Hi [[ session.user.profile.firstName ]]

How Can I Automatically Find and Fix My Data Security Blind Spots?

The need to detect data security blind spots is becoming more important every day. This includes sensitive data that was not found in the data discovery process, as well as failures of our deployed critical security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows, allowing attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture and compliance to PCI DSS 3.2.

Revisions to PCI DSS point toward the realization that security must be built into the development process. This is frequently referred to as Rugged DevOps or SecDevOps, and is embracing the speed of DevOps and continuous delivery in a secure environment. DevOps does affect security, and you can use it to your advantage. As cloud, big data and DevOps disrupt traditional approaches to security, new capabilities emerge to automate and enhance security operations.

Join this session and learn how to automatically report on these data security blind spots and how security can be built into the development process and platforms. Ulf Mattsson, CTO of Compliance Engineering will discuss how security can be built into Rugged DevOps,SecDevOps, DevSecOps, Scrum, SAFe, DAD and use in Large-scale Development.
Recorded Nov 8 2016 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ulf Mattsson, CTO at Compliance Engineering
Presentation preview: How Can I Automatically Find and Fix My Data Security Blind Spots?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Attacking the APT/Ransomware Kill Chain Apr 8 2020 4:00 am UTC 45 mins
    Guy Rosefelt, Security Product Marketing Director, Sangfor Technologies
    Existing APT and Ransomware solutions only address specific parts of the kill chain, making them ineffective at completely stopping APT and Ransomware attacks. Powered by multiple levels of implementation of machine learnings on malware, DGA and other attack behaviors, We will explore holistic approaches that addresses every step of the kill chain making it the only fully integrated security solution with NGFW, EDR and MDR today that can accurately detect and mitigate APT/Ransomware attacks from network to endpoints.
  • An Intelligence Led Approach Using AI for Cyber Defense Apr 8 2020 2:00 am UTC 45 mins
    John Lee, Managing Director, GRF Asia Pacific
    The world is becoming increasingly connected in the digital age that is setting upon us and there is no turning back. The huge opportunities from the IT and OT convergence enable new services and increased productivity. At the same time with greater connectivity there is also greater risks to organizations because of this increased threat surface. A new approach to defend against cyber attacks is needed to keep pace with other business changes and evolving threats. Artificial Intelligence and Machine Learning technologies may present a solution to this problem.

    The webinar will cover:
    - Why the digital economy is not cyber secured
    - Cyber Security Strategic choices
    - The threat Intelligence life cycle
    - Threat detection and incident response: the future
    - Summary

    About the presenter:
    John Lee is the Managing Director for the Global Resilience Federation Asia-Pacific office. He is managing an Information Sharing Analysis Centre for Operational Technology operators. He had past roles in Information Security, GRC and Operations working for MNCs covering APAC and Middle East. He is the immediate past President of the ISACA Singapore Chapter. He had also taught various cybersecurity certifications from ISACA and ISC2. He is a certified APMG trainer for ISACA.
  • Securing the Future: Preparing for the Cyber Threats of 2020 Recorded: Apr 7 2020 33 mins
    Jon Abbott, CEO, ThreatAware
    Carbon Black recently found that 84% of UK organisations had suffered one or more data breaches in the past year. Effectively cybersecurity is critical for ensuring the success of your business in the digital age.

    In this webinar, ThreatAware CEO Jon Abbott explores the problems that cybersecurity professionals have faced over the past year and how these are likely to evolve in 2020. He draws on his twenty years of experience, including as founder of MSP Priority One, to examine how cyber threats develop and how business cybersecurity needs to grow to meet new challenges.

    From comprehensive asset management to compliance with international standards, proficient cybersecurity requires you to juggle a vast number of tools and processes. Jon’s presentation will look at the way in which innovative technology can increase visibility and reduce complexity when it comes to cybersecurity management, to allow your business to embrace positive risk in 2020.

    Key takeaways
    - The biggest risks cybersecurity professionals faced in 2019
    - How these risks are likely to evolve moving forward into 2020
    - What tools allow businesses to embrace new technologies securely
  • Let COVID-19 Teach us about Cyber Security Recorded: Apr 7 2020 46 mins
    Jason Yuan, VP Product & Marketing, Sangfor Technologies
    Despite our advances in medical science, humans are still vulnerable to newly developed virus such as COVID-19.

    One thing we know today about coronavirus: it can be extremely contagious even if patients have shown no sign of symptoms. This is remarkably similar for IT security. For example, most ransomware remains dormant for weeks or months until activated.

    While the infected hosts are not causing any damages, they are busy infecting other systems. IT organizations only have knowledge of ransomware that are reported by PC or server users. This discussion borrows the lessons learned from center for disease control, such as detection, quarantine, and tracking down “patient zero”, and demonstrate the importance of AI & machine learning in security with the best practices for cybersecurity professionals, helping organizations to understand their current threat landscape, perform impact analysis, improve their security posture.
  • Strategies to Prevent Online Fraud Recorded: Apr 7 2020 28 mins
    Jia Min Tan, Director of Alliances, APAC, NS8
    Online fraud is a growing and constantly evolving epidemic so it’s important to learn how to safeguard your business online.

    This presentation will include some strategies and tips for preventing online fraud by sharing a fraud prevention plan that focuses on ad fraud, order fraud and chargebacks
  • [PANEL] What would a CISO do? Recorded: Apr 6 2020 58 mins
    John Lee, GRF Asia Pacific | RV Raghu, Versatilist Consulting India | Germanie Tan, Darktrace
    As cybersecurity vulnerabilities and breaches continue to make headlines and put organizations reputation at stake, it’s important to ask “What would a CISO do?”

    Join this interactive panel of industry experts as they discuss:

    - Top threats to look out for in 2020
    - Key factors for building a successful CISO strategy
    - Selling your security strategy
    - Why your entire organization should be up to date on cybersecurity

    Moderator: Paul Brennecker QSA, Head of Operations at 3B Data Security

    John Lee, Managing Director, GRF Asia Pacific
    RV Raghu, Director Versatilist Consulting India Pvt Ltd & Director, ISACA
    Germaine Tan, Director of Threat Analysis, Darktrace
  • Expectation from the CISO in the new decade Recorded: Apr 6 2020 48 mins
    RV Raghu, Director Versatilist Consulting India Pvt Ltd & Director, ISACA
    With the new decade bringing the biggest threat to humanity in terms of COVID19 and its cascading global impact, the ask of the CISO is evolving and the CISO will have a much larger role to play in the enterprise and be truly asked to sit at the big table.

    By listening to this session, participants will:

    a) have a view of how the changing world looks for the CISO
    b) understand what the CISO can do to remain relevant in this new world
  • Data Protection & Privacy During the Coronavirus Pandemic Recorded: Apr 2 2020 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    Remote work is quickly becoming the new normal and criminals are taking advantage of this chaotic situation.

    The EU Agency for Cybersecurity's providing guidance for the huge increases in the number of people working remotely, using tele-health it is vital that we also take care of our cyber hygiene.

    Viewers will learn more about:
    - How to use encryption, controlling new storage of regulated data and data sharing in this new situation.
    - Anonymization leaves personal data open to re-identification, which exposes firms to GDPR non-compliance risks.
    - How are the HIPAA rules changing in this situation?
    - GDPR prescribing pseudonymization and how is that work.
    - How is CCPA changing the rules?
    - How to secure wi-fi connections preventing snooping of your traffic and fully updated anti-virus and security software, also on mobile phones.
    - How important files can be backed up remote or locally. In a worst case scenario, staff could fall foul of ransomware for instance.
    - What apps are secure to use in this new era?
    - Should we use MFA, PW managers or local PW management?

    We will also discuss how to use the CERT-EU News Monitor to stay updated on the latest threats and check the following basics.
  • Cyber Breach Fatigue Recorded: Mar 31 2020 36 mins
    Rhonda Bricco (UnitedHealth Group), Deb Doffing (Optum), Sue Perkins (Optum), Cat Goodfellow (Optum)
    The stream of near constant data breaches has left consumers desensitized to the news their information was lost or stolen. We’ll discuss issues around complacency both in consumers and enterprises such as how long the customer cares after a breach occurs, whether data loss is as negatively impactful to an organization’s reputation as it used to be, and how breach fatigue benefits hackers.
  • COVID-19 - What Will Attackers Do? Recorded: Mar 31 2020 58 mins
    Chris Roberts, Rod Soto, Nir Gaist, Ira Winkler
    The COVID-19 Coronavirus pandemic provides cyberattackers with opportunities to wreak havoc. The key to thwarting their attacks is knowing how they are leveraging the crisis for their nefarious purposes. And whom better to ask than experts who know how threat actors think and operate?

    Join us for a community webinar with three renowned whitehats who will predict the attack vectors and tactics blackhats will use to take advantage of the fact employees are struggling with fear, uncertainty and isolation while working from home. You will gain invaluable insight into the attacker’s mindset and learn how to harden your organization’s defenses.

    Chris Roberts is one of the world's foremost experts on counter threat intelligence and vulnerability research within the information security industry. Robert was part of Attivo Networks, LARES, Acalvio Technologies, among others.

    Rod Soto is a Security Researcher and co-founder of HackMiami and Pacific Hackers conferences. Rod spent over 15 years in IT and security in organizations like Akamai, Splunk and JASK. He is a frequent speaker at cybersecurity conferences.

    Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.

    Ira Winkler is the Lead Security Principal for Trustwave. He has designed and implemented security awareness programs at organizations around the world. Ira began his career at the National Security Agency as an Intelligence and Computer Systems Analyst.
  • [Earn CPE] How to Get More Visibility into Your Digital Ecosystem Recorded: Mar 26 2020 70 mins
    Kelley Vick, Host. With Chris Poulin, Principal Consulting Engineer at BitSight.
    In today's cybersecurity landscape, having continued visibility into your organization’s attack surface is essential to staying ahead of new and evolving threats. But as your digital ecosystem continues to expand, monitoring and mitigating cyber risk become increasingly difficult.

    During this CPE webinar, BitSight’s Chris Poulin, a risk reduction and cybersecurity expert, will take a deep dive into how you can evaluate your current digital risk management efforts, identify gaps, and prioritize improvements.

    Join us on Thursday, March 26, to learn how to:
    ●Validate and manage your digital footprint across various ecosystems
    ●Monitor for indicators of attack, compromise, and abuse
    ●Leverage business context to prioritize remediation efforts and allocate resources
    ●Initiate response plans to mitigate risks
    ●Track and communicate progress with objective data across environments
    ●Use risk intelligence to improve your security posture
  • Deepfakes, Social & Impact on Elections Recorded: Mar 26 2020 61 mins
    David Morris | John Bambenek | Lance James | Dean Nicolls
    AI-generated fake videos, or deepfakes, are becoming more common, more convincing and easier to create. In the era of social, technically manipulated videos can spread like wildfire.

    This is a particularly sensitive issue in today's politically charged environment. With the 2020 U.S. presidential election on the horizon, foreign interference in elections is a real problem and social media the perfect gateway for sowing misinformation, discord and mistrust.

    Can deepfakes impact the outcome of elections? How easy are they to spot, and do you need a tool for that?

    Join this episode of the Election Hacking series to learn more about the emergence of deepfakes and what can be done to mitigate its impact on elections.
    - The current state of deepfakes
    - How deepfakes can be used in misinformation campaigns
    - Use of deepfakes in cyber crime
    - Social media and the spread of fake videos
    - How tech companies are addressing the scourge of deepfakes (Facebook, Twitter, YouTube)

    - Lance James, CEO of Unit 221B
    - John Bambenek, VP for Security Research and Intelligence at ThreatSTOP
    - Dean Nicolls, VP of Global Marketing, Jumio

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Dealing with PCI DSS Compliance During the COVID-19 Crisis Recorded: Mar 25 2020 61 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    The new normal during the current COVID-19 crisis is changing every aspect of the business world. It is also affecting how QSA’s deal with PCI assessment.

    A QSA for the most part has to be on-site for a PCI assessment, how are they do to that when they can’t get to the site?

    On this webinar, The PCI Dream Team will:
    - Provide an overview of the PCI DSS requirements to be on-site
    - Discuss strategies to perform PCI assessments when being on-site is now impossible
    - Answer any specific questions to deal with this predicament
    - Detail work at home issues and concerns
  • Balancing the Security Workforce Recorded: Mar 25 2020 56 mins
    Diana Kelley | Chris Calvert | Larry Whiteside, Jr. | Gary Hayslip
    The world needs more people in infosec. There are currently about 2.8 million cybersecurity professionals, but roughly 4 million more are needed to close the skills gap.

    So, how are organizations addressing this shortage? What are some of the things organizations are doing when it comes to attracting and retaining cybersecurity talent, but also balancing the workload for the security teams they already have.

    Join today's episode to learn more about the challenges and solutions when it comes to balancing the security workforce.
    - Security skills shortage: Myth vs. Reality
    - Top challenges for security teams
    - Addressing burnout and analyst fatigue
    - How machine learning can help
    - Areas where people are better than AI
    - Building a security culture
    - Removing obstacles and attracting new talent

    This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.

    - Chris Calvert, Co-Founder & VP Strategy at Respond Software
    - Larry Whiteside, Jr., Veteran CISO & Cybersecurity Thought Leader; Co-Founder & Interim President - ICMCP
    - Gary Hayslip, CISO, Softbank
  • Preparing for COVID-19: An Infosec Perspective Recorded: Mar 25 2020 30 mins
    Jeff Schmidt, VP of Cyber at Columbus Collaboratory
    COVID-19 pandemic has not only changed our lives but immediately changed our corporate threat profiles by extending our cyber attack surface and increasing our exposure to all kinds of attacks from authentication to human error. Transitioning to a remote workforce directly and significantly impacts your defensive protections. Practical changes can reduce the risk exposure while also minimize unneeded disruptions and fire drills during this turbulent time. In this webinar, we will discuss important cyber threats to consider and provide actionable advice on how to reduce your risk.
  • Coronavirus Pandemic – Cyber Intelligence Fighting the Virus in Cyberspace Recorded: Mar 23 2020 61 mins
    Alex Holden
    In the midst of the Coronavirus pandemic, our society is struggling to adjust to the necessary and unexpected changes. In the information security space, we are prepared for many things, but dealing with a pandemic crisis leaves many unprepared.

    Cybercriminals operate on a different level and are ahead of the game taking advantage of the global crisis with many others joining their ranks. We will discuss critical issues facing information security during this crisis.

    We will also review what you need to know, what you need to be concerned about, and the steps to take today to get your organization more secure and prepared to minimize the potential impact the crisis.
  • Coronavirus Actions and Risks for Tech and Security Leaders Recorded: Mar 13 2020 62 mins
    Dan Lohrmann (Security Mentor, Inc.) | Scott Larsen (Inova Health System) | Earl Duby (Lear Corporation)
    How are state and local governments responding to COVID-19? What are private sector companies doing now? From public health actions to directives for staff, what emergency response steps and risks should be considered?

    Join this webinar for the latest coronavirus playbook roundup and recommendations on how to address the outbreak. Learn the scope of the unprecedented challenges organizations are currently facing. Hear from industry leaders on how they are addressing the COVID-19 outbreak.

    Topics will include:
    - Policy, technology and process steps to take today to protect your workforce and organization.
    - How are orgs dealing with more staff working from home (telework)?
    - What mistakes can be avoided –and how?

    We will close with a Q/A session with the audience.

    - Dan Lohrmann, Chief Security Officer & Chief Strategist at Security Mentor Inc.
    - Scott Larsen, CISO at Inova Health System
    - Earl Duby, CISO at Lear Corporation
  • What I Learned at RSAC 2020 Recorded: Mar 12 2020 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.

    Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.

    Join this webinar to learn more about what attendees found interesting at RSAC USA 2020:
    - Emerging Privacy Issues
    - The Human Factor
    - Advancements in Machine Learning
    - Security in App Development
    - Trends from the Innovation Sandbox
    - New Standards and Regulations
    - Security for The API Economy
  • [Earn CPE] Matching Threat Intelligence & Third-Party Risk for Cyber Security Recorded: Mar 12 2020 74 mins
    Panelists: John Chisum, RiskRecon; Jaymin Desai, OneTrust; Allan Liska, Recorded Future; and David Klein, ProcessUnity
    As organizations evolve and become more connected, their reliance on third-party ecosystems continues to grow. While these business relationships undoubtedly add value, they also introduce significant new risk and compliance challenges. The third-party risk management process is complex and involves more stakeholders and data sources than many people may think including: cyber risk information, supply chain, financial, IT, compliance, legal, and privacy risk data. But even with loads of available data, it’s extremely difficult for risk teams to know how to prioritize risk and focus remediation and response efforts without the proper context or processes.

    As a result risk management teams are turning to governance, risk, and compliance (GRC) solutions to help centralize all of this information in order to gain a more holistic view of their third-party ecosystem. Cyber third-party risk data is a critical piece of the puzzle to a holistic third-party risk program within a GRC solution. Having access to a threat-centric view of cyber risk provides risk management teams with real-time insights that enable them to make faster, more confident decisions and effectively manage third-party risk.

    On this CPE accredited webinar our panel of experts will address how to bring threat intelligence into the third-party risk management process and discuss:

    - The importance of holistic risk management and sustainable ongoing monitoring,
    - How to incorporate external content sources and create a centralized data repository for a more holistic view of your vendors,
    - Ways to advance your third-party risk maturity with threat intelligence.
  • Hey You, Get Off Of My Cloud Recorded: Mar 12 2020 51 mins
    Kelly Robertson, CEO, SEC Consult America
    A little discipline goes a long way when moving to the public cloud.

    Attend this talk by SEC Consult America's CEO Kelly Robertson as he discusses what applications are appropriate to move to a public cloud infrastructure and what questions do you need to ask.

    Six considerations of this session:

    - Security
    - Compliance
    - Data Protection
    - Choosing a Cloud Provider
    - Workload Analysis
    - Incident Response

    About Kelly Robertson:

    I'm a senior executive with 30 years of professional Information Security Experience in the Silicon Valley. I worked mainly for large enterprises for the first 15 years, then started Zisher InfoSec, a security consulting firm. In 2017, Zisher InfoSec became part of the SEC Consult organization and I am presently responsible for the SEC Consult organization in the Americas.

    Information Security spans all aspects of the technologies that mankind relies upon and also has a huge impact on digital citizens. I have been fortunate to have worked in 30 countries in the past 20 years across many disciplines, technical vectors and market segments. I believe that the work that we do in this career field is essential to the human race and I hope that my contributions have made a positive difference. A great deal of my focus is in mentoring information security professionals, as individuals and groups through education programs, presentations and publications.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How Can I Automatically Find and Fix My Data Security Blind Spots?
  • Live at: Nov 8 2016 5:00 pm
  • Presented by: Ulf Mattsson, CTO at Compliance Engineering
  • From:
Your email has been sent.
or close