Name: The PCI Dream Team – Bring Us Your Trickiest PCI Questions
Start: 2016-09-07T16:00:00Z
End: 2016-09-07T16:59:54.000Z
Location: BrightTALK
Rating: 4.46

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Tune into this session, presented by Boleaum Inc.'s Vincent Amanyi, to learn how to implement a best practice identity access management (IAM) framework that is aligned with your zero trust policies.

Attendees will learn how to:
- Identify what matters in your enterprise environment. 
- Develop a strategy with a realistic budget. 
- Partner vendor's with the right solutions to your environment.

Implement best practice IAM and zero trust

IT is increasingly costing the earth, in its greenhouse gas emissions, use of raw materials, energy and water, as well as e-waste and more. Businesses and IT leaders need to develop more sustainable ways of working to mitigate the environmental risks of IT expansion.  

While CSR strategies do help organisations navigate uncertainty, leaders need to understand the connection between them and other key business challenges, such as resilience, business strategy and sustainable IT. 

In this session, Denis Didier ,Sustainable IT Manager with ISIA will discuss how to leverage change management, collective intelligence and strong leadership to build a sustainable IT strategy that is right for your company.   

Join this session to explore: 
• The Impact of ICT in 5 figures and trends
• Six steps to make ICT more environmentally friendly
• Why sustainable IT can be done both efficiently & profitably

Methodology for leaders looking to make IT more environment friendly

Space systems provide many critical functions to the military, federal agencies, and infrastructure networks. Space Policy Directive-5 Cybersecurity Principles for Space Systems describes the cyber threat to space systems and the need for these systems to be secure and resilient against cyber-attacks. Cyber defenses for space systems must be implemented in size, weight, and power (SWAP)-constrained, real-time operating environments that cannot tolerate increased latency and other common detrimental side-effects of cyber defenses. 

In this webinar, WiCyS strategic partner Sandia National Laboratories will discuss these challenges. They have been researching moving target defenses (MTD) to protect space systems against cyber-attacks. MTDs create dynamic, uncertain environments on space systems and can be used to defeat cyber threats against these systems. Furthermore, MTDs do not require the detection of an adversary to mitigate the effects of an attack.

Can’t make it during the scheduled webinar? Go ahead and register to receive a recording as soon as we wrap up!

Moving Target Defense for Space Systems

Tune into this webinar from DevOps expert Ethan Jewett to learn about distributed cloud patterns for SAP environments, including techniques for secure authentication and identity propagation. This will focus on how to build applications and business logic to extend your SAP environment using cloud technologies, how to expose the data and business logic within your SAP system as services that can be leveraged in cloud environments, as well as how to achieve interoperability between SAP Business Technology Platform (BTP) and hyper-scaler services such as AWS, Azure, and GCP. We’ll cover each of these topics through reference architectures and potential applications.

Key Takeaways:
- Learn some of the basic of ERP and SAP environments, which are often insulated from the rest of the enterprise.
- Understand the challenges of integrating SAP systems and tools into a distributed cloud environment.
- Learn techniques for working with SAP-related groups in your organization to merge SAP (and other) applications into your enterprise cloud strategy.
- Find out about resources available to support this integration.

Cloud patterns for SAP environments -- BTP and on-premises

Cyber attacks are rising against critical infrastructure systems and have serious implications for our national security. In addition, many interconnected systems are becoming increasingly cyber-physical due to modernization efforts. For example, the electric grid has rapidly evolved with smart grid technologies, wide-area monitoring capabilities, and advanced automation. Therefore, it is crucial to understand the impact of multi-hazard events such as cyber-attacks and extreme weather on these cyber-physical systems.

In this webinar, WiCyS strategic partner Sandia National Laboratories will discuss approaches for incorporating cyber-physical analysis in electric grid response and defense mechanisms for increased situational awareness, improved response, and resilience. This will include ongoing research and development overviews for cyber-physical anomaly detection, cyber-physical data fusion, cyber-physical mitigation deployment, and characterizing cyber-physical system interdependencies.

Can’t make it during the scheduled webinar? Go ahead and register to receive a recording as soon as we wrap up!

Improving Electric Grid Cybersecurity with Cyber-Physical Analysis

The recent rash of ransomware attacks and evolving cyber security threats make cyber security insurance a necessity, both to protect the company and to reassure clients and investors of the safety of their data. 

In this presentation, Ralph Villanueva will leverage more than a decade’s IT security and compliance experience, and his intimate knowledge of cyber security insurance as a licensed agent and broker for property and casualty insurance, including cyber security insurance, to discuss how IT leadership can make their company more cyber security insurable.

Tune into this webinar to learn:
•         Relevant information that cybersecurity insurance underwriters need.
•         Key areas that can affect the company’s cyber insurability.
•         Actions that the IT leadership can do to make the company cyber insurable.

About the speaker:
Ralph has been keeping his employers compliant with IT and cybersecurity requirements across numerous and diverse regulations such as the Nevada Gaming Control Board, Payment Card Industry, COSO-Integrated Framework, COBIT and ISO 27001 since 2007, and data privacy since 2017. His more than two decades of internal and IT audit and compliance work in the US and the Asia Pacific region provide him with insights not only in enforcing IT and cybersecurity requirements in light of changing regulatory and technical environments, but also in anticipating and dealing with future. Ralph has also earned numerous certifications such as the ISO 27001LA and ISO 27701LA, CISA and CISM, PCI-ISA and PCIP, CIA and CRMA, CFE, CPA and ITIL. Since 2010, Ralph has regularly spoken at over 40 conferences.

Tips to make your company cyber insurable

Historically, risk management has consisted of the controls over risk, acceptance of risk, and transfer of risk. Cyber resilience overlays those concepts with cyber-related security, business continuity and cyber insurance. This presentation from Risk Masters International's Executive Principal Steven Ross will examine how insurance fits into a cyber resilience program and what the challenges are in obtaining coverage that meets an organization’s needs.

Tune into this webinar to learn:
• How market forces, especially ransomware and cryptocurrency, have affected both resilience and insurance.
• The technology challenges in acquiring cyber insurance.
• How small and medium sized businesses are affected in their ability to be cyber resilient.
• Inclusion of artificial intelligence in insurance decisions.

About the speaker:
Steve holds certification as a Master Business Continuity Professional (MBCP) as well as a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA). He is a specialist in business continuity management, IT disaster recovery planning, and information security and has implemented programs for numerous banks, government agencies, and industrial corporations. Before founding Risk Masters, Steve was with Deloitte & Touche as the leader of their Business Continuity Management practice. In recent years, his focus has been on the resilience of large business and technology environments. He is editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series.

Cyber insurance as a part of a cyber resilience program

Tune into this webinar session, presented by Boleaum Inc. founder Vincent Amanyi, to learn the three fundamental factors to consider when building a classic ransomware protection strategy for your organizational landscape.

Key Takeaways:
- How to prepare a recover plan.
- How to limit the scope of damage from a ransomware attack.
- How to harden your environment, making it harder for ransomware attacks to get in.

Three-phase ransomware protection strategy

Ransomware is an omnipresent threat to every business. A comprehensive defense and recovery plan is an essential requirement for managing and mitigating this risk. Such a plan must take a 360-degree view of the enterprise’s risk as well as identify and address the many uncertainties faced by victims of ransomware.

This presentation from Risk Masters International's Allan Cytryn will provide this 360-degree view. Participants will come away understanding the ransomware risk vectors, the options for addressing them, and the limits of their effectiveness. Recovery is a key component of risk mitigation. Relevant options and alternatives will be discussed. 

In addition, attendees will learn the the operational lifecycle of a ransomware attack – from anticipatory risk mitigation, to attack, then to recovery, and finally resumption of normal operations. Recovery planning is only effective if conducted in this broader context.

About the speaker:
Allan has more than 30 years of experience in senior IT Leadership roles in the finance and financial services sector. His responsibilities have included Regional CIO and Managing Director for Applications at Deloitte, CIO for Simpson Thacher & Bartlett, Vice President of Corporate Finance at Goldman Sachs, Group Vice President for Funds Transfer and Foreign Exchange Systems at Bankers Trust.

Allan is also on the Executive Board of the Boston Global Forum, a think-tank founded by Governor Michael Dukakis. In this role he has advised governments on Cyber Security and AI policies and has contributed to the 2016 G7 Cyber Security Declaration at the G7 meeting in Isa Shima, Japan. This was the first ever joint statement on cyber security from the G7 world leaders.

Recovery from a ransomware attack: How to prepare and plan to minimize risk

Ransomware attacks are top of mind for CISOs and CIOs as they can cripple an entire enterprise. Making matters worse, some ransomware operators are stealing data and trying to extort organizations publicly to get paid. 

Tune into this talk to learn some of the newest ransomware trends including how threat actors are attacking cloud resources. and the sophisticated threat prevention techniques organizations can adopt to stop ransomware before their organization falls prey.

How I learned to halt ransomware and stop worrying

Cecile Mengue (IBM) took an unconventional path into the hacker field and will give a unique insight into pathways to cybersecurity in this webinar. 

Join WiCyS Strategic Partner IBM on January 17 to look into various ways of entering this career. 

Can’t make it during the scheduled webinar? Go ahead and register to receive a recording as soon as we wrap up!

A Career in Cyber Security: My Unconventional Path

Very often threat actors and criminals will infiltrate a victim's network days or even weeks before planting malware. How can you detect threat actors before they attack? And how do you monitor your network all time?
 
Do you have someone watching your network on the weekends or over holiday breaks? Many companies not have eyes on glass 24x7 because it’s just too expensive. For the SMB market, it is not cost effective to hire 7 to 10 people to staff your security operations center 24 hours a day, 7 days a week.

What does make sense is finding a trusted partner who offers Managed Detection and Response (MDR) to watch your computer network 24 hours a day, 7 days a week. 
 
Tune into this session to learn how outsourcing MDR to a reliable managed service provider (MSP) can be beneficial for businesses with $5M in revenue to $500M in revenue. Discover how insured MSP watch your network for signs of a ransomware attack and take on that risk for you. Finally, get some rest on the holiday break knowing that your network is monitored 24 hours a day, 7 days a week.

Monitor your environment 24/7 with a MDR solution

Ransomware is a huge concern for many organizations. Ensuring resilience against these attacks requires robust measures. However, those countermeasures need to be in keeping with the organization’s overall security strategy. 

Zero trust began as a security model for network security but its concepts and value are now recognized as supporting the overall security posture of an organization. Many are using or deploying a zero trust security architecture throughout their security operations. Zero trust concepts can and should be used to prevent or, at a minimum mitigate, the damage caused by ransomware. This webinar will explore how companies can utilize zero trust for effective ransomware defense.

Join this discussion to discover:
• How ransomware operates which allows it to promulgate within an environment.
• The concepts of zero trust that support ransomware resilience.
• How an organization can leverage an existing zero trust architecture to specifically address ransomware.
• Solutions that support zero trust mitigation of ransomware.

Thwarting ransomware with zero trust

The ways we live and do business are interconnected and networked. In this digital landscape, in what ways can we stay safe online when the threats are often hidden? 

Join WiCyS strategic partner Cisco to learn how to secure yourself online.

Can’t make it during the scheduled webinar? Go ahead and register to receive a recording as soon as we wrap up!

What Does or Does Not Protect You

This session will describe approaches and suggestions for potentially lowering your risk of a breach and how to prepare for when they happen.  We will discuss our experiences and practical ideas for consideration to take back to your companies.

Tune in to learn more about these topics:
1. What is the definition of a breach
2. SANS Security Critical Controls – 
a. CIS Control 1: Inventory and Control of Enterprise Assets
b. CIS Control 2: Inventory and Control of Software Assets 
3. Starting with the basics
4. Access Control – Knowing your data – Identity Access Management (IAM)
5. Leveraging Threat Intelligence
6. Bonus – Have a plan, practice, table tops

Top 5 Strategies to Reduce the Risk of a Breach

When we think of cybersecurity for enterprises, we think next-gen firewalls, EDR, and SIEM. But none of these resources can protect your cloud assets as traditionally employed. This means companies must use new techniques to protect cloud environments and the various SaaS applications deployed by modern enterprises.

Tune into this talk to learn:
1.) How to collect telemetry and generate alerts from various cloud environments.
2.) Techniques to detect misuse of SaaS application including cloud account takeover. 

The ultimate goal is to stop cloud and SaaS breach from occurring in the first place.

Breach Detection in the Cloud

In the last two years, technology has shifted from onsite to remote. This paradigm shift in computing introduces additional security concerns to both individuals and enterprises. 

Tune into this presentation to hear TD Bank's Application Release Engineer Pankul Chitrav discuss security issues and concerns common in cloud computing while addressing various key topics like vulnerabilities, threats and mitigations, and breach prevention.

Speaker bio:
Pankul is an expert DevOps consultant and entrepreneur. With a background in software technology and leadership, her career expands over several industries including education, healthcare, and finance. Currently she is working on Azure Clouds as Application Release Engineer at TD Bank. She has received numerous awards as a technology expert and mentor. Her strong background in learning, development and managing teams makes her the perfect fit. She is widely regarded as the go-to source for automation and troubleshooting. Pankul is a Certified Agile Practitioner and is Certified in Designing Microsoft Azure Infrastructure Solutions along with Microsoft Azure Administrator. Pankul has been invited to speak to organizations across the world including RSA and WWC. Pankul is passionate about volunteering and is one of the most sought-after mentor for newly immigrants of Canada.

When not working or volunteering, Pankul can be found creating delicious meals and doing gardening.

Breach Prevention in Cloud Computing

It is no secret your data in the cloud is vulnerable. What's worse is that, according to Gartner, more than 99% of cloud breaches will have a root cause of preventable misconfiguration or mistakes by end users through 2025. But the silver lining -- more like silver word -- to your cloud is that these breaches can be preventable so you can reach to your data in cloud when you need it. 

Tune in to this presentation from TD Bank's Leena Bongale if you looking for ways to secure your cloud data by:
• Securing access with zero trust principles
• Protecting data in an era of hybrid work
• Transforming your data protection for the cloud
• Reducing human error with security posture management

Speaker Bio:
Leena Bongale is a recognized industry expert with over 18 years of experience in Information Technology and specializes in Information Security and Risk Management.  She is currently Manager of Data Protection at TD Bank. Leena is an accomplished speaker, trainer, also volunteers information security consulting on pro bono basis, and has achieved industry certifications including CRISC and SAP BI. Leena regularly speaks on topics including cybersecurity, cloud adoption, business continuity, and compliance.

Reach it, Don't Breach It!

Ransomware (R)evolution

Defeating Cybercrime: Continuous Application Security for Financial Services

Pokemon Go Malware and Zero Day iOS Attacks: Mobile Threat Defense

HackerCraft - Avoid the Breach

Cyber Security Trends 2016: The Most Important Insights in Security

Data Theft in the 21st Century: Detect and Block PII & PEI Theft

What the MFA?! Moving Beyond Passwords

Surviving Social Engineering and Ransomware Attacks

The Professionalization of Hackers

Securing the Future: IoT Is Not About "Things," It's About Data!

Defining Next Generation Endpoint Protection

Stopping Targeted Attacks with Sandbox Technology

Shut the Traps: Take the Win out of Recon for an Attacker

DevOps, Security and PCI - Implementing SCM To Meet PCI Standards

“If I Wake Evil” - How I Would Attack You If I Turned into a Criminal Mastermind

Cybersecurity Risk: Addressing the Human Factor

NSA Hacking Tools Exposed... Who's Next?

Are you having a mare with Ransomware?

Why visibility is a crucial part of any security strategy

Exploring Russia’s Cyber Operations

Data Protection 101: Follow and protect your critical data, wherever it lives

Network security, seriously? 2016 Network Penetration Tests

Mapping the CYBERscape: Advanced Threat Detection within the Security Ecosystem

Stop Reading the WSJ and Focus on Your Cyber Risks

Cyberattack Response & Prevention: Why Traditional Defenses Are Not Enough

The Internet of Things Requires a Security Rethink

Using Automation & Orchestration to Strengthen Network Security & Fight Hackers

From Passive to Aggressive: Taking a Surgical Approach to Security Operations

Experts show how hackers perform web attacks which kills your site ranking

2016 Threat Analysis: Learning from Real-World Attacks

Network Security & Hacking

With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale. 

Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jim Seaman for an interactive session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.

Moderator:
- Ben Rothke, Senior eGRC Consultant at Nettitude Ltd.

Panelists:
- David Mundhenk, CISSP, PCIP, QSA (P2PE), PA-QSA (P2PE)
Sr Consultant at an unnamed GRC consulting firm
- Arthur Cooper "Coop", Sr Security Consultant at NuArx Inc. 
- Jim Seaman MSc, CCP, CISM, CRISC, QSA, M.Inst.ISP 
Security Consultants Team Lead at Nettitude, Ltd.

The PCI Dream Team – Bring Us Your Trickiest PCI Questions

PCI Standards

PCI Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The PCI Dream Team – Bring Us Your Trickiest PCI Questions

Presented by

About this talk

More from this channel