Global Panel: Dissecting Cloud Security Standards

2019 was the worst year to date for data breaches. Phishing, misconfiguration mistakes, third party risk, and insider threats continue to plague organizations across industry verticals. So, what are some proactive approaches organizations can take to address old and new security threats in 2020?

Join this panel of security experts and industry leaders to learn more about:
- The biggest threats to the enterprise in 2020
- What keeps CISOs up at night
- How to stay ahead of the threats
- Proactive security strategies and best practices
- Avoiding misconfiguration mistakes and minimizing the risk of insider threats
- Solutions available today and what to expect in the near future

Speakers:
Jo Peterson, Vice President Cloud Services, Clarify360 (Moderator)
Tyler Cohen Wood, Cyber Security Expert, Former Senior Intelligence Officer, Private Consultant
Carlos Valderrama, SOC Director, Proficio
Athar Awan, Cyber Security Consultant, Security Solutions Consultants

A lot of organizations are trying to implement some kind of segmentation in their data centers. Different approaches to segmentation deployment have exposed many challenges. During this talk approach to segmentation at the edge will be considered. When implementing segmentation at the edge disruption to existing infrastructure is minimal and performance of the network is improved. Attendees will learn about this new software defined segmentation at the edge approach benefits.

The cybersecurity industry is flooded with tools that protect different aspects of your network, your supply chain, your critical data.
In this webinar, ThreatAware CEO Jon Abbott will examine how to identify the most effective tools for your organisation, available on the market today. Furthermore, he’ll explore how consolidating the information they provide makes their power even greater.

Key takeaways
How to identify the tools that will best suit your organisation’s cybersecurity needs
How cybersecurity tools can complement each other to produce better quality information
How to effectively use data collated in a single pane to best protect your organisation

The Security Operations Center was born from its parent, the Network Operations Center, inheriting its philosophy, structure, methodologies and even roles. The SOC, of course, has been evolving over the last few years but only by updating old concepts, technologies, processes and roles coming from the NOC.

In 2020 is when we're going to start the SOC Revolution, being independent from its parent, creating its own model (new roles, new technology and new processes), being proactive instead of reactive, risk and threat-based and becoming even more strategic: a business loss safeguard and growth enabler for all the organizations globally.

With the proliferation of the Internet of Things, IoT devices are often added into enterprise environments without due consideration for the security and privacy risks they pose to the business. Oftentimes, IT security teams do not have full visibility into how many IoT devices are connected to the network. This creates security gaps, as IoT devices are notoriously vulnerable to hacks and attacks.

Join this interactive panel experts to learn about how enterprises can enhance endpoint, and therefore IoT security.

Attendees will learn more about:
- IoT and today's enterprise
- What's on your network? How do you evaluate IoT devices?
- Why visibility is key
- Controlling access to your IoT environment
- Vendor risk and holding vendors accountable for their IoT equipment
- Areas for automation and where to reduce your IT security team's involvement
- Patching and upgrading
- Expert recommendations for enhancing IoT security

Speakers:
Peter Wood, Partner, Naturally Cyber LLP (Moderator)
Terence Jackson, CISO, Thycotic
Brian Russell, IoT Working Group Co-Chair, Cloud Security Alliance (CSA)
Kalani Enos, Founder & CEO, KEnos Technologies LLC
Alexandre Blanc, Director of Security, Adaware (an Avanquest company)

Many businesses have put tremendous effort in automating processes and
security controls that protect their data. However, in the case of a disaster, your business continuity plan (BCP) likely relies on manual processes that may open a side door to threat actors and leave your business and data more vulnerable than before.

Learn the things you should be considering as part of your BCP to help keep your data protected.

In today’s business landscape it is important to take a proactive approach to security rather than a reactive approach. Join leading security experts as they discuss the safest ways to protect your organisation in 2019 and beyond.

Join this Q&A panel to learn more about:

- Key organisational benefits to practising proactive security
- Technologies powering security
- Best practices and recommendations for a more secure organization

Speakers:
Roselle Safran, President, Rosint Labs (Moderator)
Sean Webb, Information Security Manager, Patriot One Technologies Inc.
Michelle McLean, Vice President of Product Marketing, StackRox
Michelle Drolet, CEO & Co-Founder, Towerwall
Chris Calvert, VP of Product Strategy, Respond Software

Join this webinar as we discuss the foundational processes and tools associated with very successful security programs that also prevent serious incidents and events to lower the overall costs of a breach.

Learn how prevention is the “secret sauce” to lowering costs!

The rapid rise of breach response capability as an absolute necessity has GDPR to thank/blame. But what should have been an extension of every organisation's existing incident response / disaster recovery program, is now an excuse to reach into your pockets. Like everything in security, breach response is not complicated - or even difficult in most cases - it just has to be 'appropriate'.

In this webinar you will learn that:
-Breach response is not a product, and it's certainly not a technology, it's a collection of procedures;
-If you don't have decent incident response, breach response is pointless;
-Most organisations trying to sell you breach response out of the gate are doing you no favours
-Asking the right questions is your responsibility!

Waterfall is based on the concept of sequential software development—from conception to ongoing maintenance—where each of the many steps flowed logically into the next.

Join this webinar presentation to learn:
- Why DevOps cannot effectively work in waterfall
- How to use DevOps tools to optimize processes in either development or operations through automation

We will also discuss what is needed to support full DevOps optimization and create a Secure Agile Development process.

The emerging DataOps is not Just DevOps for Data. According to Gartner, DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization.

The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment.

This session will discuss how to add Security in DataOps and DevOps.

The General Data Protection Regulation (GDPR) has been making far more influence on the privacy landscape online than expected since its enactment by the European Union (EU) on May 25th, 2018.

Google and Facebook, two of the most powerful digital platforms, were heavily scrutinized and penalized with hefty fines for their non-compliance in the European market. GDPR has also driven many countries, such as Japan, Brazil, and South Korea, to follow suit by strengthening their privacy laws. All 50 states in the United States have also joined the camp by amending their privacy laws - albeit to varying degrees - to make privacy breach reporting mandatory.

Most notably, the State of California developed its own GDPR-style privacy law called “California Consumer Protection Act” (CCPA) and will enact in January 2020. Moreover, two federal privacy bills were recently submitted to the Congress aiming to be the very first federal-level, comprehensive privacy law in the U.S. Canada is no exception in this privacy-aware trend. The ruling liberal party made clear that modernizing privacy legislation to protect citizens online will be one of the party’s priorities.

This presentation will talk about current trends in privacy field in terms of regulatory requirements in the U.S., Canada, and Europe, discuss what to expect in 2020, and what to do to make sure that all the organizations and institutions are compliant with applicable laws and regulations in their jurisdiction.

Too often, Information Security means technical point solutions. This approach leaves enterprises exposed and management and customers disillusioned.

Join us to learn:

- Why security programs remain on the margins of business adoption in spite of heightened threats and acknowledged need
- Why security by technology alone is a dead end
- The secret sauce for a vibrant, effective information security program

As organizations evaluate their de-identification and data minimization practices to satisfy an expanding landscape of regulatory obligations there are a number of factors to consider. Various technologies will be considered as part of a data-centric security strategy for de-identifying and securing sensitive information such as statistical tools, cryptographic solutions, suppression, pseudonymization, generalization, and randomization. Further, we will examine the capability of these technologies to preserve business utility within a Zero Trust data security model.

Listen to this session and you will take away:

• An understanding of the definition of de-identification as it relates to international and industry privacy regulations, including the difference between pseudonymization and anonymization
• A strategy for balancing privacy and security concerns with business needs, such as evaluating and prioritizing risk
• How various methods of de-identification can help meet the privacy requirements of applicable compliance obligations

The PCI Dream Team is back for another interactive Q&A session.

Join us with your toughest questions and learn more about the various Payment Card Industry (PCI) standards and requirements, with a focus on PCI DSS v4.0.

Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jeff Hall for an interactive Q&A session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.

Speakers:
- Ben Rothke, Senior Information Security Specialist at Tapad
- David Mundhenk, Senior Security Consultant at Herjavec Group
- Jeff Hall, Senior Consultant with Online Business Systems
- Arthur Cooper "Coop", Senior Security Consultant at NuArx

The Payment Card Industry Data Security Standard (PCI DSS) and the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework share the common goal of enhancing data security. This session maps PCI DSS to the NIST Framework and discuss how to align security efforts to meet objectives in both PCI DSS and the NIST Framework.

PCI DSS is focused on the unique security threats and risks present in the payments industry

The NIST Framework provides an overarching security and risk-management structure with security Functions, Categories, and Subcategories of actions. These Subcategories reference globally recognized standards for cybersecurity.

Both PCI DSS and the NIST Framework are solid security approaches that address common security goals and principles as relevant to specific risks.

We will discuss how the NIST Framework identifies general security outcomes and activities, and how PCI DSS provides specific direction and guidance on how to meet security outcomes for payment environments.

This session will also discuss the interesting attribute based access control (ABAC) as a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This session also provides considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.

Webinar Take-Aways:

- What millennials think about privacy and What’s their expectation?
- Diversity in Privacy in 2020
- Impact on Criminology and Criminal Justice System in Privacy.
- Career in Privacy

About the Speaker:
Deveeshree Nayak
Faculty, School of Engineering & Technology (SET)
University of Washington, Tacoma

Disclaimer: My views in this webinar are my own.

With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.

This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.

Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.

Companies today are increasingly aware of their privacy compliance obligations, including the emerging requirements from recent regulations like GDPR and California's CCPA. Most companies that invest in a privacy compliance uplift spend time on policy revisions, data subject rights tooling, training, and data discovery. But after the first rush of compliance activities, the challenges of privacy operations evolve:

- How do you get beyond point in time compliance into managing repeatable processes?
- What existing teams and operations should privacy leverage right away, and how should this change over time?
- How do you prioritize updates to your data subject rights tooling, whether you've custom built or outsourced?
- How do you avoid privacy fatigue?

This webinar will cover common areas where privacy compliance can "get stuck," and discuss ways to successfully operationalize a growing privacy program at the speed of business.

Presenter Info: Adrienne Allen, Head of Security GRC and Privacy, Coinbase