Global Panel: Dissecting Cloud Security Standards

There is an increasing need to provide evidence of cyber capability to provide confidence to regulators, boards, shareholder and other interested parties. In addition to providing confidence, there is also a requirement to provide evidence following a cyber security breach.

In order to provide this evidence we must develop international standards to allow business to provide the it in a consistent manner. The supplier industry must help to promote these standards with the support from governments and regulators.

No all of the requirements for security are the same, there is therefore a need to create a process providing this evidence from basic cyber hygiene through to Critical National Infrastructure. The companies must be suitably accredited and the individuals must have appropriate credentials and experience.

Importantly the cyber security industry must move from simply being providers of advice to providing opinions. This will mean the industry must move to being accountable. This will in turn help to professionalise the industry.

Key takeaways:
*Need to provide evidence of cyber capability to regulators, boards, shareholder and other interested parties.
*Evidence following a cyber security breach is essential, but unstructured
*International standards developed by supplier industry with support from governments and regulators.
*Evidence required from basic cyber hygiene through to Critical National Infrastructure is different.
*Cyber security industry must move from advisory to accountability, this is a massive change!

Today, most C-suite and boardroom discussions on cybersecurity are based on gut feelings and incomplete data. Many CIOs and CISOs are quite uncomfortable in these meetings, mainly because they know that they only have a vague idea about the enterprise’s overall cybersecurity picture and are forced to pretend they know what’s going on.

If a major cybersecurity incident happens, some senior executive becomes the scapegoat. Everyone agrees to increase cybersecurity spending and tighten things up. Then the cycle continues, but nothing really changes. How can we all do better?

Join Gaurav Banga, Founder and CEO of Balbix as he discusses:
- Behind-the-scenes deliberations in the board room
- Challenges in understanding and measuring the enterprise security posture
- What a mature and cyber-resilient security posture looks like
- How you can get there

Gaurav Banga, PhD is the founder and CEO of Balbix, and he also serves on the boards of several companies. Before founding Balbix, Gaurav was the co-founder and CEO of Bromium and led the company from its inception for more than five years.
Earlier in his career, Gaurav served in various executive roles at Phoenix Technologies and Intellisync Corporation. He was also co-founder and CEO of PDAapps, which was acquired by Intellisync in 2005. Gaurav started his industry career at NetApp. He has a doctoral degree in computer science from Rice University. He is a prolific inventor with
more than 60 patents.

Join automation expert Joe Schreiber on March 20th as he shares his experiences automating himself out of a job (in a good way), and discusses where to start and how to avoid risk.

Joe will present his five steps and answer questions from the audience on how to:

Collaborate with the rest of your team on automation
Organize your multi-vendor toolbox and use APIs to ensure success
Empower your teams to write reusable, value-driven code
Leverage modern applications in containers, microservices, and serverless environments
Got questions? Send them to Joe ahead of time to be included in the discussion.

For the last 2 decades, technology security was delegated to the IT team. It was role specific and designated for one small subsection of the IT team. That mentality and way of thinking must change.

A paradigm shift is required for the whole organization. Every part of the organization contributes to the success or failure of the organization. Creating a security culture is not a one-time event, it is a new way of talking and acting.

Join this webinar with Heather Stratford, CEO of Stronger.tech to:
- Understand the steps that need to happen to create this culture
- See where your organization is on the scale of creating a Strong Security Culture
- Learn why creating a security-minded culture is an essential part of the "new" requirements for a CIO.

In this webinar, we will be talking about not only the cost of data breaches but also impact of breaches and lesson learned for businesses, trends to reduce the risks and finally conclusion about how to prevent data breaches.

Successful security programs explain the situation, the risks, and the options available in a way that is both simple and true. Damrod draws on military analytical frameworks to develop map models that accurately depict the cyber terrain and guide the generation of a series of overlays. These build to create an Effects based plan suitable for Governance, Risk, and Compliance needs.

Join this webinar for an introduction to the cyber-as-conflict model developed by Damrod.

Cybersecurity, much like safety, cannot be achieved - it is an ongoing process that changes and adjusts to respond to the threat landscape, business needs and resources. As essential a cybersecurity strategy is to the enterprise, so is the implementation of it.

Join us for an interactive Q&A panel with security leaders to learn more about how to operationalize cybersecurity.

Topics up for discussion:
- Making information security relatable
- Building security programs
- Defining your cybersecurity strategy
- Translating your cybersecurity strategy into a risk management plan
- Operationalizing your cybersecurity strategy
- Using the maturity capability model for measuring success

Moderator:
Michelle Drolet, CEO, Towerwall
Panelists:
Amy McLaughlin, Director of Information Services, Oregon State University
Ariful Huq, Director of Product Management, Aporeto

There is too much fear and derision from the old guard of cybersecurity. Big breaches are used as justification for sales pitches and pedestals to mock the victims. While it is undeniable that cybercrime continues to grow, and future of cyber conflict is contested, there is good cause to think we are doing better than we imagine.

And that we can win in the future.

No competitive team enters a contest with a ‘let’s catch up’ mentality. Leaders inspire us to victory. CISO’s need to fill to role of champion and present a positive message – ‘we can win’.

Join this talk with industry thought leaders as we discuss the state of the conflict and emergent tactics from AI to insurance that promise to re-define cyber defence.

Moderator:
Griff James, Director, Damrod Analysis Ltd
Panelists:
Wyatt Hoffman, Senior Research Analyst, Cyber Policy Initiative, Carnegie Endowment for International Peace
Alan Mears, Associate Director, Risk Advisory, Deloitte LLP
Gina Yacone, Cybersecurity & Threat Intelligence Consultant, Agio

While the board ‘get cyber’, questions remain around embedding cyber risk management into business strategy execution. For many CISOs, strategy alignment represents the best opportunity to engage with the board and ensure a business-driven approach to managing cyber risk.

So how should business leaders develop, update and execute business strategy with so many cyber-related implications? How can organisations meet their business goals, against a backdrop of increasing cybersecurity costs, greater regulatory scrutiny and increased frequency and magnitude of data breaches?

In this webinar, Mark Chaplin, Principal, ISF will discuss the significance of aligning security strategy with business strategy. Mark will draw on executive engagement, exploring the essential factors for success and highlighting the pitfalls to avoid.

What threats can we expect to see in 2019, and how do we make sure we're prepared?

Join Bitdefender Director of Threat Research and Reporting, Bogdan Botezatu to discuss research-based predictions on the biggest threats of 2019. He'll walk through the future of cryptojacking, advanced persistent threats (APTs), network-level exploits, IoT attacks, and others and provide recommendations on the industry's best defenses against these threats.

Join us for this webinar that will present an advanced data science approach to detecting anomalous behavior in complex systems like the typical corporate network that your IT Security team is trying to defend. Generalized anomaly detectors, without tuning for a specific use case, almost always result in high false alarm rates that lead to analyst alert fatigue and a detector which is effectively useless. In this session, Brenden Bishop, Data Scientist at the Columbus Collaboratory, will present an open source tool and best practices for building specific, repeatable, and scalable models for hunting your network’s anomalies. Through iteration and collaboration, defenders can hone in on interesting anomalies with increasing efficiency.

Access control, a critical component of IT security compliance programs, ensures that organizations protect confidential information, like intellectual property and customer data. But your access management program can easily become outdated and static—especially if you rely on manual control testing and user access administration tasks.

By using robotics and process automation, or RPA, you can tackle some of the common challenges associated with access control programs. RPA works 24/7, reduces human error, and saves employees from manual, repetitive tasks. RPA might be the key to advancing your access control program.

Join this CPE webinar for insights into how you can reduce costs, increase efficiency and improve the effectiveness of your access control program with RPA. We will share:

- How to get started with an access control program.
- Ways to evaluate the right tools to automate processes at a task level, and align to your process automation strategy.
- Practical steps you can take to see value from advanced analytics in risk management, compliance, and continuous monitoring programs.
- How to embed governance, risk management, and controls into your enterprise’s mobilization and deployment of RPA, so you can catch issues before they arise.

Join us for this webinar that will recommend how to deal with your “big data” problem when dealing with the massive volume of raw, unprocessed data points from your network security sensors. Hint: don’t start with the data and attempt to drill down to the problem. Instead, as Slava Nitikin, Data Scientist from the Columbus Collaboratory will explain, you must start by the defining problem, building a threat model, and then focusing on the corresponding signals in your sensor data. We will walk through the use case for an Active Directory password spraying attack to demonstrate how to define and apply appropriate filters to your security data for faster detection, more accurate threat scoring and more effective security overall.

Presented by WiCyS and SIA...

This webinar from Women in CyberSecurity (WiCyS) and the Security Industry Association (SIA) will present the findings of The Cybersecurity Imperative research project produced by WSJ Pro Cybersecurity and ESI ThoughtLab and sponsored by SIA. We will share insights into how 1,000-plus organizations around the globe measure their cybersecurity preparedness and how they are preparing for future cyber threats.

In this 45-minute program, we’ll also share a new tool that allows you to compare your own organization’s preparedness to the aggregated data of study participants.

Expect to Learn:
•Current threats organizations are facing
•Cyber risk management approaches
•Where organizations plan technology and staffing investments for cybersecurity
•The impact of cybersecurity “maturity”
•The costs of cybersecurity breaches

Presenters:
•Marilia Wyatt (WSJ Pro Cybersecurity)
•Lou Celi (ESI ThoughtLab)
•Kim Landgraf (Security Industry Association / SIA Women in Security Forum)

Interviewer:
•Taly Walsh, Executive Director (WiCyS)

Are traditional awareness raising campaigns (e.g. CBT, phishing simulations) affording sufficient protection against ever evolving cyber-attacks? With human errors being the #1 cause of security incidents and data breaches, it is now a CISO imperative to tackle behavioural change and effectively manage the human risk. This recognised need reflects the acceptance that how the workforce behaves is dependent on the shared beliefs, values and actions of its employees, and that this includes their attitudes towards cybersecurity.

Key topics covered in this presentation:
• People-related challenges and frustrations the industry is facing
• Why a new approach to awareness and culture is required
• Innovative approaches adopted by leading organisations

Your organisation can only be secure if you make people your strongest defence. Attend this session to discuss how to turn your human risk into your biggest advantage in cyber security!

Flavius Plesu:
A business-focused cyber security leader, Flavius has held senior security positions both within the public and the private sector and has lead a number of enterprise-wide security transformation programmes, in complex global organisations. Passionate about solving real industry problems, cultivating and building teams to deliver on the organisation’s mission, values and goals.

Alongside his role as a Head of Information Security at Bank of Ireland UK, Flavius is also one of the Founders of OutThink, a team of CISOs and security practitioners who are changing the way in which organisations engage with their employees to shape behaviours and manage human risk in the context of cyber security.

* This is a recording so CPE credit is unavailable.

Today’s organizations face a cybersecurity landscape more difficult to navigate than ever before. When it comes to data breaches, the risk for organizations is high, from the easily calculable costs of notification and business loss to the less tangible effects on a company's brand and customer loyalty. With large-scale data breaches continuing to make the headlines in 2018, organizations must be proactive, not reactive, in the face of looming cyber threats. Proactive threat intelligence can enable organizations to prevent breaches or compromises before they occur.

On this webinar our panel of experts will discuss some critical actions organisations can consider to prevent a data breach, and attendees will learn:

- Strategies you can implement now to help you protect against a breach.
- Best practices for gathering the intelligence to predict and prevent attacks.
- How to use threat intelligence to improve your organization’s security posture and reduce the risk of an attack.
- Steps to fortify your last line of defense.