Name: Using Open Standards to Comply with GDPR
Start: 2017-08-17T08:00:00Z
End: 2017-08-17T08:32:13.000Z
Location: BrightTALK
Rating: 4

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

The need for structured IR readiness process that addresses both on-premises and cloud environments is clearer than ever before. In this session, an incident responder and cloud security architect will share their personal experiences in defending against nation-state attacks. 

Through real-life case studies, they will cover best practices for Incident Response methodology and tools that stand the test of nation-state attacks. They will then present how this battle-tested but traditional approach to IR is challenged with the introduction of cloud computing. Finally, they are introducing a a battle-proven framework to enhance your IR capabilities in the cloud.

About the speakers:
Karl Ots is a cloud and cybersecurity expert, as well as international speaker and trainer, with a broad range of deep Azure expertise. He believes that secure cloud technologies are the key to successful digital transformation. He applies his passion as Head of Cloud Security at EPAM Systems. Karl has been working with Microsoft Azure since 2011 in a variety of forums ranging from large projects to speaking at largest tech conferences, such as Microsoft Ignite. Karl is a Microsoft Certified Trainer (MCT) and a Certified Information Systems Security Professional (CISSP). He is the author of Azure Security Handbook.

Aviv Srour has more than a decade of Cyber Security experience. He specializes in defensive security, Incident Response (IR) and organizational information security. Currently he holds the position of Head of Cyber Innovation at EPAM.

Aviv has handled hundreds of security incidents, starting back at his days at Israeli Air Force where he led the CIRT team. His hands-on experience with complex security incidents helps him develop an unique view on what is needed from IR readiness processes and how to significantly reduce detection and remediation time.

Is your IR ready for cloud? Lessons from the front lines of nation-state attacks

Modern IT environments are complex. Organizations have logs and telemetry from thousands of devices, dozens of tools, covering both on-premises and cloud solutions. It’s hard enough to collect all this data in one place, knowing how to begin can also be daunting. 

This talk presented by industry thought leader John Bambenek will cover practical examples and techniques to dig into the security data of an organization to start hunting for otherwise unknown threats. Armed with this knowledge, teams can realize the goal of building their own detection techniques to find the threat actors that slip through their defenses.

Hunting for the unknowns...Where to start?

Tune into this webinar from industry thought leader Vincent Amanyi as he establishes assumptions and iterates a clear pathway to develop your security analytic requirements. 

Attendees will come away from this session with knowledge to:
- Establish enterprise criteria for your requirements.
- Define a measurement benchmarking system.
- Manage and control your environment.

Developing the requirements of a security analytics solution

As the volume and complexity of cybersecurity threats continue to increase, organizations are turning to machine learning and artificial intelligence (AI) to augment their security monitoring and analytics capabilities. These technologies can help identify threats faster, reduce false positives, and enable security teams to respond more effectively to incidents.

In this session, we will learn:
- The various use cases for machine learning and AI in security, including threat detection, anomaly detection, and behavioral analysis
- The limitations of these technologies and best practices for implementing them effectively
- Real-world examples of how organizations are using machine learning and AI to enhance their security monitoring and analytics capabilities
- The types of data that are most effective for machine learning and AI-based threat detection
- How to interpret and act on the insights generated by these technologies
- Actionable insights and best practices for implementing machine learning and AI in their security operations

About the speaker:
Elango is an accomplished technology leader with 20+ years of experience building high-performance engineering organizations for high-tech and financial services businesses across multiple geographies. With an in-depth understanding of governance, compliance, regulatory, and cybersecurity requirements of ASEAN markets, Elango has championed several cloud implementations that meet the highest standards of security and compliance for top-tier banks across Singapore, Thailand and the United States. 

As a speaker, Elango is known for his insightful and thought-provoking presentations that provide unique perspectives on the latest trends and challenges in the technology, cybersecurity and financial services industries. He is a passionate advocate for innovation, technology, and cybersecurity, and is committed to helping organizations navigate the rapidly evolving technology landscape.

Practical application of AI/ML in security monitoring and analytics

The concept of cloud applications have gone a long way from the days of peer to peer file sharing to modern enterprise solutions hosted in massive data centers. Nevertheless, there are areas in cloud applications, especially security, that can benefit from internationally recognized standards such as the ISO set of IT security standards. In this presentation, industry thought leader Ralph Villanueva will leverage his knowledge and experience in working with ISO standards to share some insights which can strengthen the audience’s cloud application security posture.

Key takeaway:
- Learn about ISO standards relevant to cloud application security.
- Discuss pointers for implementing the relevant aspects of these standards.
- Highlight ways to secure buy in from key stakeholders for implementation of these standards.

Optimizing cloud application security through relevant ISO standards

In the last 10 years, Azure has become one of the most popular cloud platforms for businesses and organizations of all sizes. As the platform has evolved, so has the threat landscape. To understand the present cloud security landscape and predict the future, let's take a trip down the memory lane!

In this session, cloud security expert Karl Ots will discuss how Azure's security controls have evolved over time. Throughout the session, he will share best practices for securing your Azure infrastructure, applications, and data, so that you can build an architecture that stands the test of time.

Top 10 Azure security tips from 10 years of securing Azure applications

Tune into this session from industry thought leader Vincent Amanyi for insight on how to simplify you application security tooling and enable agility in your ecosystem. 

Attendees will come away with the knowledge to:
- Eliminate assumptions.
- Identify how to perform a comprehensive assessment.
- Strategy of implementing tools-based on complexities and evolution.

Considerations in application tooling

In this in-depth talk, University of Washington's Deveeshree Nayak will discuss the benefits of implementing DevSecOps in businesses, emerging DevSecOps frameworks, and their use. 

Tune into this webinar to learn:
- What is DevSecOps?
- Why is this role important?
- How to pursue career in DevSecOps?
- Hiring and execution.

Ensure security with DevSecOps

Enterprises are increasingly relying on applications to drive business growth and success in the age of digital transformation. However, the rise of cyber threats has made ensuring the security of these applications more critical than ever before. Security concerns can often slow down digital transformation initiatives, but application security controls can help enterprises reduce costs and improve speed of delivery.

In this webinar, we'll provide a CXO's guide to application security in the age of digital transformation. We'll explore 
- Latest threats to enterprise applications and how to mitigate them.
- Risks associated with cloud-based applications and how to secure them. 
- How application security controls can reduce costs and improve speed of delivery. 
- Strategies and technologies to improve the security posture of enterprise applications.
- Role of DevSecOps in application security and how it can accelerate digital transformation efforts
- Best practices for integrating security into the development process
- How to balance security concerns with the need for innovation and agility in digital transformation initiatives.

A CXO's guide to application security in the age of digital transformation

Storage professionals need to be up to date on the most important standards in the industry, especially for storage security. Tune into this webinar from industry expert Paul Kirvan to learn the following: 

- Key standards and guidance on storage security
- How to achieve compliance with relevant standards
- Tips on preparing for audit addressing storage security 

Attendees will come away from this session better prepared to address the issues associated with storage security standards, compliance with the standards and storage security audit preparation.

About the speaker:
Paul Kirvan, FBCI, CISA is an independent business resilience consultant and technical writer with over 35 years of experience in enterprise risk management and security, business continuity, technology disaster recovery and IT auditing.  Mr. Kirvan is a Fellow of the Business Continuity Institute (FBCI), a Certified Information Systems Auditor (CISA), and a contributor to TechTarget for over 15 years.

Achieve compliance and prepare for audits using storage security standards

Compute express link (CXL) technology is rushing onto the scene with a goal of changing the very nature of computer architecture. Not only does this interface support memory disaggregation, persistent memory, and nonuniform memory architectures (NUMA), but it also is being used to standardize the interface between chiplets, which should improve processor cost/performance while creating more diversity in processor types.

Members of the storage and computing communities must understand CXL if they want to keep up with tomorrow’s most productive computing configurations.

This presentation will begin with a brief CXL tutorial, to explain what it is and why it is needed, and then moves to use cases and the various configurations that the new protocol supports.  Attendees will learn:
- Why CXL came into being, and what memory models it supports.
- The problem of “stranded” memory, and how CXL addresses it.
- How CXL benefits the adoption of storage class memory.
- CXL’s use in the UCIe chiplet interface.
- What storage admins must prepare for as CXL rolls out.

About the speaker:
Jim Handy of Objective Analysis has over 35 years in the electronics industry including 20 years as a leading semiconductor and SSD industry analyst. Early in his career he held marketing and design positions at leading semiconductor suppliers including Intel, National Semiconductor, and Infineon. A frequent presenter at trade shows, Mr. Handy is highly respected for his technical depth, accurate forecasts, widespread industry presence and volume of publication. He has written hundreds of market reports, articles for trade journals, and white papers, and is frequently interviewed and quoted in the electronics trade press and other media.  He posts blogs at www.TheMemoryGuy.com, and www.TheSSDguy.com.

CXL is coming: Are you ready?

Cloud storage providers and anyone developing enterprise data centers have an unprecedented array of new technologies to choose from to build their next-generation environments. These new technologies present more potential permutations to work with, enabling even greater opportunities for optimization.  

 Adding additional virtualization and acceleration technologies presents more flexibility and options to build a custom configuration, but doing so increases the management challenges exponentially. With the proliferation of different technologies and multiple vendors, standards-based management is more critical than ever to successfully develop, integrate, deploy, and manage systems and storage at scale.

This session will provide an overview of:
- The latest technologies in storage for virtualization, acceleration, and fabrics.
- The organizations delivering standards-based management.
- A discussion of open-source projects delivering value-add using standards-based management.

Why storage management standards matter in complex virtualized environments

The 24x7 threat of a data breach is making more CISOs hyper-focused on securing cloud-resident sensitive data, as this data is a prime target for malicious actors. Its presence poses a huge risk, especially for model-driven organizations with hybrid and multi-cloud environments.  

Join Jack Poller (Senior Analyst at ESG), Bernard Brantley (CISO of Corelight), Rahul Gupta (Head of Security & GRC at Sigma), and Amer Deeba (CEO of Normalyze) in an interactive panel as these security leaders share insights on: 

• Why the security of cloud-resident data is a key concern for CISOs
• How enterprises are shifting security strategies with more emphasis on protecting cloud-resident sensitive data 
• Selecting an effective framework for cloud data security
• Top three best practices to help security teams be more effective at protecting sensitive cloud data

CISOs Take on Cloud Data Security: Best Practices, Challenges, & Attack Trends

What we are hearing from CISOs, Nick Lantuh, Co-founder & CEO of Interpres Security explains, is that cybersecurity has become too costly, complicated, siloed, and requires significant manual engineering to succeed using current methods. These issues dovetail with the competing objectives to secure your organization from large-scale attacks, while simultaneously optimizing costs in today’s budget constrained environment.

A threat-centric cybersecurity approach holds the key to resolving many of these issues, in which defense surface management is key. Tune in as Lantuh and an ESG analyst deconstruct this topic in the following Fireside Chat.

Additional agenda topics include:
•     Why defense surface management is needed in today’s security environments
•     Defense Surface Management concept and origins
•     Steps organizations can take to validate their security strategies
•     How continuous monitoring improves the security posture

A Threat Centric Approach to Cybersecurity

PCI Data Security Standard is a global standard for protecting account data. The latest version PCI-DSS v4.0 was finalized last year. This new standard impacts on every organization and company in the world that accepts debit or credit card payment. 

In this presentation, industry thought leader Ralph Villanueva will leverage his knowledge and expertise in the PCI-DSS standards to discuss its impact on the enterprise endpoints, and provide recommendations on how to use this framework to optimize endpoint security.

Optimize the implementation of PCI-DSS v4.0 on endpoint security

Endpoint security is critical to protecting your organization from cyber threats, but traditional antivirus solutions are no longer enough. Cyber criminals are using sophisticated techniques that can evade detection by antivirus software. This session will explore endpoint security strategies beyond antivirus that can help your organization combat sophisticated threats.

We will cover a range of strategies, including:
- Behavioral analysis: Identifying and blocking malicious behavior on endpoints.
- Application control: Restricting access to certain applications on endpoints to prevent attacks.
- Network segmentation: Isolating endpoints from the rest of the network to limit the spread of attacks.
- Threat intelligence: Leveraging external threat intelligence to identify and block known threats.

Attendees will learn the importance of endpoint detection and response (EDR) solutions, which can provide real-time visibility into endpoint activity and help detect and respond to threats quickly.

By attending this session, viewers will gain a better understanding of the limitations of traditional antivirus solutions and learn about alternative strategies to protect your endpoints from sophisticated threats. You will also learn about the benefits of EDR solutions and how they can improve your organization's overall security posture.

Beyond antivirus: Endpoint security strategies to combat sophisticated threats

Tune into this session, presented by Boleaum Inc.'s Vincent Amanyi, to learn how to implement a best practice identity access management (IAM) framework that is aligned with your zero trust policies.

Attendees will learn how to:
- Identify what matters in your enterprise environment. 
- Develop a strategy with a realistic budget. 
- Partner vendor's with the right solutions to your environment.

Implement best practice IAM and zero trust

Security teams are at now loss for telemetry from their devices -- the struggle is to make sense of it all. Many breaches occur not because detection didn’t work, but because the noise was so loud that the breach got missed until it is too late. 

This talk, presented by cybersecurity expert John Bambenek will cover how to engineer the right data sources from end points to not only build detection models, but to enhance and prioritize events to identify chains of behaviors that will lead to breaches if unaddressed.

Creating threat analytics on the endpoint

The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy. Acknowledging identity threats like phishing and man-in-the-middle attacks, the GDPR applies to all companies processing and holding the personal data of those residing in the European Union, regardless of the company’s location.

An excerpt from the GDPR describes authentication as ‘key to securing computer systems’ and as the first step ‘in using a remote service or facility, and performing access control’. The document also outlines various GDPR-compliant authentication solutions, such as smart card, OTP push apps, and FIDO Universal 2nd Factor (U2F). 

Yubico’s enterprise solution - the YubiKey - combines support for OpenPGP (an open standard for signing and encryption), FIDO U2F (a protocol that works with an unlimited number of applications), and smart card / PIV (a standard that enables RSA or ECC sign/encrypt operations using a private key stored on the device) all in one multi-protocol authentication device. This makes it a strong and flexible solution for companies required to comply with GDPR. Attend this webcast and learn:

•How GDPR will impact the way organizations worldwide store and access the personal information of EU citizens
•How to leverage open standards to achieve GDPR compliance for strong authentication
•How a multi-protocol authentication device protects organizations from phishing and man-in-the-middle attacks

Using Open Standards to Comply with GDPR

GDPR

Privacy

Compliance

Data

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Using Open Standards to Comply with GDPR

Presented by

About this talk

More from this channel