Hi [[ session.user.profile.firstName ]]

Building a Risk-Based Business Case for Cybersecurity

Cybersecurity professionals do a great job when it comes to understanding, and mitigating, technical and functional risk.

But CEOs and board members tend to think in terms of business risk. This webinar shows cybersecurity professionals how to articulate requirements in business terms. With that knowledge, they can build the case for cybersecurity tools, staffing, and initiatives in a way that business professionals will understand--and fund.
Recorded Jul 11 2018 54 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Johna Till Johnson, CEO & Founder, Nemertes Research
Presentation preview: Building a Risk-Based Business Case for Cybersecurity

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Panel Discussion: Proactive Privacy and Security Jun 6 2019 12:00 pm UTC 45 mins
    How can enterprises shift from a reactive approach to privacy and data security to being proactive and closer to privacy-and-security-by-design? Join this panel of experts to get the answer to all of your privacy, security and compliance questions.

    Viewers can learn more about:
    - Effect of GDPR: One year later
    - How are enterprises instituting changes to achieve and maintain compliance
    - Challenges to achieving compliance in an IoT world
    - How to bake privacy and security into your processes
    - Best practices for data protection and privacy from the ground up

    Panellists tbc
  • Panel Discussion - Application Security in a DevOps World Jun 6 2019 9:30 am UTC 45 mins
    With today's enterprises leveraging around 1000 applications and multiple clouds, application security is becoming a key area of focus. Application security testing is being integrated into the DevOps process early on, while automation, speed and coverage and becoming critical to the success of DevSecOps programs.

    Join this interactive panel of industry experts to learn more about:
    - Why application security is critical
    - Key principles for building application security into DevOps
    - Best practices for leveraging automation
    - Speed vs Security: Where do you draw the line?
    - Recommendations for improving security in 2019

    Panellists tbc
  • Panel Discussion - Protecting Against Phishing, Ransomware & Social Engineering Jun 5 2019 12:00 pm UTC 45 mins
    External and internal threats continue to pose a challenge for security professionals worldwide. How are businesses preparing against attacks like phishing, ransomware, and social engineering?

    Join security experts from the industry to learn more about:
    - The most prevailing cyber threats businesses face in 2019
    - Lessons from cyber attacks and strategies for protecting against them
    - Solutions for faster breach detection and response
    - Why network visibility is key
    - Recommendations for improving enterprise security

    Panellists tbc
  • Panel Discussion: CISO Challenges and How to Solve Them Jun 5 2019 9:30 am UTC 45 mins
    Today's CISO faces a myriad of challenges when it comes to securing the enterprise. From budgetary concerns and vendor confusion to dealing with the chronic lack of cyber talent, to addressing the disappearing security perimeter, CISOs are looking for ways to automate security operations and leverage AI to do more with existing teams and fewer tools.

    Join security experts across the industry for an interactive discussion on:
    - What keeps CISOs up at night
    - Strategies for breach prevention
    - Strategies for making the most of AI technology and human talent
    - Coping with analyst fatigue
    - Threats on the horizon
    - Recommendations for strengthening security

    Panellists tbc
  • Panel Discussion - Securing the IoT in the Age of Threats Jun 4 2019 12:00 pm UTC 45 mins
    The ever-growing Internet of Things continues to pose security and privacy threats. How are businesses managing the risks associated with IoT devices on their networks? What are the best strategies for achieving basic security and cyber hygiene?

    Join this interactive panel with IoT and security experts to learn more about:
    - Impact of IoT on enterprise security
    - How to assess the IoT risk
    - Most common IoT vulnerabilities and how to address them
    - Recommendations for improving IoT security

    Panellists tbc
  • Panel Discussion - Multi-Cloud Security and Compliance Jun 4 2019 9:30 am UTC 45 mins
    The cloud strategy of today's enterprise spans across multiple clouds and hundreds of applications. Point security solutions no longer work, so enterprises are turning toward a more orchestrated approach to achieving security and compliance in the cloud.

    Join cloud and security leaders in an interactive discussion to learn about:
    - Key security and compliance challenges associated with a multi-cloud strategy
    - Recommendations for managing and automating security across multiple clouds and applications
    - The future of cloud
    - Improving enterprise security in an ever-changing threat landscape

    panellists tbc
  • Key Steps to Identify Risk and Master Vendor Risk Management Apr 25 2019 5:00 pm UTC 75 mins
    Colin Whittaker with panelists from Bitsight, Lockpath, OneTrust, and ProcessUnity.
    In today’s interconnected technology ecosystem, companies increasingly rely on third party vendors to meet their operational needs. However, the current state of vendor risk management (VRM) is bleak. More than half of all information security breaches are caused by third-party vendors, and according to Deloitte 83% of today’s business leaders lack confidence in third party VRM processes.

    Understanding and managing cyber risk posed by vendors, suppliers, and third parties has proven to be a difficult task. The right mix of people, processes, and technology result in the most effective and comprehensive program. Join this CPE accredited panel webinar as our expert panel address some key steps to master VRM, including:

    - Implementing a scalable VRM program from the ground up
    - Mapping the digital supply chain
    - Tips on managing vendor data
    - Assessing third, fourth, and fifth-party risk
    - Performing quantifiable vendor security analyses
    - Establishing pre-procurement standards
  • Top Threats To Endpoints And How To Stay Protected Apr 18 2019 10:00 am UTC 45 mins
    Kelvin Murray, Sr. Threat Research Analyst, Webroot
    The largest threat of organisational breach occurs at the Endpoint level. Hacks, phishing, malware and untrained end users are a constant risk that need safeguards and monitoring to protect individuals and businesses with strong IT security. Small changes to your endpoints can drastically improve your protection. However, when you manage one or more businesses and need to implement and maintain these changes across multiple machines or environments, different complications will arise.

    Join Webroot’s Threat expert as he discusses topics such as:

    · Malware
    Information Stealers
    · End user education
    · Best policies and settings for your Endpoints
    · Endpoint monitoring
  • How Organizations Use Threat Intelligence To Boost Security Apr 15 2019 3:00 pm UTC 60 mins
    Panelists TBA
    What is cyber threat intelligence, and how can organizations leverage it to identify threats and potential malicious activity in advance? Discover the best ways organizations can arm themselves with actionable threat intelligence to block cyber attacks or mitigate their impact.

    Join this panel of experts to learn more about:
    - Cyber threat intelligence: What it is and how you can use it
    - What's new in phishing, banking trojans, Mirai, ransomware
    - Emerging threats and what to do about them
    - Best practices for a more secure enterprise
  • Q1 2019 Community Update: IT Security Mar 28 2019 5:00 pm UTC 60 mins
    Marija Atanasova, BrightTALK
    Find out what's trending in BrightTALK's IT Security community and the challenges keeping security professionals up at night.

    Join Marija Atanasova, Sr. Content Strategist from BrightTALK for an interactive Q&A session to learn more about:
    - The biggest trends in cyber security
    - Trending topics from the beginning of the year
    - The tools and challenges CISOs and security professionals deal with daily
    - What to expect in the next 3, 6, 12 months
  • Implementing a NIST Framework for Adaptive Cybersecurity Mar 21 2019 5:00 pm UTC 75 mins
    Colin Whittaker, with Sam Abadir, Lockpath; Allan Liska, Recorded Future; and Gina Mahin, CEO of Lynx Technology Partners.
    In an age where cybersecurity threats are an everyday fact of life, organizations are looking for solutions that enable them to predict, prepare and react to the shifting landscape of cyber threats, and implementation of adaptive cyber security strategies is becoming inevitable to achieve that goal.

    Adaptive cyber security methods allow for the simultaneous defense of multiple attack surfaces against this new wave of advanced cyber attacks targeting businesses and services. The NIST Cybersecurity Framework enables organizations — regardless of size, degree of cybersecurity risk, or cybersecurity sophistication — to apply the principles and best practices of risk management to improving security. Attend this CPE webinar to gain insights on:

    - Getting a clear picture of the current health of your organizations' defenses
    - Defining your security road map using NIST CSF as a framework
    - Conducting gap analysis and executing remediation actions
    - Mapping the NIST CSF with security controls and built-in reporting templates that align with the framework.
  • Demystifying Cyber for the Board and Beyond Mar 19 2019 4:00 pm UTC 60 mins
    Griff James, Director, Damrod Analysis Ltd
    Successful security programs explain the situation, the risks, and the options available in a way that is both simple and true. Damrod draws on military analytical frameworks to develop map models that accurately depict the cyber terrain and guide the generation of a series of overlays. These build to create an Effects based plan suitable for Governance, Risk, and Compliance needs.

    Join this webinar for an introduction to the cyber-as-conflict model developed by Damrod.
  • Live Webcam Panel: Operationalizing Cybersecurity Mar 19 2019 3:00 pm UTC 60 mins
    Michelle Drolet, CEO, Towerwall and Amy McLaughlin, Director of Information Services, Oregon State University
    Cybersecurity, much like safety, cannot be achieved - it is an ongoing process that changes and adjusts to respond to the threat landscape, business needs and resources. As essential a cybersecurity strategy is to the enterprise, so is the implementation of it.

    Join us for an interactive Q&A panel with security leaders to learn more about how to operationalize cybersecurity.

    Topics up for discussion:
    - Making information security relatable
    - Building security programs
    - Defining your cybersecurity strategy
    - Translating your cybersecurity strategy into a risk management plan
    - Operationalizing your cybersecurity strategy
    - Using the maturity capability model for measuring success
  • Cyber Security Panel: The Case for Optimism Mar 19 2019 2:00 pm UTC 60 mins
    Griff James, Wyatt Hoffman, Alan Mears and Gina Yacone
    There is too much fear and derision from the old guard of cybersecurity. Big breaches are used as justification for sales pitches and pedestals to mock the victims. While it is undeniable that cybercrime continues to grow, and future of cyber conflict is contested, there is good cause to think we are doing better than we imagine.

    And that we can win in the future.

    No competitive team enters a contest with a ‘let’s catch up’ mentality. Leaders inspire us to victory. CISO’s need to fill to role of champion and present a positive message – ‘we can win’.

    Join this talk with industry thought leaders as we discuss the state of the conflict and emergent tactics from AI to insurance that promise to re-define cyber defence.

    Griff James, Director, Damrod Analysis Ltd
    Wyatt Hoffman, Senior Research Analyst, Cyber Policy Initiative, Carnegie Endowment for International Peace
    Alan Mears, Associate Director, Risk Advisory, Deloitte LLP
    Gina Yacone, Cybersecurity & Threat Intelligence Consultant, Agio
  • What do you get when you cross a CEO’s and a CISO’s strategy Mar 19 2019 1:00 pm UTC 45 mins
    Mark Chaplin, Principal, ISF
    While the board ‘get cyber’, questions remain around embedding cyber risk management into business strategy execution. For many CISOs, strategy alignment represents the best opportunity to engage with the board and ensure a business-driven approach to managing cyber risk.

    So how should business leaders develop, update and execute business strategy with so many cyber-related implications? How can organisations meet their business goals, against a backdrop of increasing cybersecurity costs, greater regulatory scrutiny and increased frequency and magnitude of data breaches?

    In this webinar, Mark Chaplin, Principal, ISF will discuss the significance of aligning security strategy with business strategy. Mark will draw on executive engagement, exploring the essential factors for success and highlighting the pitfalls to avoid.
  • Best Practices in Threat Hunting: Optimizing the Anomalous Activity Search Mar 13 2019 3:00 pm UTC 60 mins
    Brenden Bishop, Data Scientist, the Columbus Collaboratory
    Join us for this webinar that will present an advanced data science approach to detecting anomalous behavior in complex systems like the typical corporate network that your IT Security team is trying to defend. Generalized anomaly detectors, without tuning for a specific use case, almost always result in high false alarm rates that lead to analyst alert fatigue and a detector which is effectively useless. In this session, Brenden Bishop, Data Scientist at the Columbus Collaboratory, will present an open source tool and best practices for building specific, repeatable, and scalable models for hunting your network’s anomalies. Through iteration and collaboration, defenders can hone in on interesting anomalies with increasing efficiency.
  • Revitalizing Access Control Programs: Intelligent Automation Mar 7 2019 6:00 pm UTC 60 mins
    Colin Whitaker, Informed Risk Decisions; Phil Shomura, Senior Product Manager, ACL
    No organization’s suite of business applications is static, especially for businesses that have committed to non-stop innovation. It is not uncommon for businesses to integrate only their high-impact applications with their existing identity and access management (IAM) systems. This can cause a huge surge in manual work, and oftentimes enterprises dedicate hundreds of human agents to manage accounts, adding more as new business applications are added. Enterprises can sidestep significant costs, increase efficiency, manage risk and deliver undiscovered value, by properly leveraging automation technologies across IAM systems.

    Robotic process automation (RPA) is a powerful technology that harmonizes different systems across an organization’s environment, reduces human errors, provides 24/7 operations, and relieves employees from repetitive tasks so they can focus on more valuable activities. For example, data quality management in the risk and compliance processs has been a traditional pain area for many institutions, as it is very time consuming and manual. However, a cognitive RPA solution which combines machine learning capabilities can enable fast automated remediation of data quality issues, and the system can learn from the final decisions taken by the data analyst as well. Attend this CPE webinar for insights on:

    - Getting started with an access management program.
    - Evaluating the right configuration and system-based tools to automate processes at a task level, and align to your process automation strategy.
    - Leveraging advanced analytics in risk management, compliance, and continuous monitoring programs.
    - Embedding governance, risk management, and controls into your enterprise’s mobilization and deployment of RPA, so you can catch issues before they arise.
  • Distinguish Signal from Noise: Find Threats in Your Security Sensor Data Feb 27 2019 4:00 pm UTC 60 mins
    Slava Nikitin, Data Scientist, The Columbus Collaboratory
    Join us for this webinar that will recommend how to deal with your “big data” problem when dealing with the massive volume of raw, unprocessed data points from your network security sensors. Hint: don’t start with the data and attempt to drill down to the problem. Instead, as Slava Nitikin, Data Scientist from the Columbus Collaboratory will explain, you must start by the defining problem, building a threat model, and then focusing on the corresponding signals in your sensor data. We will walk through the use case for an Active Directory password spraying attack to demonstrate how to define and apply appropriate filters to your security data for faster detection, more accurate threat scoring and more effective security overall.
  • Benchmarks for Corporate Cybersecurity Feb 26 2019 6:00 pm UTC 60 mins
    Marilia Wyatt (WSJ Pro Cybersecurity), Lou Celi (ESI ThoughtLab) and Kim Landgraf (Security Industry Association/SIA Women)
    Presented by WiCyS and SIA...

    This webinar from Women in CyberSecurity (WiCyS) and the Security Industry Association (SIA) will present the findings of The Cybersecurity Imperative research project produced by WSJ Pro Cybersecurity and ESI ThoughtLab and sponsored by SIA. We will share insights into how 1,000-plus organizations around the globe measure their cybersecurity preparedness and how they are preparing for future cyber threats.

    In this 45-minute program, we’ll also share a new tool that allows you to compare your own organization’s preparedness to the aggregated data of study participants.

    Expect to Learn:
    •Current threats organizations are facing
    •Cyber risk management approaches
    •Where organizations plan technology and staffing investments for cybersecurity
    •The impact of cybersecurity “maturity”
    •The costs of cybersecurity breaches

    •Marilia Wyatt (WSJ Pro Cybersecurity)
    •Lou Celi (ESI ThoughtLab)
    •Kim Landgraf (Security Industry Association / SIA Women in Security Forum)

    •Taly Walsh, Executive Director (WiCyS)
  • Rethinking the Human Risk Recorded: Feb 21 2019 47 mins
    Flavius Plesu, Head of Information Security, Bank of Ireland (UK)
    Are traditional awareness raising campaigns (e.g. CBT, phishing simulations) affording sufficient protection against ever evolving cyber-attacks? With human errors being the #1 cause of security incidents and data breaches, it is now a CISO imperative to tackle behavioural change and effectively manage the human risk. This recognised need reflects the acceptance that how the workforce behaves is dependent on the shared beliefs, values and actions of its employees, and that this includes their attitudes towards cybersecurity.

    Key topics covered in this presentation:
    • People-related challenges and frustrations the industry is facing
    • Why a new approach to awareness and culture is required
    • Innovative approaches adopted by leading organisations

    Your organisation can only be secure if you make people your strongest defence. Attend this session to discuss how to turn your human risk into your biggest advantage in cyber security!

    Flavius Plesu:
    A business-focused cyber security leader, Flavius has held senior security positions both within the public and the private sector and has lead a number of enterprise-wide security transformation programmes, in complex global organisations. Passionate about solving real industry problems, cultivating and building teams to deliver on the organisation’s mission, values and goals.

    Alongside his role as a Head of Information Security at Bank of Ireland UK, Flavius is also one of the Founders of OutThink, a team of CISOs and security practitioners who are changing the way in which organisations engage with their employees to shape behaviours and manage human risk in the context of cyber security.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Building a Risk-Based Business Case for Cybersecurity
  • Live at: Jul 11 2018 3:00 pm
  • Presented by: Johna Till Johnson, CEO & Founder, Nemertes Research
  • From:
Your email has been sent.
or close