Name: Global Panel: Dissecting Cloud Security Standards
Start: 2010-09-09T15:00:00Z
End: 2010-09-09T15:55:48.000Z
Location: BrightTALK
Rating: 4.6

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

This session provides practical advice to establish cybersecurity metrics, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). We begin with an explanation of the differences between them and why each are needed. Examples of how to design metrics, KPIs and KRIs are provided. Areas of focus include cybersecurity measurements for all organizations, for processes & functions and in alignment with a control framework. The end game is to measure if processes and controls are functioning as designed.

We also walk through tips for communicating new metrics and go-to-green updates for metrics in red or yellow status. The session includes 22 metrics and seven resources for many more. All of this saves time and can assist with enhancing your program.

About the speaker:
Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse cybersecurity industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management. Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences). He is certified in many programs including CISSP, CRISC, CISA, CISM, CIPP, ITILv3, and NSA-IAM.

Cybersecurity Metrics, KPIs and KRIs

Spreading operations across more than one cloud enables organizations to choose from a variety of cloud services to cut costs, improve operations and improve scalability. However, operating complex environments across multiple platforms requires a comprehensive strategy to handle connectivity, applications, data and security.

In this panel, experts will discuss how organizations can evaluate risks in their own and their cloud service provider environments, as well as technologies and tools that can assist in achieving a comprehensive strategy.

Join us to learn about:
--Understanding cloud scope across the organization
--Cloud governance frameworks
--Pros and cons of centralizing security access and monitoring controls
--Multi-cloud management and network security analytics platforms
--Cloud security posture management (CSPM) tools that can identify misconfigurations and risks
--Tools for cloud compliance monitoring

Build a Multi-cloud Strategy that Supports Governance and Compliance

Organizations are adopting multi-cloud strategies to leverage capabilities of different cloud security providers (CSPs) and to provide flexibility to software development teams. But this brings up challenges for security teams who are responsible for managing security risk and meeting compliance regulations for workloads and applications running in different environments. In this session, ESG Senior Analyst Melinda Marks explores how to supercharge your security to gain the visibility and control you need to scale security programs for multi-cloud environments.

Supercharge Your Security for Multi-Cloud

Tune into this webinar to discover the basics of threat intelligence and how to acquire it. We will also dive into cyber maturity -- what it means and how to best measure it -- as well as the five best steps to improve cyber resiliency. Attendees will also learn the dire consequences that come with deprioritizing cybersecurity in the organization so they can ensure they don't fall victim to a breach.
 
Audience takeaways:
•         The value of threat intelligence for organizational security.
•         Measuring your cyber maturity.
•         Steps to improve your cyber resilience.
•         Turn threat intelligence into business intelligence.

Life's a Breach: Understand Threat Intelligence, Cyber Maturity and Resiliency

Once considered an afterthought in software design, in today's cloud-native, app-centric world, application security must be top of mind. Widespread applications usage over distributed and public networks invites a variety of potential threats. Frequent testing and adherence to application security best practices can limit the possibility of unauthorized code being used to steal, share or modify sensitive user information.

This panel of experts will discuss the importance of a comprehensive application security program that incorporates best practices, threat identification and security testing.

Join us to learn about:

--Potential application threats
--Program requirements for app security
--Implementing app security standards
--Using DevSecOps initiatives to improve security
--Application security testing methods

Moderator:
Jo Peterson VP, Cloud & Security Services at Clarify360 

Panelists:
Stan Lowe, CISO of Synchronoss Technologies
More panelists to join soon!

Update Your Application Security Strategy

Threats like malware and denial-of-service attacks have been around since the earliest days of the internet, and the cybersecurity industry has created generations of threat detection and response tools to identify and remediate them. As security threats continue to evolve and advance, the tools to identify and stop them need to evolve as well.

This panel of security experts will explore how security teams can shift form using reactive to proactive measures, utilizing a host of emerging tools and technologies. Join us to learn about:

--Endpoint-focused technologies such as XDR
--AI's role in reshaping threat detection
--Threat detection and intelligence services
--Security observability tools that improve breach detection
--Using tools within a zero-trust framework to limit vulnerabilities

It's Time to Modernize Threat Detection

Organizations face a constant barrage of cyber threats that could lead to business disruption, intellectual property theft, and reputation damage. But preventing such attacks has become increasingly challenging due to business factors like supporting the remote worker population, connecting IT to third-party partners, and developing new types of applications for digital transformation. 

How can CISOs balance the need for aggressive IT initiatives for business enablement while managing and mitigating cyber risk? ESG Senior Principal Analyst and Fellow, Jon Oltsik, will discuss best practices for cyber-threat and breach prevention that can protect and support the business.

Outwit Attackers with a Proactive Cybersecurity Plan

There are many facets to minimising the risk companies face from insider threats. In this presentation, In this talk, cyber security lead Martin Nash will present a self-styled, strategic risk-based approach to managing the insider threat. This approach is easy to break down, easy to understand and, ultimately, easy to implement. 

Attendees will come away with the strategic basis for a modular approach to support ongoing and effective risk-based management of the insider threat.

Strategic Approach to Managing the Insider Threat

The social, economic and technological shifts of the past two years prompted cyber attackers to refine their methods, becoming more sophisticated and aggressive. This resulted in the business community suffering a series of high-profile attacks with far-reaching repercussions. Threat actors continue to exploit vulnerabilities across endpoints and cloud environments, and are ramping up use of stolen identities and credentials to bypass legacy defenses.

This panel of security experts will discuss the top threats of the moment and look toward what to expect in the next 12 months. They'll provide best practices and recommendations for security measures that can offer the best level of defense.

Join us to learn about:
--The most prevalent attacks today
--Emerging attacks that will threaten your business tomorrow
--How to take a proactive approach to threat detection
--How to prepare for continued global disruption

Moderated by:
Tamara Prazak, Senior Director | Appgate

Panelists:
Pete Wood, Partner | Naturally Cyber LLP
Seema Sewell, Assistant CISO | Office of Enterprise Technology, Maricopa County
Greg Kraft, Director- EMEA | OBS Global

The Cyber Threat Landscape: Get Ready for 2023

In this session, we will detail how to re-calibrate your CISO strategy to gain traction in your enterprise domain and change the executive perception to accelerate business.  

Key Takeaways:
• Establish the fundamentals.
• Enable a simple message.
• Harden your ecosystem.

Re-calibrate Your CISO Strategy

Cybersecurity has not only become a regular boardroom topic, but may soon be a requirement. If proposed SEC legislation takes hold, all publicly traded companies must have a process in place to disclose cybersecurity incidents and more importantly, must actively identify and manage cybersecurity risks with board of directors’ oversight.  This legislation will likely have a trickle-down effect on many private companies as well. 

While some organizations have already undergone this journey, we expect that numerous companies are late to the party and haven’t begun to determine what this change means for them. This session will help you develop a game plan to right-size security for your organization by addressing the following key issues:

• Who should fill this role?
• Where to start?
• The art of incident response and reporting.
• What are some of the functionalities the SEC will be looking to include:
      o Controls to prevent unauthorized access
      o Monitoring
      o Measures to detect, mitigate, and remediate cybersecurity threats
      o Third-party risk management
• Coordination with legal counsel and financial advisors.

Coming Soon -- CISO Observability in the Boardroom

As the methods and practices used to attack digital assets become more refined, the security tools to combat the threats must evolve, shifting from reactive to proactive methods. This change means security teams must learn about and assess a slew of acronyms, including endpoint detection and response (EDR), network detection and response (NDR), managed detection and response (MDR) and extended detection. and response (XDR). They also must consider new methods for addressing and preventing alert fatigue, such as using AI or cloud-based services.

In this panel, experts discuss the types of endpoint detection and response available and how to tease out which is best for your organization.

Join us to learn:
--Why EDR alone is not enough
--How to inventory your endpoints and their protection needs
--How to evaluate MDR options including MEDR, MNDR and MXDR
--The difference between hybrid XDR and native XDR
--Operational benefits of XDR
--How SIEM and SOAR compare with XDR

Unpacking Endpoint Detection and Response

Endpoint protection alone used to be good enough for companies. But now we have too many alerts, from too many systems along with “the Fog of More” making it more difficult to locate and address security threats. 

How do you cut through all these alerts to pinpoint real threats to your environment? Can MDR or XDR actually help you focus on what is important or are these just buzzwords? In this session, we will review real world examples to see how MDR helped a small security team focus their limited time available to cut through the fog and effectively address the critical alerts and incidents in their environment.

Cutting through the Fog of More: Use MDR or XDR to Find Real Threats

Cybersecurity megatrends -- including zero trust, XDR, a pandemic-induced increase in remote workers, and the move to public cloud -- are influencing the way organizations think about endpoint security. These megatrends add new requirements for endpoint security, while requiring new levels of integration with other core security controls. Further influencing endpoint security strategies is the massive growth and device diversity driven by both mobile and IoT device usage.

In response, IT and security teams are thinking differently about endpoint security platforms, what they must include, and how they fit into the broader security stack. ESG Principal Analyst Dave Gruber will discuss strategies and best practices for modern endpoint security to secure this growing attack surface.

Adapt Your Endpoint Security Strategy

Cyberattacks against healthcare jumped 42% in 2020 and another 35% in 2021. 

Successful cyberattacks disrupt healthcare operations, delay access to clinical services, and lead to significant economic loss. Stolen patient records can be used to commit fraud and identity theft, disrupting patients’ personal lives. 

Medical information is an attractive target because it has high economic value on the black market. 

If you are interested in protecting patients and the healthcare organizations that serve them from cybercriminals, join WiCyS Strategic Partner, Optum, to learn about the career opportunities in healthcare cybersecurity.

Cybersecurity Careers in Healthcare

Join us for an informational webinar for the WiCyS Fortinet NSE 4 Certification Summer Camp

The Fortinet NSE 4 Certification Summer Camp will take 100 WiCyS members through a 10-week self-paced, instructor-supported, training program for Fortinet NSE 4 training and certification. All participating WiCyS members will also receive a free voucher to take their NSE 4 certification, either in person or through remote proctoring.

Fortinet NSE 4 certification is ideal for professionals in technical support, system security administration, and network security administration. It is also valuable to those wishing to transition into these roles. Participants will learn the knowledge and skills necessary to operate and support a next-generation firewall in order to support specific corporate security policies.

WiCyS Fortinet NSE4 Certification Summer Camp

Cloud-native applications are proliferating in even the most traditional IT environments, but the ability to secure these applications and environments has fallen behind. This panel discussion will explore how to make sense of the confusion between cloud security solutions natively included in IaaS providers, Cloud Security Posture Management, and cloud workload protection, especially in light of the increased skills shortage.  We will also explore the increased overlap between security and infrastructure teams during a cloud migration, why organisations struggle with continuous compliance during cloud migration.

Moderated by: 
Melinda Marks, Senior Analyst, ESG

Featuring:
Markus Strauss, Head of Product Management, Runecast
Matt Hathaway, Chief Strategy & Marketing Officer, TrueFort

Securing the Cloud in 2022 and Beyond

Extended detection and response (XDR) capabilities can enable security teams to respond to threats quicker. This is extremely critical today given the increase in ransomware attacks – but organisations need to know what to look for when it comes to platforms and problems, too. This discussion will explore cybersecurity predictions for the near future, how organisations can stay ahead of what’s coming, the evolution in ransomware and machine learning, and much more.

Staying Ahead of Ransomware Attacks

Panelists:
Nils Puhlmann, Co-Founder, Cloud Security Alliance (CSA)
Richard Soley, CEO, Object Management Group (OMG)
David Fatscher, ICT Sector Development Manager, British Standards Institution (BSI)

Moderated by:
Paul Rivett, CNet Training

Global Panel: Dissecting Cloud Security Standards

cloud security

Standards

infosec

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Global Panel: Dissecting Cloud Security Standards

Presented by

About this talk

More from this channel