Name: Securing Payment Card Data with Encryption and Tokenization
Start: 2012-01-12T17:00:00Z
End: 2012-01-12T17:31:28.000Z
Location: BrightTALK
Rating: 3.86

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

This session provides practical advice to establish cybersecurity metrics, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). We begin with an explanation of the differences between them and why each are needed. Examples of how to design metrics, KPIs and KRIs are provided. Areas of focus include cybersecurity measurements for all organizations, for processes & functions and in alignment with a control framework. The end game is to measure if processes and controls are functioning as designed.

We also walk through tips for communicating new metrics and go-to-green updates for metrics in red or yellow status. The session includes 22 metrics and seven resources for many more. All of this saves time and can assist with enhancing your program.

About the speaker:
Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse cybersecurity industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management. Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences). He is certified in many programs including CISSP, CRISC, CISA, CISM, CIPP, ITILv3, and NSA-IAM.

Cybersecurity Metrics, KPIs and KRIs

Spreading operations across more than one cloud enables organizations to choose from a variety of cloud services to cut costs, improve operations and improve scalability. However, operating complex environments across multiple platforms requires a comprehensive strategy to handle connectivity, applications, data and security.

In this panel, experts will discuss how organizations can evaluate risks in their own and their cloud service provider environments, as well as technologies and tools that can assist in achieving a comprehensive strategy.

Join us to learn about:
--Understanding cloud scope across the organization
--Cloud governance frameworks
--Pros and cons of centralizing security access and monitoring controls
--Multi-cloud management and network security analytics platforms
--Cloud security posture management (CSPM) tools that can identify misconfigurations and risks
--Tools for cloud compliance monitoring

Build a Multi-cloud Strategy that Supports Governance and Compliance

Organizations are adopting multi-cloud strategies to leverage capabilities of different cloud security providers (CSPs) and to provide flexibility to software development teams. But this brings up challenges for security teams who are responsible for managing security risk and meeting compliance regulations for workloads and applications running in different environments. In this session, ESG Senior Analyst Melinda Marks explores how to supercharge your security to gain the visibility and control you need to scale security programs for multi-cloud environments.

Supercharge Your Security for Multi-Cloud

Tune into this webinar to discover the basics of threat intelligence and how to acquire it. We will also dive into cyber maturity -- what it means and how to best measure it -- as well as the five best steps to improve cyber resiliency. Attendees will also learn the dire consequences that come with deprioritizing cybersecurity in the organization so they can ensure they don't fall victim to a breach.
 
Audience takeaways:
•         The value of threat intelligence for organizational security.
•         Measuring your cyber maturity.
•         Steps to improve your cyber resilience.
•         Turn threat intelligence into business intelligence.

Life's a Breach: Understand Threat Intelligence, Cyber Maturity and Resiliency

Once considered an afterthought in software design, in today's cloud-native, app-centric world, application security must be top of mind. Widespread applications usage over distributed and public networks invites a variety of potential threats. Frequent testing and adherence to application security best practices can limit the possibility of unauthorized code being used to steal, share or modify sensitive user information.

This panel of experts will discuss the importance of a comprehensive application security program that incorporates best practices, threat identification and security testing.

Join us to learn about:

--Potential application threats
--Program requirements for app security
--Implementing app security standards
--Using DevSecOps initiatives to improve security
--Application security testing methods

Moderator:
Jo Peterson VP, Cloud & Security Services at Clarify360 

Panelists:
Stan Lowe, CISO of Synchronoss Technologies
More panelists to join soon!

Update Your Application Security Strategy

Threats like malware and denial-of-service attacks have been around since the earliest days of the internet, and the cybersecurity industry has created generations of threat detection and response tools to identify and remediate them. As security threats continue to evolve and advance, the tools to identify and stop them need to evolve as well.

This panel of security experts will explore how security teams can shift form using reactive to proactive measures, utilizing a host of emerging tools and technologies. Join us to learn about:

--Endpoint-focused technologies such as XDR
--AI's role in reshaping threat detection
--Threat detection and intelligence services
--Security observability tools that improve breach detection
--Using tools within a zero-trust framework to limit vulnerabilities

It's Time to Modernize Threat Detection

Organizations face a constant barrage of cyber threats that could lead to business disruption, intellectual property theft, and reputation damage. But preventing such attacks has become increasingly challenging due to business factors like supporting the remote worker population, connecting IT to third-party partners, and developing new types of applications for digital transformation. 

How can CISOs balance the need for aggressive IT initiatives for business enablement while managing and mitigating cyber risk? ESG Senior Principal Analyst and Fellow, Jon Oltsik, will discuss best practices for cyber-threat and breach prevention that can protect and support the business.

Outwit Attackers with a Proactive Cybersecurity Plan

The rise in cloud adoption, remote work, and other digital transformation efforts are forcing organizations to adapt how they are managing network security. This is proving to be challenging considering there is no one-size-fits-all approach to network security. Tune into this panel discussion where experts will provide insights on how organizations can use emerging concepts like SASE, next-gen firewalls and zero trust to help enhance their network security strategy.

Moderated by:
Melinda Marks, Senior Analyst, ESG

Featuring:
Mark Guntrip, Senior Director of Cybersecurity Strategy, Menlo Security
Eyal Webber-Zvik, VP, Product Marketing, Cato Networks

Enhancing Your Enterprise Network Security Strategy

There are many facets to minimising the risk companies face from insider threats. In this presentation, In this talk, cyber security lead Martin Nash will present a self-styled, strategic risk-based approach to managing the insider threat. This approach is easy to break down, easy to understand and, ultimately, easy to implement. 

Attendees will come away with the strategic basis for a modular approach to support ongoing and effective risk-based management of the insider threat.

Strategic Approach to Managing the Insider Threat

The social, economic and technological shifts of the past two years prompted cyber attackers to refine their methods, becoming more sophisticated and aggressive. This resulted in the business community suffering a series of high-profile attacks with far-reaching repercussions. Threat actors continue to exploit vulnerabilities across endpoints and cloud environments, and are ramping up use of stolen identities and credentials to bypass legacy defenses.

This panel of security experts will discuss the top threats of the moment and look toward what to expect in the next 12 months. They'll provide best practices and recommendations for security measures that can offer the best level of defense.

Join us to learn about:
--The most prevalent attacks today
--Emerging attacks that will threaten your business tomorrow
--How to take a proactive approach to threat detection
--How to prepare for continued global disruption

Moderated by:
Tamara Prazak, Senior Director | Appgate

Panelists:
Pete Wood, Partner | Naturally Cyber LLP
Seema Sewell, Assistant CISO | Office of Enterprise Technology, Maricopa County
Greg Kraft, Director- EMEA | OBS Global

The Cyber Threat Landscape: Get Ready for 2023

In this session, we will detail how to re-calibrate your CISO strategy to gain traction in your enterprise domain and change the executive perception to accelerate business.  

Key Takeaways:
• Establish the fundamentals.
• Enable a simple message.
• Harden your ecosystem.

Re-calibrate Your CISO Strategy

Cybersecurity has not only become a regular boardroom topic, but may soon be a requirement. If proposed SEC legislation takes hold, all publicly traded companies must have a process in place to disclose cybersecurity incidents and more importantly, must actively identify and manage cybersecurity risks with board of directors’ oversight.  This legislation will likely have a trickle-down effect on many private companies as well. 

While some organizations have already undergone this journey, we expect that numerous companies are late to the party and haven’t begun to determine what this change means for them. This session will help you develop a game plan to right-size security for your organization by addressing the following key issues:

• Who should fill this role?
• Where to start?
• The art of incident response and reporting.
• What are some of the functionalities the SEC will be looking to include:
      o Controls to prevent unauthorized access
      o Monitoring
      o Measures to detect, mitigate, and remediate cybersecurity threats
      o Third-party risk management
• Coordination with legal counsel and financial advisors.

Coming Soon -- CISO Observability in the Boardroom

Implementing a security operations center for the cloud can be a daunting and overwhelming task. Your SOC is trying to write use cases to detect attacks for every project your business has, how are we going to monitor the cloud as well? In this webinar with WiCyS Strategic Partner, AWS, we will talk through an approach to getting started using the MITRE ATT&CK matrix and some AWS native tools.

Can't make it during the scheduled time? No problem! Go ahead and register to receive a recording as soon as we wrap up.

Detecting MITRE ATT&CKs with AWS

Endpoint Security can either be the first or the last line of defense. From the beginning, it has primarily been accomplished by adding some type of shielding such as a simple anti-virus program but has since evolved into EDR (endpoint detection and response) and XDR (eXtended detection and response). Ensuring the endpoint is hardened against threats is the most effective mechanism to secure endpoints as the vast majority of breaches are caused by known vulnerabilities that exploit unpatched devices.   

This presentation will provide information on how to create peace of mind regarding all your endpoints by increasing overall vulnerability and patch management.

Join this discussion to learn:
- Why EDR, XDR, and MDR are not enough for complete endpoint security management;
- Understand the overall damage caused by unpatched vulnerabilities;
- How to increase overall visibility into the status and behaviors of endpoints and the value this provides to the organization;
- Explore how the endpoint security solutions must include all types of endpoints including mobile and virtual;
- Ensure all endpoints are up-to-date with patches, how to automate the process, and what to do when they are not;
- Encourage collaboration between IT and security teams in regards to endpoint security management.

The Endpoint Security Alphabet Stew Must Include VM and PM

As the methods and practices used to attack digital assets become more refined, the security tools to combat the threats must evolve, shifting from reactive to proactive methods. This change means security teams must learn about and assess a slew of acronyms, including endpoint detection and response (EDR), network detection and response (NDR), managed detection and response (MDR) and extended detection. and response (XDR). They also must consider new methods for addressing and preventing alert fatigue, such as using AI or cloud-based services.

In this panel, experts discuss the types of endpoint detection and response available and how to tease out which is best for your organization.

Join us to learn:
--Why EDR alone is not enough
--How to inventory your endpoints and their protection needs
--How to evaluate MDR options including MEDR, MNDR and MXDR
--The difference between hybrid XDR and native XDR
--Operational benefits of XDR
--How SIEM and SOAR compare with XDR

Unpacking Endpoint Detection and Response

Endpoint protection alone used to be good enough for companies. But now we have too many alerts, from too many systems along with “the Fog of More” making it more difficult to locate and address security threats. 

How do you cut through all these alerts to pinpoint real threats to your environment? Can MDR or XDR actually help you focus on what is important or are these just buzzwords? In this session, we will review real world examples to see how MDR helped a small security team focus their limited time available to cut through the fog and effectively address the critical alerts and incidents in their environment.

Cutting through the Fog of More: Use MDR or XDR to Find Real Threats

Cybersecurity megatrends -- including zero trust, XDR, a pandemic-induced increase in remote workers, and the move to public cloud -- are influencing the way organizations think about endpoint security. These megatrends add new requirements for endpoint security, while requiring new levels of integration with other core security controls. Further influencing endpoint security strategies is the massive growth and device diversity driven by both mobile and IoT device usage.

In response, IT and security teams are thinking differently about endpoint security platforms, what they must include, and how they fit into the broader security stack. ESG Principal Analyst Dave Gruber will discuss strategies and best practices for modern endpoint security to secure this growing attack surface.

Adapt Your Endpoint Security Strategy

Cyberattacks against healthcare jumped 42% in 2020 and another 35% in 2021. 

Successful cyberattacks disrupt healthcare operations, delay access to clinical services, and lead to significant economic loss. Stolen patient records can be used to commit fraud and identity theft, disrupting patients’ personal lives. 

Medical information is an attractive target because it has high economic value on the black market. 

If you are interested in protecting patients and the healthcare organizations that serve them from cybercriminals, join WiCyS Strategic Partner, Optum, to learn about the career opportunities in healthcare cybersecurity.

Cybersecurity Careers in Healthcare

Data breaches are reaching epidemic proportions. According to the 2011 Verizon Report, there were more breaches in 2010 than the previous three years the study was conducted. The report also revealed that a whopping 79 percent of organizations were not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), despite validation a year earlier.
 
To combat this growing trend, many businesses are turning to tokenization and encryption to increase data security and reduce the challenge of PCI DSS compliance. This discussion will take a closer look at the state of the industry, provide a technological overview of tokenization and encryption, cite specific case studies and explain how to use tokenization and encryption as a one-two punch.

Securing Payment Card Data with Encryption and Tokenization

encryption

tokenization

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Securing Payment Card Data with Encryption and Tokenization

Presented by

About this talk

More from this channel