Hi [[ session.user.profile.firstName ]]

Best Practices for Preparing for Breaches

With malware, phishing and zero day attacks becoming more sophisticated, it’s impossible as a business to be 100% secure against a breach. As numerous high profile cases have demonstrated over the past year, breaches can cause serious reputational damage, particularly if customer’s personal details have been jeopardised or private business information has been leaked.
Preparing for breaches is part of good governance and requires close coordination between management, cyber security professionals and your communications department. This presentation will discuss the best practices for preparing for breaches.

Viewers will learn about:
• Provides models for best practice governance, including the coordination of governance, cyber security professionals and communications.
• Explains how to put together a risk management plan.
• Examines different strategies for communicating breaches and their merits.
Recorded Nov 30 2016 44 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dr Phoebe Fletcher, VP International Policy and Political Science, CSCSS
Presentation preview: Best Practices for Preparing for Breaches

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • [PANEL] New in AI & ML Dec 10 2019 4:00 pm UTC 60 mins
    Michelle Ruyle, Optimized Channel | Jennifer Galvin, Okta | Roselle Safran, Rosint Labs | Ian Hassard, Arctic Wolf
    Join this panel of security experts as they discuss the newest security solutions and strategies utilizing Artificial Intelligence and Machine Learning:

    -Best practices for improving security
    -Why your organization needs to be using AI and ML
    -How to take security to the next level

    Michelle Ruyle, CEO & Founder, Optimized Channel
    Jennifer Galvin, Field Alliances Enablement, Okta
    Roselle Safran, President, Rosint Labs
    Ian Hassard, Director of Product Management, Arctic Wolf Networks
  • Cooperative Compliance, Enhancing Cybersecurity Foundational Minimums Recorded: Dec 9 2019 41 mins
    Nat Bongiovanni, Chief Technology Officer, NTT DATA Federal Services, Inc.
    Cybersecurity policies meant to protect sensitive information are often misunderstood, avoided, or circumvented by employees. Employees don’t like to be inconvenienced by the extra steps necessary for protection that to them seem unnecessary. This can be compounded by a complex cybersecurity environment with multiple competing standards that seem similar but have unique approaches, naming conventions, and acronyms.

    This session will discuss how to solve these challenges by creating cooperative compliance. Cooperative compliance starts by understanding the entire risk environment based on the NIST SP 800-171 Framework, a foundational minimum for confidentiality and integrity. Using the NIST framework and straightforward messaging for employees, cooperative compliance communicates the reasons for cybersecurity inconveniences and protection.

    Key takeaways:
    •Define cooperative compliance
    •Define and describe the cybersecurity foundational minimum
    •Describe communication strategies
    •Provide practical approaches based on the foundational minimum
    •Comment on useful tools, techniques, and approaches

    About the speaker:
    NTT DATA Federal Services, Chief Technology Officer, Nat Bongiovanni is a US Navy veteran with over 35 years’ experience. Mr. Bongiovanni’s broad IT background allows him to view IT challenges through multiple lenses-- analyst, architect, manager, software developer and cybersecurity expert.

    Nat has spoken extensively on cybersecurity, software and policy development. He recently spearheaded a team of cyber experts to develop a cybersecurity solution to protect network assets and data from internal vulnerabilities.

    Nat’s experience comes from practical application and valuable lessons learned across a diverse set of clients including, the Office of the Secretary of Defense, Defense Intelligence Agency, the Department of the Interior CIO, the U.S. Securities and Exchange Commission, Blue Cross Blue Shield, and Enterprise Rent-A-Car.
  • We are not ready for Next-Generation Cybersecurity Recorded: Dec 9 2019 60 mins
    David Froud, Director, Core Concept Security
    The temptation to buy a technology to fix a security hole is almost overwhelming. Most vendors know this, and will happily exploit it if you let them. The fact is that very few organisations are even doing the basics yet, without which new technology will be no more effective that the Last-Generation.

    Technology cannot fix a broken process, it can only make a good process better.

    About the speaker:
    David has almost 20 years experience in areas of Information / Cybersecurity, including Regulatory Compliance, Secure Architecture Design, Governance Frameworks, Data Privacy & Protection, FinTech and Sustainable Innovation.

    As Project Lead for several Fortune / FTSE ‘Enterprise Class’ clients, David has performed hundreds of on-site security and compliance assessments for merchants and service providers globally.

    Currently focused on helping organisation unify their security programs with EU regulatory compliance regimes, including GDPR & PSD2.
  • Women in Cyber | Top Talent Initiatives Recorded: Dec 6 2019 52 mins
    Dawn Beyer, Senior Fellow, Lockheed Martin Space
    Attracting, developing, and retaining women in cyber top talent fields (continuation on the March WiCyS Conference Keynote).

    Dr. Dawn Beyer is a Lockheed Martin Senior Fellow. She has over 30 years of experience covering information security, information assurance, security engineering, cybersecurity, systems engineering, military intelligence and operations, risk assessments, strategy, and policy development and execution. She provides consultation to research and development, proposal, program, and operations and maintenance teams. She also provides guidance, direction, leadership, training, and mentoring to Engineers.

    Dr. Beyer provides leadership with visibility into cyber strategy, workforce talent, technology, capabilities, risks, policy, and opportunities. At Lockheed Martin, Dr. Beyer is the Cyber Fellows Action Team Chair. She also engages in industry exchanges and Co-chairs the National Defense Industrial Association Cybersecurity Division and is a member of the INCOSE Systems Security Engineering Working Group. She is also a board member with the Women in CyberSecurity (WiCyS) Board of Governors.

    Dr. Beyer is a retired Air Force Intelligence Officer with 24 years of service and has performed additional responsibilities as an Information Systems Security Manager, Computer Systems Security Officer, Communications Security Manager, Operations Security Manager, and Emissions Security Manager.

    Dr. Beyer earned her Ph.D., M.S., and B.S. in Information Systems. She maintains the following certifications: Project Management Institute’s Program Management Professional (PMP)®, (ISC)2’s Certified Information Systems Security Professional (CISSP)® and Certified Secure Software Lifecycle Professional (CSSLP)®, and ISACA’s Certified Information Security Manager (CISM)®.
  • Blackstone CISO Fireside Chat: The Importance of Automating Security Validation Recorded: Dec 5 2019 25 mins
    Amiati Razton, CEO of Pcysys & Adam Fletcher, CISO of Blackstone
    Pcysys CEO Amitai Ratzon, sits down with Blackstone CISO, Adam Fletcher, to discuss the increasing need to automate security validation and this activity’s place in the enterprise security program.

    In this discussion, Adam will share the reasons for backing the automated penetration testing platform, PenTera with funding, after running it on their network and how it differs from breach and attack simulation products.
  • CISSP Exam Prep Clinic #1: How to pass your CISSP the 1st Time, New Exam Format Recorded: Dec 3 2019 30 mins
    Alan Belshaw, M.S., MBA, Senior Cybersecurity Solutions Architect| Booz Allen and Hamilton
    Learn how the new exam format works and how to handle it and learn about the Mission Critical Institute 100% CISSP Pass Guarantee.

    In Clinic #1, you will learn how the new CISSP exam format works. Then, you will learn tactics on how best to respond to this “adaptive exam format”.

    If you want to pass your CISSP Exam the first time, you’ll want to attend and then review this series of five live online CISSP Exam Prep Clinics. In these five valuable CISSP exam clinics you will learn about:

    • The new CISSP exam format, the “adaptive exam format”
    • How hands-on labs will help you prepare for your exam
    • Tactics to select the best answer for each question
    • How to get your employment endorsement and what happens if you need more experience

    These five clinics include tips for all 8 CISSP domains covered in the exam.

    Register today and move closer to your goal!

    SPONSORED BY: Mission Critical Institute

    Alan Belshaw,| M.S., MBA | Senior Cybersecurity Solutions Architect| Booz Allen and Hamilton
    Certifications: CISSP, CAP, CSSLP, CEH, CIWSA, CWNA
    Authorized instructor for CEH, CAP, CSSLP and CISSP
  • Live Video Panel - Data Protection Done Right Recorded: Dec 2 2019 45 mins
    Allan Boardman, ISACA | Richard Agnew, Code42 | Steve Wright, Privacy Culture Ltd | Bill Mew, Mew Era Consulting
    As the number of data privacy laws and regulations increases globally, organizations need to take a proactive approach to data privacy and security, rather than reactive.

    Join this interactive panel of industry experts to learn more about:

    - How to bake privacy and security into your processes
    - Best Practices for achieving regulation compliance
    - How to mitigate risk with data loss protection technologies and solutions
    - Are we closer to a Privacy-and-Security-by-Design reality
    - How to protect your organization from insider threats
    - Recommendations for Improving Data Management and ensuring Data Protection

    Richard Agnew - VP EMEA - Code42
    Steve Wright, CEO and Partner, Privacy Culture Limited
    Bill Mew, Founder and Owner, Mew Era Consulting

    Moderated by Allan Boardman, CGEIT Certification Committee Member, ISACA

    Data Protection, Data Breach, Regulations, Compliance, Proactive Security, Data Privacy Security Strategy, GDPR, Data Governance, IT Security, Breach Prevention, Risk Management
  • Live Video Panel - Creating a Winning Security Strategy for 2020 Recorded: Dec 2 2019 45 mins
    Richard Agnew, Code42 | Ray Ford, GDPR Associates | Rita Bhowan, The Law Society
    Join security experts as they review the past 12 months and discuss security strategies, solutions and tools for success in 2020 and beyond.

    Discussion topics will include:

    - The key factors CISOs should consider for their cybersecurity strategy
    - The current and future threatscape
    - Platform Security for 2020
    - Technological solutions that make CISOs' lives easier
    - How organizations are coping with the shortage of qualified security workforce
    - How CISOs can better communicate their strategy to the board

    Richard Agnew - VP EMEA - Code42
    Ray Ford, Founding DPO, GDPR Associates
    Rita Bhowan, IT Security Manager, The Law Society

    Moderator to be Mark Chaplin, Principal, ISF

    Security Strategy, CISO, Cyber Security, IT Security, Best Practices, Skills shortage, Network Security, Cyber Defence, Breach Prevention, Data Security, Email Security, Vulnerabilities, Cloud Security
  • Ask the Expert - Interview with Richard Agnew - VP EMEA - Code42 Recorded: Dec 2 2019 14 mins
    Paige Azevedo & Richard Agnew, VP EMEA, Code42
    Join this interactive interview with Richard Agnew - VP EMEA - Code42

    Code42 is the leader in data loss protection. Native to the cloud, the Code42 Next-Gen Data Loss Protection solution rapidly detects insider threats, helps satisfy regulatory compliance requirements and speeds incident response – all without lengthy deployments, complex policy management or blocking user productivity. Because the solution collects and indexes every version of every file, it offers total visibility and recovery of data – wherever it lives and moves. Security, IT and compliance professionals can protect endpoint and cloud data from loss, leak and theft while maintaining an open and collaborative culture for employees.

    Richard brings a broad base of sales and management experience to Code42, gained through years leading regional teams within internationally recognised brands such as Veeam, NetApp, and Dell. Outside of work, Richard is an avid cyclist who competes in a number of local organised cycling events.
  • The Day When Role Based Access Control Disappears Recorded: Nov 25 2019 62 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    We will discuss the Good, the Bad and the Ugly of Role Based Access Control. We will review access control in systems where multiple roles are fulfilled and compare MAC, DAC and RBAC.

    We will present the "next generation" authorization model that provides dynamic, context-aware and risk-intelligent access control. We will discuss Identity Management, Data Discovery, AI, policy-based access control (PBAC), claims-based access control (CBAC) and key standards, including XACML and ALFA.
  • Emerging PCI DSS v4 Data Security and Privacy for Hybrid Cloud Recorded: Nov 20 2019 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    The upcoming PCI DSS version 4.0 will include many new or revised requirements and compensating controls will be removed It will include support for a range of evolving payment environments, technologies, and methodologies for achieving security. PCI DSS v4.0 further supports the use of different new technologies. The new validation option gives organizations the flexibility to take a customized approach to demonstrate how they are meeting the security intent of each PCI DSS requirement. This customized approach supports organizations using security approaches that may be different than traditional PCI DSS requirements.

    Through customized validation, entities can show how their specific implementation meets the intent and addresses the risk. Unlike compensating controls, customized validation will not require a business or technical justification for meeting the requirements using alternative methods, as the requirements will now be outcome-based.

    We will discuss how PCI DSS v4 may impact:

    - Implementation of the new “Customized Controls”
    - Cloud implementations
    - Compliance cost
    - Changes in liability
    - Relation to the 49 new US State Laws
    - PII and PI privacy
    - Measure data re-identifiability for pseudonymization.
    - Apply data protection to discovered sensitive data
  • Cyber Security is Not a Department: Building an Information Security Culture Recorded: Nov 15 2019 38 mins
    Amy McLaughlin, CISM, CHPS Director of Information Services, Student Health, Oregon State University
    All organizations face ongoing threats from phishing attacks, insider threats, and other trajectories. It is evident that no organization will be able to hire or afford enough cyber security to mitigate or intercept every risk. Security strategy has to start with building a culture in which every employee is responsible for information security. A culture that imbues employee with the training and situational awareness to identify and respond (or not respond, as the case may be) to incoming threats. This webinar explores ways to move beyond everyday security awareness to an integrated security culture.
  • Benefits of Soft Skills in Security Recorded: Nov 14 2019 50 mins
    Rosielle Vengua, Sr. Security Engineer, Nordstrom
    The insider threat continues to top all IT security threats. Conventional threat prevention measures primarily consist of annual security training and inserting security early into a project/product lifecycle to ensure incorporation throughout the design. However, these methods have stagnated in mitigating the largest category of insider threat: unintentional/non-malicious.
    This presentation provides anecdotal and empirical evidence via a real-life use case,metrics, and testimonials of soft skills as essential characteristics for a modern organization’s security evolution.  Specifically, it addresses the universal reality of internal-organization perceptions of security. New soft skill methods are then offered to overcome communication barriers with internal and external business/technology partners while also promoting a continual working relationship. The result of these improved relationships is project teams viewing security as an essential team member during all phases of an application/product lifecycle, plus the increased security of applications/products released. Secondary gains include maximizing cooperation and collaboration, creating opportunities to teach security concepts and proactively build security into the team’s processes and procedures, and fostering a team’s willingness to self-report security findings and vulnerabilities. As a whole, these behaviors exemplify a security culture that prevents and mitigates the unintentional/non-malicious insider threat.
  • CISO Mind Map: Today's Key Cybersecurity Focus Areas Recorded: Nov 14 2019 44 mins
    Roselle Safran, President, Rosint Labs
    The CISO position is now a multifaceted role that encompasses technical capabilities, legal/GRC requirements, and personnel and project management - all while not losing sight of the main objective: business enablement. This webinar will discuss what is important today for both new CISOs who are building their nascent security programs and seasoned CISOs who are maturing their established security programs.

    Topics covered will include:

    - Strategic initiatives that are top of mind for security leaders
    - Optimal combinations of in-house and outsourced talent
    - Technology essentials and non-essentials
    - Communicating reports, metrics, and other pertinent information to stakeholders
  • CISO as Commander: The Path from Strategy to Action. Recorded: Nov 14 2019 46 mins
    Griff James, Director, Damrod Analysis Ltd.
    In cyber security the strategic goals are often clear, while the methods to achieve those goals is anything but. This webinar introduces Damrod’s Cyber Strategic Framework that applies military analysis to cyber security challenges. Aimed at security teams trying to implement high level goals in the real world, this talk focuses on effects based planning that integrates disparate elements of IT and security into a cohesive package. Defending the network is about more than technology. Analysis and leadership are critical elements of an effective cyber defense. You will leave this webinar better equipped to develop the tactics that make strategy a reality.
  • Advanced PII/PI Data Discovery Recorded: Nov 13 2019 63 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    Join this interactive webinar as we discuss using advanced PII/PI discovery to find & inventory all personal data at an enterprise scale.

    Learn about new machine learning & identity intelligence technology, including:
    - Identify all PII across structured, unstructured, cloud & Big Data.
    - Inventory PII by data subject & residency for GDPR.
    - Measure data re-identifiability for pseudonymization.
    - Uncover dark or uncatalogued data.
    - Fix data quality, visualize PII data relationships
    - Automatically apply data protection to discovered sensitive data.
  • Q4 2019 Community Update: IT Security Recorded: Nov 13 2019 59 mins
    John McCumber, (ISC)² | Dan Lohrmann, Security Mentor, Inc | Marija Atanasova, BrightTALK
    Find out what's trending in BrightTALK's IT Security community and the challenges keeping security professionals up at night.

    Join John McCumber, Director of Cybersecurity Advocacy at (ISC)², Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor, Inc., and Marija Atanasova, Content Strategist from BrightTALK for an interactive Q&A session to learn more about:

    - Key challenges for security professionals
    - Insights from the (ISC)² 2019 Cybersecurity Workforce Study
    - What to expect in 2020 and beyond
    - Events in the community
  • [PANEL] CISO Challenges & Opportunities Recorded: Nov 13 2019 62 mins
    John Bambenek, ThreatSTOP Inc. | Yotam Gutman | Cyber Mktg Pros | Thomas J. Harrington, Securonix | Michal Jarski, Tenable
    What keeps CISOs up at night? What challenges are they facing on a daily basis? And what opportunities are they seeing in the industry?

    Join experts from leading security organizations as they discuss strategies, solutions and technologies CISOs use in the face of on-going security challenges:

    - Strategies for breach prevention
    - Strategies for making the most of AI technology and human talent
    - New technologies on the horizon
    - Security strategy recommendations

    Moderated by:
    John Bambenek, VP Security Research and Intelligence at ThreatSTOP, Inc.
    Thomas J. Harrington, Associate Deputy Director (Retired), Federal Bureau of Investigation; Managing Director and Chief Information Security Officer (Retired), Citi, Strategic Advisory Board, Securonix
    Michal Jarski, Territory Manager, Tenable
    Yotam Gutman, Community Manager, Cyber Marketing Pros
  • The New Edge Services Security Recorded: Nov 13 2019 42 mins
    Predrag “Pez” Zivic Sr. Security Solutions Architect, Pensando
    This presentation will discuss the current sprawl of different firewall and micro-segmentation appliances and software agents and present an approach on how to solve this challenge.

    Today different firewalls and micro-segmentation tools and agents are deployed for network zones, bare metal servers, virtual machines and container environments. This implementation of many disparate security tools creates operational and security problems. To eliminate these challenges, new approach will be introduced which moves services security to the server edge.

    New architecture approach to distributed firewalls and micro-segmentation will be elaborated on. Benefits of new edge services security will be demonstrated. Attendees will learn how to take control and implement security at the server edge.
  • The cyber threat landscape in the digital age Recorded: Nov 12 2019 47 mins
    Sushila Nair, Security Offer Leader, NTT DATA
    Businesses are reinventing themselves, leveraging technology and data to optimize and find new streams of revenue. This session will look backwards over the last year and discuss the threat landscape. We will then look into the future and examine the impact of digital transformation and how that is impacting threats and risk. Finally, We will examine how the enterprise can build security and resilience into the business of tomorrow.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Best Practices for Preparing for Breaches
  • Live at: Nov 30 2016 6:00 pm
  • Presented by: Dr Phoebe Fletcher, VP International Policy and Political Science, CSCSS
  • From:
Your email has been sent.
or close