livelihood and safety of individual stakeholders. Cybersecurity during and post-transformation is key to the success of the digital transformation and also creating compelling customer experience. On the other side, consumers are expecting more and more proactive measures by enterprise for security and any compromise may results into exudes of loyal consumer from the brand.
The author intends to take vertical centric and digital transfection centric approach while narrating current state of cybersecurity in those key verticals. It also discusses various practices that today are required to digital transformation more secured and ultimately protect customer experience.
Key Take Aways:
1. The Complexity and challenges of Cybersecurity in Enterprises of APAC Region
2. How can trust and resilience-based ecosystem be enabled by enterprise?
3. Cross industry view of Cybersecurity
Dr. Neelesh Kumbhojkar, Director Symbiosis International (Deemed University) Pune, India
Ajit Paul, Business Transformation Advisor, Digital i2o
We need to carry out a deep introspection about the current state of the IT and InfoSec rollout and the associated policies. The sequence of doing so is of the utmost importance. We may have to re-engineer the following.
1. Network Security
2. Application Security
3. Operational Security
4. Information Security
5. BCP & DR
6. End-User Education
Computing has seen a significant transformation. The IT services are being utilized and consumed by the end-users in a much different way than before. The stress on the IT managers has increased as they are compelled to allow the much-debated issue of securing and rolling out the BYOD policies. The forced reduction of the headcount & reduced wages has had an adverse impact on the employee’s integrity. Remote users have many peeping toms at home looking at the computer screens. The Home Wi-Fi used by the employees is not secure.
This leads us to analyze the top 10 areas of concern. Parallelly, the outbreak of an undeclared war between the “Cyber Bullies” and the “IT Security Soldiers” is hotter than ever before. We will discuss the strategies that IT Security Soldiers are adopting and the success thereof.
The current perceived threats have created opportunities for the vendors providing the NAC, ZeroTrust, RPA’s, ATP’s, infusion of ML and AI into the Firewalls and perimeter security devices to a large extent. The OS and RDBMS patch updates have taken a front stage and are a priority task for the IT Managers.
We need to draft out an SOP for keeping the IT Infrastructure secured. We need to create “8 Commandments” to have a well-secured IT Infrastructure
There is a human angle to IT Security as well. Only having robust IT InfoSec Policies. The Human Resource department needs to play an important role.
The goals that an IT InfoSec leadership needs to achieve has to be clear, well defined, and meticulously followed.
This presentation will be a snapshot of an end to end journey.
Yihao Lim, Principal Cyber Threat Intelligence Advisor, Mandiant Intelligence
Mandiant Threat Intelligence assesses with high confidence that the ransomware threat and its associated disruptions and costs will continue to grow in 2021. We assess with high confidence that cyber risks to the pharmaceutical, healthcare, and related industries will remain elevated throughout the coronavirus (COVID-19) pandemic and related vaccine distribution efforts.
We assess with high confidence that actors specializing in specific stages of the attack lifecycle will continue their activities, making sophisticated tactics more accessible to a wider variety of actors and threat activity more difficult to track. We also noted increased volume, sophistication, and diversity in information operations throughout 2020. We suggest that continued evolution will be at least partially driven by detection efforts.
The proliferation of cloud adoption by businesses has opened out a plethora of
Cybercrimes conducted by individuals, organizations and even states. The objectives
and intents are different for threat actors and the identification of their activities will
shed some lights of how can we prevent and detect such malicious acts in our IT
infrastructure on cloud.
In this connected world where people are more interactive online especially on cloud,
businesses have to look deeper and further on how the secure their IT infrastructure
against Cybercrimes. The mindset of the IT security team have to shift with more
proactive thinking on how to counter such malicious activities with right tools,
personnel, trainings and resources.
The session will walk through recent cases of cybersecurity attack such as
ransomware and data breach, explaining how did the threat actors carried out the
works. Attendees shall gain knowledges of how and what to protect for their
organizations assets on cloud and build defence against such malicious attacks.
• Understand the objectives of different kinds of attacks.
• Tools that malicious actors use.
• Use cases – Ransomware and Data breach attack.
• Steps that we can take to prevent and detect such attacks.
The Detection & Response categories of EDR, NDR, XDR & MDR have exploded with popularity recently. But how do all of these categories fit together, and what is their relation to the prevention categories of security controls? This session will present a unified model for how to think about security controls across both Prevention and Detection & Response. We'll look at how the model aligns to the MITRE ATT&CK Framework and give specific examples. The session is meant for both business and technical decision makers and leaders in the IT and Security spaces.
Ashwin Pal | Director Cybersecurity | Unisys Asia Pacific
Phishing and ransomware has been a major issue for globally over the last 18 months in particular. Late 2019 saw a number of ransomware attacks on and this can continued into 2020 and 2021 with the COVID pandemic nationally and globally.
The reasons for the success of the attacks vary, but they are particularily debilitating as it strikes at the heart of any organisation affecting its ability to operate.
With the above in mind, this presentation will focus on discussing three key steps that need to be taken to bolster defences within organisations against phishing and ransomware.
The presentation will define ransomware and then address three key areas to be covered to bolster defences as follows:
1. How to cover the basics. This is important as with focus on the rights controls, a large portion of the attack surface can be reduced
2. Understanding the attacks methods and responding with further controls to address any gaps
3. Getting strategic with your approach so that you can stay up to date with your controls and ensure cyber resilience.
The presentation will also provide a timeline of steps to be taken to mitigate ransomware related risks.
We will conclude the presentation with a discussion on key takeaways as follows:
• Increasing and maintaining your defences is a constant effort
• Start with the basics and work your way through to strategy
• Manage the change well and stay focused on risk mitigation
• The journey can be broken down into three key phases to help you in the process:
o Cover the basics
o Understand how you are likely to be attacked and bolster your defences
o Get strategic – prioritise and address gaps.
Tony Katsikas, Owner at CyberSecurityU and Mak Consulting Group | Sayasmito Ghosh, Director at TheCyberSecurityCrew
“To know your Enemy, you must become your Enemy.” ― Sun Tzu
Today’s hackers have evolved, in fact they have evolved and and are evolving much quicker than most organisations’ ability to defend themselves.
Hackers today collaborate amongst amongst themselves to build capability and scale so that they continue to stay ahead of the curve. In many respects they are borrowing from existing business models.
Like many businesses they have planned campaigns and their goal is to maximise their Return on Investment (ROI) within the shortest amount of time and the least amount of effort
This webinar explores different trends attackers use to get advantage over organisations, what makes an organisation fall to trivial attacks and what we can do to prevent, detect and respond.
As we know COVID put everyone’s digital transformation plans on hyper speed. The speed and extent of this change has meant that execution was, just do it and we will catch up later.
Add to the mix that regulation around the globe is increasing in Corporate Governance, Security, Privacy, Ethics, Data Governance and 3rd Party Risk management. Business as usual won’t get us there, doubling the number of spread sheets flying around the company is not the answer.
In this session OneTrust will present the Trust Blueprint which provides a new approach in Securing the Modern Enterprise.
2020 was the year of pandemic and testing immunity of human race. It has also exposed our bookish risk assessment and risk treatment processes. 2021 is the year of redefining strategies for existence. Earlier, organizations were facing direct cyber-attacks, but in recent past, attacks are being simulated from various and multiple sources, such as third-party vendors, service providers etc. Compromise of data and breach of privacy have reached to the alarming levels. CISO’s are facing vivid challenges. CISO’s need to come out of the compliance strategy and move towards business benefits, so that organizations may get safe and secure information system infrastructure. On one hand CISO needs to provide assurance to the senior management on the other hand they should demand for innovation in information security products and services.
Takeaway from the webinar:
• Information security facets teasing CISO’s in 2021.
• How to understand immunity and resilience of the IS infrastructure?
• Techniques to have Insight of traffic from within and outside the enterprise network.
• How to understand the real state of risk profile of the organization?
• Factors needs to be taken into account while defining and designing the KRIs.
Safi Obeidullah & Fermin Serna, Citrix | Ayman El Hajjar, University of Westminster | Dick Wilkinson New Mexico Supreme Court
The New Workspace Episode 7
2020 was an intense year for security professionals. The shift to remote working uncovered unforeseen vulnerabilities and called for more stringent security solutions. Distributed workers meant distributed data, and security professionals had to find a balance between enabling wide-scale access to private data, and protecting their organisations from new threats.
However, as we move into 2021, it doesn’t look like it’s going to get any easier for the security world. According to a recent Citrix survey. 93% of US and European business leaders believe cybercrime and big data breaches will present a significant risk to organisations over the next 15 years. But what are these risks, and how can you best prepare your organisation to tackle them?
In this episode, we’ll take a look at what we have learned from security in 2020, and how we are using these lessons to inform security strategies over the next few years.
Join us as we discuss:
- The top security predictions for 2021
- Security lessons from 2020, and how 2020 changed security forever
- The future of security, and what to expect going forward
Safi Obeidullah, Field CTO at Citrix
Fermin Serna, Chief Security Officer at Citrix
Ayman El Hajjar, Course leader Cyber Security and Forensics at University of Westminster
DevSecOps is security that’s executed by developers and governed by security in a cloud native context. Governance means it’s security's job to make it work well. So, how do you know it’s working? Metrics! But which ones, and where to start? This talk will introduce modern security metrics for governing DevSecOps.
The following metrics will be covered so you can start incorporating them into your own programs:
One of the most difficult things to do for any cybersecurity leader is to build a defensible strategy and business case for investment that can be properly measured and tracked using relevant metrics and data. Today’s security leaders need a broader set of skills and influencing approaches to advance a winning cyber strategy.
Based on a combination of real-world experience, case studies, and research conducted with a targeted set of C-level executives, this session will show the audience how to frame the problems and outcomes they want to achieve, what metrics they should be tracking, and how to ground a cybersecurity investment plan in a business justification.
The session will walk through example business cases for cybersecurity investment, including explanations of the component parts, and how each is related. Attendees will come out of this session with tried-and-tested skills for leading change, for influencing people who know they need a stronger security strategy, but do not always understand why and how to solve the problems specific to the organisation.
• Understand the components and metrics that make up an effective cybersecurity strategy and business case for investment.
• Learn how to articulate cybersecurity outcomes in the language of the C-suite and board.
• Understand how to tell a cyber story that leads real strategic change.
Independent research commissioned by Aura Information Security reveals staff are not as secure as their managers may think. While 62 percent of New Zealand businesses say they carry out security training exercises with their staff, only 37 percent of Kiwis say they have received training on good cyber security practices. Hilary Walton, a security culture expert, digital influencer and CISO of Kordia Group provides her perspective on:
• How to get started,
• Do’s and don’t, and
• How to build into your security strategy an employee education programme that resonates.
Mario Demarillas, Chief Information Security Officer (CISO) and Head of IT Consulting & Software Engineering, Exceture Inc.
Organizations are transforming its businesses from brick and mortar model into digital platforms. This transformation initiative provides efficient processing of transactions, competitive advantage and access to global customers.
On the other hand, digitally transformed organizations are exposed to cyber threat actors and their attacks are becoming more pervasive and impactful even to the survivability of these organizations.
Therefore, it is necessary for CISOs to assist the Board and Senior Management in facing these cyber security challenges while meeting fulfilling its Strategic Plan.
Sushila Nair, Joy Harrison, Kwasi Mitchell, and Hollee Mangrum-Willis
Mentoring programs can increase knowledge and build skills for future goals and milestones, allowing your workforce to grow their skills organically and create cultures of collaboration and success.
Join Part 1 of our series to learn how to design a mentoring program for women and minorities in security that actually delivers for everyone involved.
- Learn from experts on how to design a mentoring program that delivers
- Understand how to make mentoring meaningful for your organization
- Learn what strategic planning steps are critical to make the plan a success
- Virginia "Ginger" Spitzer, Executive Director | ISACA, One In Tech Foundation
- Joy Harrison, Director, Leadership Development Center for Excellence | NTT DATA Services
- Sushila Nair, VP Security Services, Chief Digital Officer | NTT DATA Services
- Kwasi Mitchell, Chief Purpose Officer | Deloitte
This is Part 1 of our new series on mentorship produced by BrightTALK. Sign up for Part 2 via the link in the attachments.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.