Name: Cybersecurity Supply Chain Governance
Start: 2023-09-27T22:00:00Z
End: 2023-09-27T22:01:01.000Z
Location: BrightTALK
Rating: 4.6

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Senior management often has a fundamental question regarding cyberattacks: How would cyberattacks affect our organization?  Business impact analyses (BIA), as they have been performed for decades, are inadequate.  The determination of desired recovery times and recovery points may be meaningless in the face of stolen information and ransomware attacks that reflect what business leaders would like to be done rather than what IT can do.  Moreover, new government rules require analysis and disclosure that necessitate an understanding by executive management of what the impact of a cyberattack would be if an attack were to occur.  This session provides an approach to determining what the impact of a cyberattack would be.

Tune in to this webinar to learn:
- How cyberattacks change the context of BIA.
- What are the potential financial, operational, reputational, regulatory and societal impacts of cyberattacks.
- How to conduct a cyber impact analysis.
- How a cyber impact analysis can drive cyber resilience strategy.

Determining the Impact of Cyberattacks

Ransomware attacks are one of the most terrible outcomes of cyber breach. Whether you believe in paying ransom demands or not, you must understand the need for a negotiator in such difficult situation. We will discuss challenges, pitfalls, and factors of success that a ransomware negotiator can bring to crisis.

Key Takeaways:
- Understand components of a ransomware attack.
- Recognize intricacies of ransomware negotiations.
- Avoid mistakes frequently made during ransomware attacks.
- Recognize red flags common during ransomware attacks.

Ransomware Negotiations: Everything You Need to Know

In today's dynamic threat landscape, building a security-first culture is essential for safeguarding an organization’s data. This panel session, featuring Michelle Pruitt, Binta Kindle, Swati Popuri, and Cherie Griffith-Dunn, will explore leadership tactics for fostering a mindset of holistic data protection across all levels of the organization.

Key topics include:
- Establishing a security-centric organizational mindset.
- Best practices for leadership to encourage proactive data protection.
- Effective training strategies for promoting security awareness.
- Integrating security considerations into AI and digital workflows.
- And more

Join us to discover how to empower your team, regardless of their technical background, to embrace security as a core value and enhance your organization’s data protection strategy.

Building a Security-First Culture: Leadership Strategies for Holistic Data Protection

Automation in cybersecurity holds the promise of making the world a safer place. However, this promise can be broken if we place blind trust in automation without proper checks and balances. 

In this presentation, industry thought leader Alex Holden will share his knowledge and experience to guide you through the crucial decisions of where to trust AI, where to automate, and where human judgment and decision-making are still indispensable for achieving the most secure outcomes.

To Automate or Not Automate: Guide to Cybersecurity Best Defenses

In an era where data breaches and cyber threats are becoming increasingly common and complex, the need for a comprehensive data security strategy has never been more critical. 

This talk from industry thought leader Efe Ogolo will explore the evolving space of data security from a fragmented set of practices to a holistic, integrated approach that is made up of technological safeguards, regulatory compliance, and the cultivation of a security-conscious organizational culture. Listeners will gain insights into cutting-edge security technologies, including AI-driven threat detection and response systems, as well as the importance of aligning security protocols with legal requirements and industry standards. Moreover, the discussion will touch on the often-overlooked human element -- how fostering a culture of security awareness and accountability can be a powerful defense against both external and internal threats. 

This session is designed for business leaders, IT professionals, and data custodians looking to strengthen their data security posture in a rapidly evolving digital landscape.

Integrating AI, Compliance and the Human Factor in a Comprehensive Data Security Strategy

This session will delve into the potential impact of quantum computing on cybersecurity. It will explore how quantum computers could render current encryption methods obsolete, leading to a “crypto-apocalypse.” But it will also discuss the potential positive applications of quantum computing for enhancing security measures.

Key Takeaways:
- Understanding the threat quantum computing poses to existing cybersecurity infrastructure.
- Exploring the potential of quantum-resistant cryptography.
- Gaining insights into how quantum computing could be leveraged to strengthen security measures.
- Developing strategies to prepare for the quantum computing era.

Quantum Computing: The Cybersecurity Apocalypse or the Next Great Leap?

If you have managed to evade a data breach or fines from the regulator, then well done! Today, business and government organizations inform the public of a data breach, whereas in the past they kept quiet to avoid reputational damage until the news eventually got out!

Based on recent events, either caused internally or externally by threat actors like staff, individuals, hackers, organized crime or state governments, protection of your data and its privacy has become quite challenging.

This webinar will focus on data protection and the consequences of non-compliance. One example of this is Uber fined $324 million for personal data transfer. It will also cover unauthorized access through third-party suppliers and contractors), as well as tips to evaluate your data policy.

Tune into this session presented by business continuity, disaster recovery, cyber resilience and major incident expert Steve Yates, as he shares his views on protecting data security and privacy. Yates will explore these elements from the attacker’s point of view and take attendees on a learning path to consider their own state of readiness for data breaches and disclosure of personal, corporate, and government information. 

By the end of the session, you will be able to:
• Know the importance of understanding your organizations end-to-end data world, specifically mapping data sources and where it resides.
• Understand how easy it could be to cause disruption, modification, or destruction of critical data along with the services which they support.
• Understand the core organizational components necessary for regulation and compliance of your data resources.

How Secure and Private is Your Data?

Despite the advent of so much emerging technology like AI in cybersecurity, the continuing success of data breaches and cyber crime through social engineering and tech complacency is a sobering reminder that so called “low tech” IT security basics still matter. 

In this presentation, Hilton's IT Security and Compliance Analyst Ralph Villanueva will discuss recent cyber security threats and incidents that made the headlines. Attendees will learn what they can do to mitigate these threats in their companies as well as what tools and techniques they can use - without breaking the bank or summoning the AI gods

AI-Enabled Cybersecurity is Overrated: Why Low Tech IT Security Basics Still Matter in 2025

Artificial intelligence continues to reach new heights. But this technology can and frequently is misused for fraudulent activities. New attacks and modifications occur daily. For some, AI is a perceived boon. Others strongly argue that AI is a menace. Either way, AI is here to stay. By embracing this technology responsibly, we can effect a constructive change and enhance more efficient outcomes.
 
Powerful AI can analyze, detect, and react against fraudulent activities. A holistic cybersecurity approach to build ethical AI can help mitigate various risks via a high quality, well-trained multimodal AI model, that includes threat detection and user and entity behaviors analytics that can respond efficiently, effectively and ethically against bad actors.
 
In this talk, industry thought leader Mayra Paredes will describe three of the most repetitive challenges presented by AI and how the cybersecurity industry can embrace them to build a proactive response against the threat landscape.
-              AI Ethics: Morality Bias, weaponization, liability stereotypes. Integrate diverse contributors to build this technology.
-              AAA Systems: Authentication, Authorization and Accounting. Build an Ethical core system.
-              Lack of expertise in the workforce: Embrace AI to foster diverse talent.
 
Readers will come away from this talk with the different nuances surrounding AI and its potential application in cybersecurity. They will also be able to create clear management policies to restore trust in digital environment by building ethical AI.

Tackle 3 Common AI Challenges to Build Effective Security Programs

AI holds great potential for enhancing cybersecurity, offering advanced threat detection, rapid response capabilities, and predictive analytics. However, recent PhD research reveals unique challenges and risks associated with integrating AI into cybersecurity strategies. When attackers have spent 40 years fooling our automated systems, and there is a great risk that AI adoption will greatly widen the threat landscape.

This webinar from industry thought leader will explore both the promises and perils of AI-driven cybersecurity solutions, highlighting key findings from cutting-edge research. Attendees will gain insights into the effectiveness of using AI safely in combating cyber threats, the vulnerabilities AI systems themselves introduce, and the ethical considerations that come with widespread AI deployment in cybersecurity.

The Promises and Perils of Using AI for Cybersecurity

The future is uncertain, but many cyber threats are largely predictable. In the cybersecurity arena, our victories make a difference and cause some threats to fade into history. However, our ability to stay ahead of cyber threats has its ups and downs, influenced by numerous factors. Meanwhile, threat actors continually evolve their techniques and approaches.

Drawing on more than a quarter century of experience in cybersecurity, industry thought leader Alex Holden invites you to join him on a journey through the evolving threat landscape. We'll examine the latest trends in threat intelligence and advancements in AI, and we'll focus on building the most effective cyber defense strategies as we approach 2025.

Victories, Challenges, and Unknowns: Threat Landscape 2025

With the CrowdStrike incident impacting so many organizations, it is imperative to understand your organizations’ cyber incident response framework especially when you screen goes “blue”!

According to a snap poll conducted by Aon, 83% of risk professionals said their organisation had an incident response plan in place. But when CrowdStrike occurred, 24% said these plans underperformed. The entire poll of 500 risk professionals from across the UK and Europe revealed that 62% were directly or indirectly impacted by the global outage.

This presentation will focus on the 2025 to 2030 threatscape and considerations for an “joined-up” incident response framework that your organization should consider if it hasn’t already. 

Tune into this session presented by business continuity, disaster recovery, cyber resilience and major incident expert Steve Yates, as he shares tips to prepare for the 2025 threatscape. Yates will explore current operational cyber incident response areas, identified from more recent events such as dependency mapping, scenario planning and testing, and the core structure that your organization should have in place.  

By the end of the session, you will be able to:
- Know the importance of dependency mapping, specifically for the “before”, and the challenges that will happen if not established for the “after.”
- Form an understanding of how scenario planning and testing can be become critical in the preparation for significant cyber disruptions and provide the need for resources and capacity capabilities. 
-  Understand the core organizational components needed for a cyber incident response framework.

What Do You Need to Consider for Your Cyber Incident Response Framework?

In the ever-evolving landscape of DevOps, the paradigm is now shifting - where security is taking the central stage. With vast surface areas including containers, cloud, repositories and third party components, cyber threats became prominent then ever before in DevOps. 

Our presentation delves into the evolution from traditional DevSecOps to the advanced elimination of threats in each possible way in every stage of DevOps: Build, Test, Deploy and Operate. Lets see how we can prevent cyber threats with secure cloud architecture, continuous logging and monitoring, required approval processes in place, code scanning along with manual reviews as well ensuring heightened security at every step.

In this session, join Jyotirmayee Pradeep Kumar (Vice President - Cloud DevOps at a well-known global bank) as she unravels the stages of elimination of cyber security threats at each phase of DevOps. Topics for discussion include:
- DevOps landscape and different stages associated with it.
- Surface area of cyber threats in DevOps.
- Security breaches within the DevOps framework.
- Practical strategies for eliminating cyber threats with shift-left security implementations. 
- Diverse approaches to automate security integration into DevOps practices.

Eliminating Cybersecurity Threats: Inspection of DevSecOps

Maintaining continuous service availability is not just a priority—it's a necessity. Join us for an insightful webinar to explore the critical aspects of defending your network against Distributed Denial of Service (DDoS) attacks, which can cause significant financial and reputational damage.

Based on the findings from our latest report, The True Cost of a DDoS Attack, this session will delve into the real-world impacts of DDoS incidents on businesses of all sizes. We will discuss effective strategies for mitigating these risks and how our cutting-edge DDoS protection solutions ensure your services remain up and running without interruption.

Key takeaways will include:

- Understanding the financial and operational implications of DDoS attacks.
- Best practices for safeguarding your infrastructure against DDoS threats.
- How our protection strategy can ensure zero downtime and reliable service availability.

Zero Downtime: Ensuring Reliable Service Availability

The National Institutes of Science and Technology recently launched a new version of their cyber security framework, NIST CSF v2.0 to provide both government organizations and private industry a comprehensive set of cyber security guidelines. Better yet, this version can easily be integrated into existing frameworks and tools. 

In this session, Hilton analyst Ralph Villanueva will point out how the newly added governance aspect of this framework can boost the detection, respond and recover capabilities of any organization in the event of a cyber-security incident.

Improve Incident Detection and Response Governance with NIST CSF v2.0

Tune into this session from industry thought leader Vincent Amanyi as he highlights a robust strategy to develop core requirements and step-by-step approach to build a resilient foundation of your insider threat program.

Key takeaways:
- How to perform environment assessment. 
- How to establish a clean foundation that is central to your enterprise.
- Learn how to benchmark and manage your maturity journey.
- Develop the right mix of tool for monitoring.

Identifying and Building the Foundation of a Threat Program

How do you know the dangers you face regarding cybersecurity? A threat intelligence program is key to understanding the existing dangers.  However to be truly effective, threat intelligence must be relevant to your situation and environment. Ensuring  that threat intelligence is indeed intelligent in regards to your specific needs requires more than a basic data feed. The presentation from industry thought leader Charles Kolodgy will provide useful insight and information designed to allow you to align your threat intelligence with your specific needs by incorporating other components that complement threat intelligence.

Join this discussion to learn:
- What is threat intelligence and the specific value it provides.  
- How the MITRE ATT@CK framework is a useful tool for threat intelligence.
- Attack surface management is a valuable component of threat intelligence.
- Understand how threat intelligence and attack surface can be reconciled.
- How to evaluate the various cybersecurity threat intelligence offerings available.
- Harmonizing threat intelligence, attack surface, vulnerabilities, and business requirements when making cybersecurity decisions

Ensuring Threat Intelligence Remains Intelligent

APIs have become essential in today's digital ecosystem, enabling seamless data exchange, connecting applications, and driving innovation. However, as they contain valuable data, APIs can also serve as enticing targets for cyber attacks such as DDoS attacks, SQL injections, and cross-site scripting (XSS). A single API breach can jeopardize sensitive information and affect an organization's reputation, financial stability, and compliance. Therefore, it's crucial to have a robust API security program in place. 

In this webinar, we will explore the multifaceted landscape of API security and emphasize its pivotal role in modern enterprises' overall cybersecurity posture. We will delve into the foundational components of API security, explain how each relates to the evolving threat landscape, and discuss practical, actionable ways they can prevent cyber criminals from exploiting vulnerabilities in APIs. We will also provide insight into the capabilities of a mature, end-to-end API security program and define practical milestones to empower you to elevate your API security to the next level.

Key takeaways from this webinar include understanding how attackers' tools, techniques, and procedures are evolving, learning the components of API security and their respective roles, and taking actionable steps to assess and enhance your organization's API security posture. In addition, we will highlight forward-thinking strategies and how web application firewalls (WAFs) can help detect and block malicious traffic, and how API security solutions can provide comprehensive protection for your APIs and work with WAFs to ultimately protect applications and their data.

Elevating API Security

Practical AI Applications in the Supply Chain: Finding Value While Managing Risk

The Nuances of Physical Security and Supply Chain Management

Efficient Supply Chain Management: The Power of Integration-Driven Automation

Optimizing for Sustainability: ESG and Supply Chain Resiliency

How AI Will Help Build Resilient Supply Chain Operations

AI and the Supply Chain: What's Changing and Why Should You Care?

Innovating SCRM and Resilience: Harnessing the Potential of Digital Technologies

Overcoming Supply Chain Challenges

Supply chains face known and unknown risks. IT organizations are especially susceptible to supply chain risk as it often uses many open source products in the acquisition and development of their software. We need a structured approach for cybersecurity supply chain risk management. A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredients that make up software components. 

The Executive Order (EO) on Improving the Nation’s Cybersecurity released on May 12, 2021 acknowledges the increasing number of software security risks throughout the supply chain. This EO mandates that Federal departments and agencies (and their suppliers) understand the cybersecurity risks through the software and services that they acquire, deploy, use, and manage from their supply chain (which includes open source software components). Acquired software may need to contain known and unknown vulnerabilities as a result of the product architecture and development life cycle.

In this webinar learn about cybersecurity risk management and governance. 
- Identify and document the risks and known vulnerabilities.
- Build a supply-chain risk-management framework. 
- Know and manage critical components and suppliers. 
- Develop a supplier/vendor software bill of materials, of each binary component that is used in the software, firmware, or product.
- Build a remediation plan for any vulnerable open source materials.
- Institute a governance and monitoring process.

Cybersecurity Supply Chain Governance

Supply Chain

Cyber Security

IT Security

Risk Management

Governance

Compliance

ISACA

Vulnerabilities

Open Source

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Cybersecurity Supply Chain Governance

Presented by

About this talk

More from this channel