Compliance and information security have had a tumultuous relationship. Sometimes they get along; sometimes they don't. Organizations often combine them under the CISO, but provide dotted line reporting elsewhere for compliance. Compliance might partner with internal audit or have its own C-level position. All of this variation isn't really necessary. Compliance and Risk Management can be successfully combined under the practice of Security Performance Management.
During this webinar we will discuss how:
•Compliance behaves like more traditional information security threat.
•Compliance can be managed similarly to other information security programs.
•Security Performance Management provides a framework for comprehensive compliance and risk management across the enterprise.
RecordedMay 22 201248 mins
Your place is confirmed, we'll send you email reminders
Melanie Turek, Chris Pierson, Michelle Drolet & Ilias Chantzos
Since the rollout of The General Data Protection Regulation (GDPR) in 2018, companies worldwide have had to implement new policies and procedures to protect data. Join leading compliances and security experts as they discuss why data protection is at the heart of GDPR compliance.
Join this interactive Q&A panel to learn more about:
- What GDPR means for data management
- GDPR requirements around data collection and governance
- Best Practices for achieving compliance
- Recommendations for improving Data Management and ensuring Data Protection
- Melanie Turek, Fellow & Vice President, Frost & Sullivan (Moderator)
- Christopher Pierson, CEO & Founder, BLACKCLOAK
- Michelle Drolet, CEO & Co-Founder, Towerwall
- Ilias Chantzos, Senior Director, Global Government Affairs & Cybersecurity, Symantec
Ivana Bartoletti, Head of Privacy & Data Protection, Gemserv
One year after GDPR, the presentation will explore whether the provisions introduced are sufficient to deal with the challenges of big data and algorithms. Ivana will present a clear roadmap for organisations deploying AI covering governance, privacy and ethics harms and algorithmic impact assessments.
Unless your organization handled classified information, it was once generally considered “good enough" to protect email with little more than a basic password. When spam floods hit, we all collectively understood that we needed to do a bit more in order to protect the sanity of email traffic (not to mention the sanity of our users). Fast-forward to the current threatscape, where protecting business email is mission critical, but the tools and techniques are tricky to understand, deploy and support with adequate staff training. There is a lot more we can and should be doing, but it can be challenging to navigate the security maze.
In this webinar we’ll discuss a variety of techniques and technologies you can use to improve your email security to meet new threats:
- Filtering unwanted/malicious email traffic
- Why you need encryption on both the message- and network-level
- Using more robust authentication options than just a password
- How you can use authorization to decrease spoofed messages
- Decreasing the risk of damage from software vulnerabilities
- Creating a culture of security to help identify and thwart phishing
Many of these strategies can be useful for protecting your own personal email account or traffic. But as an administrator of a company email infrastructure, there are quite a few other things you can do to meaningfully increase security, which don’t require you to shell out big bucks on fancy new products.
Mary Beth Borgwing, founder of Cyber Social Club and Uniting Women in Cyber
The 2019 Verizon Data Breach Investigations Report, now in its twelfth year, is an industry benchmark for information on cybersecurity threats and vulnerabilities. Each year this report looks at tens of thousands of security incidents and confirmed breaches. Join our all-women panel of experts for the first look at some of the key findings of the 2019 report to understand and what it all means.
Colin Whittaker, IRD; Jake Olcott, BitSight; Blake Brannon, OneTrust; Kelly White, RiskRecon; and Todd Boehler, ProcessUnity.
In today’s interconnected technology ecosystem, companies increasingly rely on third party vendors to meet their operational needs. However, the current state of vendor risk management (VRM) is bleak. More than half of all information security breaches are caused by third-party vendors, and according to Deloitte 83% of today’s business leaders lack confidence in third party VRM processes.
Understanding and managing cyber risk posed by vendors, suppliers, and third parties has proven to be a difficult task. The right mix of people, processes, and technology result in the most effective and comprehensive program. Join this CPE accredited panel webinar as our expert panel address some key steps to master VRM, including:
- Implementing a scalable VRM program from the ground up,
- Tips on managing vendor data and mapping the digital supply chain,
- Assessing third, fourth, and fifth-party risk,
- Performing quantifiable vendor security analyses,
- Establishing pre-procurement standards.
Wesley Simpson, (ISC)²; Christopher Pierson, BLACKCLOAK & Marija Atanasova, BrightTALK
Find out what's trending in BrightTALK's IT Security community and the challenges keeping security professionals up at night.
Join Wesley Simpson, COO of (ISC)², Dr. Christopher Pierson, Founder & CEO of BLACKCLOAK and Marija Atanasova, Sr. Content Strategist from BrightTALK for an interactive Q&A session to learn more about:
- Topic trends & key insights
- What security professionals care about
- Events in the community
- What to expect in Q2 2019 and beyond
Scott Sinclair, ESG; Michelle Tidwell, IBM, Mike Jochimsen, Kaminario; Eric Lakin, Univ. of Michigan; Alex McDonald, NetApp
Has hybrid cloud reached a tipping point? According to research from the Enterprise Strategy Group (ESG), IT organizations today are struggling to strike the right balance between public cloud and their on-premises infrastructure. In this SNIA webcast, ESG senior analyst, Scott Sinclair, will share research on current cloud trends, covering:
•Key drivers behind IT complexity
•IT spending priorities
•Multi-cloud & hybrid cloud adoption drivers
•When businesses are moving workloads from the cloud back on-premises
•Top security and cost challenges
•Future cloud projections
The research will be followed by a panel discussion with Scott Sinclair and SNIA cloud experts Alex McDonald, Michelle Tidwell, Mike Jochimsen and Eric Lakin.
Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.
Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jeff Hall for an interactive Q&A session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.
- Ben Rothke, Senior Security Consultant at Nettitude
- David Mundhenk, Senior Security Consultant at Herjavec Group
- Jeff Hall, Senior Consultant at Wesbey Associates
- Arthur Cooper "Coop", Senior Security Consultant at NuArx
Tune into this session to learn how to determine if you have the right people with the sharpest skills defending your organization through the use of a Cyber Training Range.
Learn what are Persistent Cyber Training Range Environments, the benefits and value of a Cyber Training Range and how they help you answer the question ARE WE READY TO DEFEND AGAINST THE NEXT ATTACK?".
In this presentation we will give an overview of the current state of the power of an endpoint in the modern enterprise; and how modern advancements make the need for adversarial testing even more critical.
Other topics to be covered:
- New/modern consumer products
- Increases in privacy & increased exfiltration options
- Employee Trust & BYOD
- State of endpoint monitoring
- Controls Validation vs. Adversarial Testing
UJ Desai, Director of Product Management, Bitdefender
While cyber attacks come from all directions, the majority of them originate on endpoints. In this webinar UJ Desai, Director of Product Management at Bitdefender will discuss why organizations are still struggling with endpoint security, and will explore the five critical elements of endpoint security that will allow organizations to effectively defend endpoints from both common and advanced cyber attacks.
John Bambenek (ThreatSTOP) | Jan Liband (SlashNext) | JP Bourget (Syncurity)
Join security experts and practitioners for an interactive discussion on how to better secure the enterprise in 2019:
- Top threats on the horizon and what's at risk
- Cyber defenses and your employees
- Basic cyber safety recommendations to protect against social engineering, phishing and email cyber attacks
- Use cases and examples
- Actions to take today to protect your employees and enterprise from cyber criminals
- What to expect in 2019
- John Bambenek, VP Security Research & Intelligence, ThreatSTOP
- JP Bourget, Founder & Chief Security Officer, Syncurity
- Jan Liband, CMO, SlashNext
Kelvin Murray, Sr. Threat Research Analyst, Webroot
The largest threat of organisational breach occurs at the Endpoint level. Hacks, phishing, malware and untrained end users are a constant risk that need safeguards and monitoring to protect individuals and businesses with strong IT security. Small changes to your endpoints can drastically improve your protection. However, when you manage one or more businesses and need to implement and maintain these changes across multiple machines or environments, different complications will arise.
Join Webroot’s Threat expert as he discusses topics such as:
· End user education
· Best policies and settings for your Endpoints
· Endpoint monitoring
Globalization and division of labor has allowed multi-national corporations and businesses to focus on their core capabilities while outsourcing all various ranges activities form legal services, IT services, marketing, etc... these trends will continue to gain speed as global markets become much more efficient.
Proliferation of suppliers has also rapidly increased emerging threats such as privacy, data sharing and cyber risks. The key takeaway for audience in this presentation will be over all discussion of dimensions of supplier risks and how to holistically develop a proper comprehensive supplier report card that includes financial and cyber data.
Nathan Wenzler, Senior Director of Cybersecurity, Moss Adams
Measuring the effectiveness of a security program can be a challenge for most organizations. After all, when you do everything right, nothing happens. No email outages, no denial of services impacts and no data breaches. Measuring nothing doesn’t really tell you much, and it certainly doesn’t give you insight into where you’re still vulnerable and could be attacked by a malicious actor. Vulnerability Management (VM) tools have been a mainstay tool for any security program, and they generate a wealth of information about what assets are most at risk from outside threats, but the information isn’t always put to best use by most organizations.
In this session, we’ll look at the common metrics mistakes most organizations make with their VM efforts, as well as more relevant and actionable metrics that will help you get a better understanding of your security posture against today’s threat landscape.
· Learn how vulnerability information is critical to boosting good threat intelligence against common attack chains
· Identify metrics that are commonly used by nearly every organization, but don’t deliver any real value to your organization
· Discover ways to frame vulnerability data into meaningful, actionable metrics that give a more true sense of the risks to your assets
· Understand ways to improve your VM program to build more relevance into your threat intelligence efforts
User and Entity Behavioral Analytics (UEBA), when properly implemented, can be incredibly valuable: it can provide security teams with a new lens through which to detect, investigate, and respond to evolving security threats. However, there is a lot of hype in the world of AI, and not enough real use cases or concrete recommendations. This webinar aims to help correct this, with real world use cases and learnings from the past five years of deployments at Interset.
In this presentation, attendees will:
- View real-world case studies showcasing objectives and results from deploying UEBA
- Understand the role of human expertise and use cases to drive and quantify model development
- Review the most effective data sets for UEBA
- Learn about the analytical approach that helps effectively produce results and reduce noise in your UEBA system
Liviu Arsene, Global Cybersecurity Analyst, Bitdefender
Global cybersecurity analyst Liviu Arsene will discuss how advanced threat detection and visibility into the overall cybersecurity posture of an organization can help prevent data breaches, by placing under the scope some of the most recent and notorious data breaches and cyberattacks.
Wade Woolwine, Rapid7, Ajay Uggirala, Juniper Networks & O'Shea Bowens, Null Hat Security & Paul Crichard, BT Global Services
As cyber attacks become increasingly common, it is vital for organisations to be armed with the most effective tools and knowledge to prevent, detect and respond to cyber threats.
Join this interactive Q&A panel with top security experts across the ecosystem to learn more about:
- Trends in Advanced Threat Detection & Vulnerability Management
- How to use analytics to fight against cyber attacks – patching, detection and response
- What are the common mistakes made when it comes to Advanced Threat Detection implementation
- Best practices and recommendations for improving your security posture
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.