Name: Key Concerns of Cyber Leaders
Start: 2022-10-12T15:00:00Z
End: 2022-10-12T15:01:02.000Z
Location: BrightTALK
Rating: 3

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Cyber insurance is a must in today's IT threat landscape, but how do you make the right choice among the vast market of providers? This session, presented by industry thought leader Vincent Amanyi, will detail a comprehensive model of how to to better align your organization assets with the right cyber insurance mix. 

Key takeaways
- Develop strategy to perform health check across your enterprise. 
- Establish a clear cost-monitoring model across your enterprise.
- Develop a mechanism towards a targeted insurance mix for your assets.

Evaluating Options for Cyber Insurance

In an era where "cloud-first’ is often mistaken for “cloud-only,”' let’s explore a few often-neglected aspects of ransomware incident preparedness, highlighting the ironic shift in readiness from things we used to do well (or at least often) in the pre-cloud era, but that have been left behind in the present day. This presentation will focus specifically on three critically underappreciated practices that are still useful, and increasingly pivotal, for effective response to ransomware attacks.

1.) The significance of "go-to-paper" processes, you know, good old-fashioned manual business continuity (BC) procedures we used to follow when our digital world went dark. We'll explore how these archaic yet surprisingly resilient manual tactics are more than just a trip down memory lane, but necessary steps in ensuring your business keeps running even when screens don’t.

2.) Infrastructure backups. We're not just talking about your important data, but the increasingly software-defined and abstracted infrastructure components you rely on. This discussion will strip away the veil of complacency that often shrouds cloud-based systems, revealing the stark realities of shared responsibilities and the need for a more holistic approach to disaster recovery.

3.) The practicality of meeting recovery point objectives (RPO) and recovery time objectives (RTO) when relying on offline or internet-based backups. This involves an in-depth analysis of current practices; measuring their actual effectiveness and whether regaining access to data and systems is possible within acceptable time and data loss thresholds.

By revisiting these "old" strategies, we propose a renewed, hybrid approach to ransomware preparedness, blending traditional wisdom with modern technological capabilities. This presentation aims to equip organizations with a more holistic and resilient strategy in the face of evolving cyber threats.

Old School Lessons for Handling Ransomware in the Digital Age

Zero trust is a strategy that defines how to architect your computer network and systems to protect and defend your data from attacks. It operates by assuming that computers, user accounts, software, and applications can be compromised at any time and implements continuous assessment of device posture, user credentials, and application integrity before granting access. 

Zero trust is not a SKU or a single product, rather it is a more secure way to provide access to data by implementing security controls on the end point, on the network, and in the cloud to ensure only authorized users and applications can access your data. 

Remember, the goal is to protect the data and make sure that it remains confidential, maintains integrity, and is available when needed.  

Tune into this this talk from industry thought leader John Bruggeman as he reviews zero trust at a high level and discuss what solutions you can implement to take advantage of this ransomware resistant strategy. 

Key takeaways regarding solutions for 
- End point protection. 
- End user authentication.
- Network access controls.
- Cloud posture management.

Using a Zero Trust Architecture to Help Prevent Ransomware

Multigenerational teams are the mainstream in the workplace. In 2023, we now have five distinct generations in the workforce, encompassing many different work styles and needs. Understanding and navigating these generational differences from Boomers to Gen Z will help enable better communications, leading to more innovative ideas and solutions. Join WiCyS strategic partner Optum as Christopher Mullins, associate director, and Sebastian Berchard, project manager, shed light on embracing the value of multigenerational teams on Tuesday, December 19th at 1pm CT.

Unable to attend during the scheduled time? Feel free to register and receive a recording as soon as we wrap!

WiCyS can now provide members the opportunity to earn CPE/CEU credits for attending WiCyS live webinars.

To earn CPE/CEU credits with the following providers, you must meet the minimum requirements:
- GIAC/(ISC)2: Attend for a minimum of 45 minutes or the entirety of the webinar.
- CompTIA: Attend for a minimum of 60 minutes or the entirety of the webinar. The webinar topic must relate to the certificate being renewed.

Attendees who meet the requirements can email info@wicys.org to receive proof of attendance for submitting CPE or CEU credits with their provider.

Work and Generational Diversity

As data collection and analysis become increasingly central to business, research, and governance, protecting sensitive information is more crucial than ever. This session will examine the privacy, ethical, and security challenges involved in analyzing sensitive data such as personal health records, financial information, and other confidential datasets. 

Key questions to be addressed include: 
- How can sensitive data be ethically and responsibly analyzed while still protecting individual privacy? 
- What technical and policy safeguards are essential when working with sensitive data? 
- How can risks related to re-identification, unauthorized access, and data leakage be mitigated? 
 
This talk presented industry thought leader Donald Farmer will review best practices and frameworks for enabling secure and ethical data analysis across various industries and applications. Expert perspectives on navigating emerging regulations, managing tradeoffs, and aligning analytical objectives with privacy values will be discussed. Attendees will gain critical insights into analyzing sensitive data securely while upholding public trust and mitigating risks.

Analyzing Sensitive Data: Privacy, Ethics, and Security Considerations

Companies need to understand “wicked” problems, and the best way to navigate the organization during periods of uncertainty.

Companies should ask themselves how speedy their response be to a data security incident, when escalating to the senior leadership team, more so when it is an extortion and/or ransomware attack that involves critical data sets.

Tune into this session presented by disaster recovery and cyber resilience expert Steve Yates as he brings to light the crisis management options for those scary technology moments for when super speedy decisions are needed (or are they)?

By the end of the session, you will be able to:
- Be aware of data security incident management processes and procedures. 
- Form an understanding of the need for having a plan (runbooks/playbooks) and agreed crisis escalation process.
- Be conversant with a joined-up thinking approach when reviewing technology incident management that is “fit-for-purpose”.

Data Security Incident Management: What Keeps You Awake At Night? Part 3

As we build on the exciting findings from our WiCyS State of Inclusion Assessment, we collect additional data for our next industry benchmark report. Attend this webinar to learn more about our upcoming "Measuring Inclusion" workshops. 

Attendance is free and open to all individuals working for a cybersecurity company or in a cybersecurity-related role in any company, including consultants, entrepreneurs, teachers, and students. We welcome the participation of all individuals in any identity group. 

Are you unable to attend during the scheduled time? Feel free to register and receive the webinar recording as soon as we wrap up the session.

Measuring Inclusion Launch Webinar

Join WiCyS strategic partner IBM as they host a webinar about how organizations and governments worldwide face new cybersecurity risks as they adopt AI to help them boost operational efficiency, improve customer and employee experiences, modernize their applications, and grow revenue. 53% of business executives cite cybersecurity risks as a top barrier to adopting AI (*IBV study). Among their concerns are trustworthy AI, data security, privacy, and compliance. These concerns are similar to what organizations seeking to adopt mobile technology and the cloud faced in the past.

Join the IBM team on November 21st at 1pm CT as they discuss how IBM Consulting Services and their market-leading offerings help clients secure AI transformations and reduce the associated business risks.

Can't make it during the scheduled time? Register to still receive the recorded copy of the webinar.

To earn CPE/CEU credits with the following providers, you must meet the minimum requirements:
- GIAC/(ISC)2: attend for a minimum of 45 minutes or the entirety of the webinar
- CompTIA: attend for a minimum of 60 minutes or the entirety of the webinar (webinar topic must relate to the certificate being renewed)

Attendees who meet these requirements can submit a request to info@wicys.org to receive proof of attendance for submitting CPE or CEU credits with their provider.

Improving the Safety, Security and Trustworthiness of Business AI

In the rapidly evolving landscape of AI and emerging technologies, the potential for groundbreaking innovation is undeniable. However, this surge of innovation brings forth a critical challenge: the delicate equilibrium between technological advancement and safeguarding security. In this WiCyS strategic partner webinar, Trend Micro will delve into the imperative need to balance Innovation and Security in the context of AI and related technologies.

Unable to attend during the scheduled time? Feel free to register and receive a recording as soon as we wrap!

WiCyS takes pride in being able to provide members the opportunity to earn CPE/CEU credits for attending WiCyS live webinars.

To earn CPE/CEU credits with the following providers, you must meet the minimum requirements:

- GIAC/(ISC)2: Attend for a minimum of 45 minutes or the entirety of the webinar.
- CompTIA: Attend for a minimum of 60 minutes or the entirety of the webinar. The webinar topic must relate to the certificate being renewed.

Attendees who meet the requirements will receive a verification email to use as proof of attendance for submitting CPE or CEU credits with their provider.

Future's Gonna be Ok[AI]: Navigating Innovation and Security in the Era...

In anticipation of future cyber security challenges, as well as enable organizations to address current ones, the US National Institute of Standards and Technology (NIST) released the draft version of NIST Cyber Security Framework (CSF) version 2.0 for comments on August 8, 2023. Once all comments are submitted on November 4, 2023, this new version will be finalized in early 2024. 

This will be a very important tool against cybersecurity risks in 2024 not only because it is a government issued gold standard for cyber security, but also because it emphasizes cyber security governance and cyber security supply chain risk management. A lot of severe cyber incidents in recent years can be traced to a combination of bad decisions and third parties.

In this presentation, Ralph will give the audience a first look at this new upcoming NIST CSF v2.0 and show how they can use it to protect their companies from a myriad of cyber security risks in 2024 and beyond.

NIST CSF v2.0: A Potent Tool Against Cybersecurity Risks in 2024 and Beyond

This session from industry thought leader will provide a 360-degree view on how to develop a strategy that can easily drive a zero day attack, while maintaining ironclad environment. 

Key takeaways:
- Understand the moving part of your organization entities. 
- Establish an enterprise posture that mirror's your assets. 
- Develop a mechanism to manage attack evolution.

Developing Strategy That Enables Zero-Day Exploitation

Companies at a senior leadership level recognize operational risk in the form of  their “Risk Appetite & Tolerance”, defined as “the amount and type of risk that an organisation is willing to take in order to meet their strategic objectives”. 

The question companies should ask themselves is how much can cybersecurity risks identified in the 2024 threat forecast impact organizations technology, and how can they communicate effectively what this means to their organizations' strategic objectives?

Tune into this session presented by disaster recovery and cyber resilience expert Steve Yates as he brings to light the operational risk considerations and resilience options for those “scary” technology moments which can cause organizations to face the Maximum Tolerable Period of Disruption, or when an organization faces tough decisions, one of which may mean no choice but to close down!

By the end of the session, you will be able to:
- Be aware of The 2024 threat forecast and potential cybersecurity impacts on technology. 
- Form an understanding of the difficult language that must be used when dealing with the senior leadership team.
- Be conversant with a joined-up thinking approach when reviewing technology operational risk and identifying resilience measures.

Threat Forecast Vs. Operational Risk: What Keeps You Awake At Night?  Part 2

Our presentation team will cover 4 key areas that focus on the time-saving advantages that many large language models (LLMs) can offer, but also highlights important considerations for the potential risks to the organization’s reputation, IP, and overall security posture, by using an LLM.

These 4 areas include:
- AI Applied: The current scenario mindset - examining ROI and competitive advantage.
- AI Risk: The worst-case scenario mindset - reputational risk and loss of intellectual property.
- AI Trust: The best-case scenario mindset – aligning brand values with customer values- every relationship is about trust.
- AI Tomorrow: The unknown-scenario mindset – examining the need for acceptable use policies, and development of data-driven risk management systems.

While there are obvious time-saving and cost-reducing benefits that many LLMs can offer, it’s crucial to maintain staunch awareness of the risks to your organization’s reputation, IP, and overall security posture, just from using an LLM.

The AI Elephant in Every Room

In our ever-evolving digital landscape, the fusion of artificial intelligence (AI) and machine learning (ML) technologies has ushered in a new era of innovation and efficiency. However, as we step into 2024, we must also prepare for the darker side of this technological advancement -- the looming cybersecurity threats posed by both AI and ML.

This webinar will dissect the most recent trends and vulnerabilities that cybercriminals are likely to exploit using AI and ML techniques. From AI-driven social engineering attacks to ML-powered malware, we will explore the full spectrum of threats and discuss practical strategies to defend against them. With insights from real-world incidents and cutting-edge research, this webinar aims to equip individuals and organizations with the knowledge and tools needed to safeguard their digital assets and privacy in the face of evolving cyber threats driven by AI and ML technologies.

Will 2024 Bring Us a Year of AI and ML Threats?

Supply chains face known and unknown risks. IT organizations are especially susceptible to supply chain risk as it often uses many open source products in the acquisition and development of their software. We need a structured approach for cybersecurity supply chain risk management. A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredients that make up software components. 

The Executive Order (EO) on Improving the Nation’s Cybersecurity released on May 12, 2021 acknowledges the increasing number of software security risks throughout the supply chain. This EO mandates that Federal departments and agencies (and their suppliers) understand the cybersecurity risks through the software and services that they acquire, deploy, use, and manage from their supply chain (which includes open source software components). Acquired software may need to contain known and unknown vulnerabilities as a result of the product architecture and development life cycle.

In this webinar learn about cybersecurity risk management and governance. 
- Identify and document the risks and known vulnerabilities.
- Build a supply-chain risk-management framework. 
- Know and manage critical components and suppliers. 
- Develop a supplier/vendor software bill of materials, of each binary component that is used in the software, firmware, or product.
- Build a remediation plan for any vulnerable open source materials.
- Institute a governance and monitoring process.

Cybersecurity Supply Chain Governance

When you think about it, supply chain security surfaced as an important focus in the wake of several significant events that highlighted vulnerabilities in global supply chains. These events began with the 9/11 attacks in 2001 resulting in a heightened focus on national security - including the security of supply chains. Subsequently, we had high-profile product recalls and quality issues - such as contaminated foods and counterfeit drugs - again raising concerns about supply chain security. Additionally, we also had an increasing reliance on digital systems and technology in supply chains that were made more vulnerable due to cyber threats. 

These events in conjunction with the rapid growth of globalization and outsourcing of manufacturing and sourcing activities to different areas of the globe increased the complexity and extended the geographic reach of supply chains. Hence, supply chain security -- including cyber and physical -- surfaced and required important focus. 

Join Ernie Hayden (Founder & Principal, 443 Consulting) to gain a better perspective of the physical security issues involved with the current global supply chain and get insights on how to overcome them. Key challenges discussed in the session include:  
- Unauthorized access to the supply chain and materials. 
- Inadequate surveillance of physical security of supply chain operations; and,  
- Transportation security weaknesses arising from inadequate packaging, lack of tracking and tracing mechanisms, or insufficient verification of drivers and personnel involved in the transportation process.

The Nuances of Physical Security and Supply Chain Management

Supply chain managers are being asked to better manage supply chain risk and create more resilient supply chains while maintaining efficiency. Unfortunately, traditional approaches to risk management and resilience are insufficient to address this complex issue.  

Many companies lack the data, tools, and insights needed to manage risk and improve resilience effectively and efficiently. Fear not - there is a game-changing solution on the horizon: the intelligent use of digital technologies!  

In this session, Digital Supply Chain Advisor, Fabio Tiozzo shares his expert insights on the transformative power of digital technologies in supply chain risk management and resilience. Get an overview of the digital technology stack, including both mature and emerging technologies, and discover how to leverage them to revolutionize supply chain resilience and risk management.

Topics for discussion include:  
- What supply chain managers can do to better manage supply chain risk and improve resiliency, while maintaining supply chain efficiency. 
- Why embracing digital supply chain risk management and resilience is not only a necessity for survival, but an opportunity to create new value and gain a competitive advantage. 
- How to map out your digital adoption roadmap to ensure you are integrating the right technologies into your processes. 
- And more...

Innovating SCRM and Resilience: Harnessing the Potential of Digital Technologies

A Whole Lotta BS (Behavioral Science) About Security

When the Answer Really Is “No” -- How to Say It Diplomatically

Diversity of Cybersecurity Mindsets

The Tone in the Middle: The Biggest Hindrance to a Cybersecurity Culture

Building a Stronger Security Partner Team

How Old Math Can Solve New Problems

The Great Data Migration: Cybersecurity & Privacy in M&A & Legacy Data Migration

The IT Compliance Role in Safeguarding the Enterprise from Post-COVID Symptoms

Beyond Misconfigurations Correlating Threats to Truly Understand Your Cloud Risk

Building a Cybersecurity Culture: It's Time to Think Differently About Training!

Understanding and Managing Cyber and Privacy Risk in an Increasingly Risky World

Improving Security Posture for the Modern Enterprise

Zero Trust Security Strategies to Safeguard the Enterprise

Security Strategies to Safeguard the Enterprise

It's no secret that the cybersecurity landscape is constantly changing, requiring CISOs and security teams to adapt and pivot at a moment's notice. But the security organizations with the strongest foundations will be most able to rise to whatever challenge the future brings. In this panel session, learn about the major initiatives CISOs are planning for in the coming year, changes they are anticipating, and pain points they hope to mitigate.
 
You'll hear about topics such as:
* Changing regulatory needs
* Surviving the economic and geo-political environment
* Crucial skills development areas
* Technology investments
* Cyber insurance

About the moderator:
Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the US. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce.

Confirmed panelists:
Ozgur Danisman, VP, EMEA Sales Engineering, Forcepoint
Brenna Leath, Head of Product Security, sas
Dr. Kelley Misata, Founder and Chief Trailblazer, Sightline Security

Key Concerns of Cyber Leaders

IT Security

CISO

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Key Concerns of Cyber Leaders

Presented by

About this talk

More from this channel