Name: Data Security Incident Management: What Keeps You Awake At Night? Part 3
Start: 2023-12-06T16:00:00Z
End: 2023-12-06T16:00:56.000Z
Location: BrightTALK
Rating: 4.9

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

The current data security and privacy protection landscape is awash with tools, acronyms, buzzwords that promise to make data breaches and privacy incidents a thing of the past. Yet hotel chains, healthcare providers, banks, department stores and even governments constantly fall victim to data breaches, ransomware or nation-state attacks. 

The plain truth is that tools are only as good as the people that use them and the processes that go with it. Two thousand years ago, the Roman empire had better military tools than the nations they conquered. Yet through time, the Romans fell to the barbarians and are merely remembered through their ruins. Likewise, companies with the latest and most buzzworthy technology implemented still manage to fall victim to attacks. 

In this presentation, industry thought leader Ralph Villanueva will tap into over 15 years’ experience of data security and privacy protection to show why ultimately, the people behind the tools and the processes they use matter more in securing your organization’s data. 

Key Takeaways:
 - How to best deploy tools in the most cost-effective way to optimize benefits.
 - How to best deploy tools to mitigate data security risks from internal and external threats. 
 - The importance of a balanced and holistic approach to data security that equally considers people, processes and technology.

Tools are Nothing: Why People and Process Matter More in Data Security and Privacy

Cyberattacks are continuing at pace and we're regularly hearing of new data breaches. But who is responsible for ensuring the security of personal data? 

Traditional data protection approaches are failing against modern attack vectors. Organizations need future-ready strategies that go beyond compliance checkboxes to create resilient security frameworks. In this session, we'll explore the current risks to personal data & privacy and delve into the range of models that can be used to protect your organizations critical assets.

This webinar will take you through examples of recent data breaches, identifying the challenges being experienced, learning from what went wrong and how best organizations can plan for the future. Such planning will investigate current good practice, adding some “steroids” to them such that organizations can hopefully stay in front of the next “breach”!

Steve Yates – Chairman of the Resilience Association, will share frontline experience about critical data assets security and protection of user privacy.  

Key Takeaways:

- Be aware of the challenges being experienced in the protection of data security & privacy;
- Understand how best to plan your data resources and capacity to meet tomorrow’s defense;
- Discover the core organizational elements needed for the establishment of a strategic, tactical and operational solution

Strengthen Data Security Strategy for Tomorrow's Resilience Defense

AWS infrastructure offers robust native security mechanisms, but the shared responsibility model places critical configuration burdens on app owners. This creates gaps that attackers can actively exploit through misconfigurations, privilege escalation, and cross-service vulnerabilities which can compromise entire cloud deployments.

Security automation emerges as an essential defense strategy for threat modeling, enabling businesses to enforce security best practices from deployment through ongoing operations. Automated security controls provide continuous monitoring, real-time threat detection, and optimized remediation across AWS services. This ensures a consistent security posture while reducing human error and response times.

Join Ernesto Marquez, Founder and Project Director at Concurrency Labs, to explore proven AWS security automation strategies for threat mitigation.

Key Takeaways: 

- Implement automated security controls that enforce best practices across AWS services 
- Deploy continuous monitoring and real-time threat detection for multicloud environments 
- Configure automated remediation workflows for common security vulnerabilities 
- Integrate AWS security automation tools into comprehensive threat modeling frameworks 
- Establish governance policies that maintain security consistency across cloud deployments

Deploy Automated AWS Defenses for Threat Prevention

As cloud supply chain attacks escalate in sophistication, traditional SBOMs alone prove insufficient for comprehensive security. While SBOMs provide valuable component inventories, they lack runtime verification capabilities—creating a critical blind spot that malicious actors increasingly exploit. This gap between static analysis and runtime behavior represents one of the most significant vulnerabilities in modern cloud environments.

The "Bill of Behavior" (BoB) approach addresses this challenge by providing vendor-supplied profiles of expected runtime behaviors. Generated using eBPF technology, BoBs codify legitimate syscalls, file access patterns and network communications. This enables immediate anomaly detection without custom rule creation, allowing organizations to verify software integrity throughout the supply chain and during execution, dramatically reducing the attack surface while simplifying security operations.

Join Dr. Constanze Roedig, Key Researcher at SBA-Research and Founder of Fusioncore.ai, to discover how this emerging standard complements existing SBOM frameworks to create verifiable trust in your cloud ecosystem.

Key Takeaways:
- Understand how Software Bills of Behavior (SBoBs) create verifiable trust between vendors and clients
- Learn practical implementation strategies using existing OCI distribution standards
- Discover how BoBs significantly reduce attack surfaces across both runtime and supply chain vectors
- Explore immediate benefits of receiving vendor-supplied behavior profiles with software packages
- Discover how CNCF Kubescape allows anomaly detection out of the box

Beyond SBOMs: Runtime Verification for Bulletproof Cloud Supply Chains

Organizations are rapidly adopting AI technologies without fully understanding the security implications. This is creating unprecedented vulnerabilities in cloud environments. In turn, with AI accessible to all stakeholders, the human factor has become the weakest link in cybersecurity defense strategies.

This session addresses critical considerations for IT and cybersecurity leaders to balance business innovation with risk management. Learn how to establish ethical AI frameworks, implement proper access controls, and build awareness programs that protect your organization while enabling AI adoption.

Join Kathleen Mullin, vCISO and Consultant, to explore practical strategies for securing AI in cloud environments while maintaining business agility.

Key takeaways:

• Define clear RACI matrices for AI business risk ownership and accountability 
• Assess whether AI solutions truly meet business requirements vs. alternative approaches
• Establish data governance and access controls specifically for cloud-based AI systems 
• Develop comprehensive AI awareness programs for organizational stakeholders 
• Evaluate current and future cloud AI risks within your security framework

Considerations: Securing the Cloud And In Specific AI

As organizations accelerate cloud adoption, sophisticated security technologies often create a false sense of protection while the most significant threats emerge from within. Human behaviour continues to be the weakest link in cloud security, not due to malicious intent, but through everyday mistakes that inadvertently expose critical systems.

When they create friction, security measures designed to protect can inadvertently increase risk as users will find shortcuts to achieve their legitimate objectives. This session explores the psychology behind user decision-making and reveals how threat actors exploit human nature to bypass cloud defenses, turning legitimate business processes into attack vectors.

Join Simon Ratcliffe, independent management & technology consultant, to discover practical strategies for human-centered cloud security.

Key Takeaways:

- Identify psychological triggers that make users vulnerable to cloud-based attacks 
- Recognize how security friction drives risky user behaviors and workarounds
- Design user-centric security that reduces human error without compromising protection 
- Develop indicators to detect insider threats before they escalate 
- Build security awareness programs that create lasting behavioral change

Securing the Human Element: Why People Remain Cloud Security's Top Vulnerability in 2025

Insider threats are one of the most challenging security risks in multicloud environments, where authorized users can exploit fragmented access controls and limited visibility across platforms. When organizations lack comprehensive oversight of user activities, data flows and privilege escalation paths, the risk posed by human error and malicious insiders is much greater.



Multicloud architectures amplify insider threat risks through inconsistent identity management, scattered audit trails, and complex permission structures that create blind spots for security teams. Strategic threat modeling designed around insider risks enables organizations to map user access patterns, identify privilege abuse scenarios, and implement behavioral monitoring across all cloud platforms before incidents occur.



Join Sandeep Tripathi, IT Solutions Designer at Daimler Truck AG, to discover systematic approaches for detecting and preventing insider threats in complex multicloud environments.



Key Takeaways: 

- Identify insider risk scenarios across cloud platforms using threat modelling frameworks
- Implement comprehensive user behavior analytics and cross-cloud activity monitoring
- Limit insider threat impact and lateral movement using zero-trust access controls.
- Develop incident response protocols for insider-driven security breaches
- Create governance frameworks for managing privileged access in multicloud environments

Mitigate Insider Threats in Multicloud Through Strategic Modeling

Every minute your cloud infrastructure grows, it creates new entry points for potential attacks. As organizations rush to embrace cloud innovations, they're unknowingly building digital labyrinths where traditional security measures fall short.

Cloud security threats are often perceived as purely technical challenges, but the human factor remains one of the most significant and underestimated risks. Misconfigurations, weak passwords, phishing attacks, and inadequate training open doors to breaches even in sophisticated environments. Employees inadvertently expose sensitive data through social engineering, while administrators overlook crucial updates. Insider threats pose significant risks when cloud systems are accessible from anywhere.

Join Jyotirmayee Pradeep Kumar, Vice President of Cloud DevOps at a leading global bank, to explore human factors in cloud security threats.

Key Takeaways: 
- Human error as the leading cause of cloud security breaches 
- Phishing attacks and social engineering threat vectors 
- Managing insider threats in distributed cloud environments 
- Essential security awareness training and culture development 
- Zero Trust architecture implementation strategies

Managing Human Risk in Cloud Security Operations

AI technologies are simultaneously completely transforming business operations and creating new security vulnerabilities that cannot be addressed by technical safeguards alone. When implementing AI-driven solutions, human oversight is the biggest differentiator between secure innovation and catastrophic data breaches. As such, human intervention is both the biggest vulnerability and most significant defense in organizational security architectures.

To address this challenge, IT leaders can build a security champions program—a network of engaged employees who understand AI-specific threats and serve as frontline defenders. This group bridges the gap between security teams and other business units. They spread security awareness throughout the organization while maintaining operational efficiency.

Join Vincent Amanyi to discover proven strategies for empowering a team of security champions who can help safeguard your organization's AI initiatives and digital assets.

Key Takeaways:

- Learn to assess AI-related security risks across all business functions
- Design a people-centric security strategy that combines technical controls and human intelligence
- Establish and structure an effective Security Champions Committee with clear roles and responsibilities

Fortifying the Human Firewall: Cultivating Security Champions in Today's AI Landscape

In today's threat landscape, where the average data breach costs organizations $9 million, your employees represent both your greatest vulnerability and your strongest defense. As AI-powered threats become more sophisticated and remote work expands the attack surface, traditional security awareness approaches are failing to create lasting behavioral change. The human element remains implicated in over 80% of breaches, yet most training programs still focus on compliance checkboxes rather than cultivating security champions.

Effective security awareness requires a strategic approach that addresses psychological barriers, leverages behavioral science and creates sustainable security habits. By reimagining how we engage employees—from executive leadership to frontline staff—organizations can transform their security culture from a perceived burden into a competitive advantage that measurably reduces incident rates and response times.

Join Ralph Villanueva, with 15+ years leading enterprise security awareness programs, to discover proven methodologies that transform employee behavior.

Key takeaways:

- Implement psychological triggers that convert passive training participants into active security defenders
- Design role-specific awareness programs that address the unique risks of different departments
- Measure training effectiveness beyond completion rates with behavior-based security metrics
- Secure executive buy-in by connecting awareness initiatives to tangible business outcomes
- Deploy just-in-time learning techniques that deliver training when employees are most receptive

Transforming Human Risk: 10 Battle-Tested Strategies for Modern Security Awareness

Organizations are investing heavily in advanced security tools. But the most critical—and vulnerable—component of cybersecurity defense is people. As AI-driven attacks and quantum-era risks emerge, the gap between technological capabilities and human cognitive readiness threatens to widen dramatically.

Security professionals face unprecedented pressure when responding to incidents. Even with robust detection and recovery tools, factors like stress, fatigue and decision paralysis can significantly increase recovery times and amplify damage. This presentation introduces an expanded MTTR formula incorporating the "Human Cognitive Factor"—a groundbreaking approach that addresses the psychological dimensions of security response that technology alone cannot solve.

Join Sandra Estok (Founder & CEO, Way2Protect) to discover why preparing employees will determine your organization's survival in the 2026 threatscape.

Key Takeaways:

- Master the expanded MTTR formula that quantifies how human cognitive factors impact recovery timelines
- Identify early warning signs of team cognitive impairment before they compromise your security posture
- Implement practical strategies to build psychological resilience and decision-making clarity under pressure
- Establish metrics that measure human performance alongside technical metrics for comprehensive security assessment
- Learn how leadership decisions about culture, team structure, and psychological safety directly influence threat response effectiveness

Strengthening Your Human Firewall: Closing Cognitive Security Gaps Before 2026

Both endpoint security and endpoint management are becoming more challenging, largely driven by an increasingly complex threat landscape and a greater number (and assortment) of both managed and unmanaged endpoint devices. This, combined with an overabundance of tools deployed to deal with these threats and devices, has created a false sense of security and the inability to process all the data being collected.

 To combat this, organizations are making efforts to integrate the teams, tools, and processes involved, and these efforts are having a positive impact on visibility and awareness. Similarly, organizations are eager to adopt new tools like Autonomous Endpoint Management to help them achieve their goals.

In this session from Endpoint Management and Security Gabe Knuth, you’ll learn both what research reveals about the challenges facing organizations, the risks associated with the status quo, and the path forward to improving overall endpoint management and security.

Overcoming Increasing Endpoint Security & Management Challenges

As organizations continue to accelerate their cloud adoption, the 2026 threatscape reveals an increasingly complex and dynamic environment. Attackers are leveraging AI-driven exploits, supply chain vulnerabilities, and sophisticated cloud-native attack vectors to target critical infrastructure and sensitive data. Meanwhile, regulatory landscapes and compliance requirements are rapidly evolving, demanding stronger governance and resilience strategies.

This session explores the top cloud security threats projected for 2026, including identity compromise, API exploitation, misconfiguration risks, and multi-cloud visibility challenges. It also highlights forward-looking defense strategies, from zero-trust architectures and autonomous remediation to AI-powered detection and response. Participants will gain actionable insights into building a proactive cloud security posture that not only addresses today’s risks but anticipates tomorrow’s challenges.

Emerging Risks, Evolving Defenses and the Future of Cloud Security

AI-powered digital transformation creates a critical security paradox: the systems accelerating innovation are prime vulnerability points. As our data volumes multiply with AI pipelines, organizations face new risks that traditional security frameworks never needed to cover. With AI-related breaches projected to increase significantly in 2025, securing these data flows has become a board-level priority.

Security teams have to be able to balance transformation speed with robust protection across the entire AI ecosystem. This requires rethinking data governance, implementing continuous validation protocols and establishing clear visibility into automated decision paths—all while maintaining the business velocity that AI enables. The challenge isn't just technical; it requires new governance models that align security, data science and business objectives.

Join Oksana Denesiuk (Senior Product Manager, Solution Consultant - Billing, Kaiser Permanente) to discover practical frameworks that will secure AI systems without sacrificing innovation speed.

Key takeaways:

- Identify hidden vulnerability points in AI pipelines that traditional security tools miss
- Implement data lineage tracking and validation protocols across your automation ecosystem
- Establish board-ready metrics that measure AI security posture and data protection efficacy
- Deploy zero-trust principles specifically designed for machine learning environments
- Balance security controls with the speed and scale benefits that drive AI adoption

Neutralizing AI Vulnerabilities: The New Cybersecurity Imperative

AI is a friend, but it can be a terrible foe when not properly used. In cybersecurity, we also see AI as an enabler of cyber-criminal activities and security errors. In this talk, we will focus on what you need to know to defend your enterprise against AI-enabled cyberattacks. We will also discuss how to protect yourself and your company against errors caused by the improper use of AI.

Learning objectives:

- Understand emerging AI-enabled cybercriminal trends
- Recognize and avoid mistakes that stem from blindly trusting AI
- Apply AI effectively to reduce and manage your organization’s threat landscape

I vs AI – AI Threat Landscape 2026

As cyber threats evolve in complexity and impact, organizations need to consider a new strategic direction for addressing "The 2026 Threatscape." This presentation explores whether companies should implement strategies that account for Low Probability, High Impact Events and what it takes to become a High Reliability Organization (HRO).

Organizations that transform into HROs can achieve a return on their cyber-resilience investments and enhanced customer confidence. This requires organizations to acknowledge all failures regardless of size, embrace complexity, empower front-line employees, build resilience and leverage subject-matter experts—all while confronting the rise of AI-powered threats.

In this session, we'll identify potential "undisclosed" risks of significant global disruption and explain why organizations must be perceived as reliable.

Steve Yates - Chairman of the Resilience Association, will share frontline experience on building resilience into both cyber resources and organizational structure. He'll discuss critical scenarios organizations must plan for, while addressing third-party dependencies and the essential human element of cybersecurity.

Key Takeaways:

- Analysis of Low Probability, High Impact Events, with focus on Global Supply Chain vulnerabilities and critical third-party dependencies
- Core components of the High Reliability Organization framework, including principles for embedding resilience processes into daily operations
- Practical strategies for navigating the next wave of Digital Resilience, including challenges to Critical National Infrastructure (CNI) amid technological advancement
- Case studies of recent significant disruptive events that tested major global organizations, with observations on effective defensive capabilities
- Actionable insights for developing a comprehensive strategic approach incorporating training, knowledge transfer, cross-organizational collaboration, and compliance measures

The 2026 Threatscape – Is it Time for a New Strategy?

As AI rapidly transforms the technological landscape, organizations face unprecedented security challenges that mean cybersecurity approaches must evolve. The convergence of AI with enterprise systems introduces new vulnerabilities, from confidential data exposure to emerging threat vectors that traditional security frameworks simply aren't designed to address.

The democratization of AI tools has created a dangerous security gap, with users routinely entering sensitive information and developers uploading proprietary code to public AI systems without adequate safeguards. This vulnerability extends to IoT ecosystems where AI-enabled devices must operate securely even in physically accessible environments—from factory floors to smart buildings. IoT manufacturers typically implement inconsistent, device-specific security protocols rather than adopting industry-standard frameworks, creating fragmented protection against evolving threats.

Cybersecurity leaders play a significant role in this context. They must transition from purely defensive roles to become strategic partners in AI governance, actively shaping AI policy and strategy to address these emerging challenges. Join Rob Clyde, Past Chair of ISACA and Chairman of Crypto Quantique, as he shares essential insights on securing your organization in the AI era.

Key takeaways:

- Learn essential cybersecurity considerations for IoT and other critical systems in the AI era
- Understand how cybersecurity professionals must actively shape AI policy and strategy
- Gain insights from ISACA's recent research on the current state of AI and cybersecurity
- Explore real-world examples of cyberattacks and vulnerabilities involving AI-powered IoT devices
- Discover strategies to address Shadow AI and protect sensitive information in AI systems

Securing the AI Frontier: Evolving Cybersecurity for Tomorrow's Threats

AI is accelerating attacker speed, scale, and creativity. The result isn’t just “more threats,” it’s more inefficient security; overlapping controls, blind spots in identity and SaaS, and testing that lags behind change. The answer isn't in implementing another tool. Instead, it’s about operationalizing control optimization; measuring how each control actually reduces risk in the face of AI-aided techniques and reallocating investment accordingly.

In this talk, Evgeniy Kharam shares a practical, vendor-neutral way to quantify effectiveness: define adversary-centric objectives (ATT&CK-mapped), set baselines, continuously validate controls across identity, endpoint, SaaS, and cloud, and translate outcomes into ROI the business understands. He’ll cover quick wins (days, not months), common pitfalls, and how to use these metrics to justify roadmap and spend for 2026.

Key takeaways:

• A simple model to measure real control effectiveness against AI-driven tactics
• How to find and fix “control drift” created by digital transformation
• What to automate in continuous validation—and what not to
• A board-ready ROI narrative that ties security outcomes to business risk

The Control Optimization Imperative: Security ROI in the Age of AI Threats

As data collection and analysis become increasingly central to business, research, and governance, protecting sensitive information is more crucial than ever. This session will examine the privacy, ethical, and security challenges involved in analyzing sensitive data such as personal health records, financial information, and other confidential datasets. 

Key questions to be addressed include: 
- How can sensitive data be ethically and responsibly analyzed while still protecting individual privacy? 
- What technical and policy safeguards are essential when working with sensitive data? 
- How can risks related to re-identification, unauthorized access, and data leakage be mitigated? 
 
This talk presented industry thought leader Donald Farmer will review best practices and frameworks for enabling secure and ethical data analysis across various industries and applications. Expert perspectives on navigating emerging regulations, managing tradeoffs, and aligning analytical objectives with privacy values will be discussed. Attendees will gain critical insights into analyzing sensitive data securely while upholding public trust and mitigating risks.

Analyzing Sensitive Data: Privacy, Ethics, and Security Considerations

The US data privacy laws in the US are shifting from a "harms-prevention-based" approach to a "rights-based approach exemplified by the European Union's General Data Protection Regulation (GDPR). Following California's lead, four other states, including Colorado, Connecticut, Utah, and Virginia, will begin enforcing new GDPR-inspired statutes in 2023. The shift in the philosophical framework will have profound implications for data privacy protection.

The US has historically allowed businesses and institutions to collect personal information without consent while regulating those uses to prevent or mitigate harm in specific sectors. The EU, on the other hand, has long pursued a rights-based regime for protecting personal information, which holds that data privacy is a fundamental human right. This has roots in Europe's history of suffering through the infamous data collection of the Nazis and the similar collection of data by the formerly communist East Germany's secret police. The GDPR, which became enforceable in 2018, codified several key principles reflecting the Europeans' human rights philosophy. The new laws will be applicable to specific industries and types of institutions and will impose restrictions on industries and institutions regarding their handling of personal information. More states are likely to follow the GDPR in the coming years.

This webinar entails to:
- Introduce the market drivers of the US privacy laws industry and their roles.
- Illustrate the shift in the philosophy underlying data privacy laws in the US.
- Comparison of the US "harms-prevention-based" approach vs the European Union's approach is more rights-based.
- Summary of the EU ‘s General Data Protection Regulation (GDPR), which became enforceable in 2018.
- Understanding how the principles reflected in the new data privacy framework will have profound implications in the years to come.

The New Era of Data Privacy Laws

The difficulties of securing data in cloud-native applications are many, for example:
• There exists a proliferation of data islands, complicating the creation of a unified cloud security view;
• As microservices are created, evolved, and removed, those islands can remain unused—yet still pose a risk to you;
• Propagation and caching of sensitive data between microservices can result in compliance blindness.

That’s not to mention the variety of data storage formats with which IT pros must contend and protect (such as file, object, block, and SQL). Let’s hit the reset button, shall we?

Join us in this Fireside Chat at the Data Security Risks and Challenges BrightTALK Summit to discover 5 principles—based on the basics—with which you can improve cloud-native app security and to see how CNAPP solutions are making a real difference. Tim Miller, Technical Marketing Engineer at Outshift by Cisco joins the discussion with Enterprise Strategy Group analysts.

Securing Your Data in a Cloud-Native Application World

In IDC’s recent survey (Data Loss Prevention Survey, sponsored by Forcepoint, October 2023), 80% of customers indicated they are synching their DLP policies across endpoint, cloud applications (CASB), and web traffic (SWG) but they find it extremely time consuming and resource intensive. Given the option, even more (85%) would choose a single DLP solution that they could manage across endpoint, CASB, and SWG channels.

In this webinar, Frank Dickson, IDC Group Vice President and Jim Fulton, Vice President, Product Marketing show how 31% productivity gains can be achieved as well as cost and time savings by moving to a single DLP solution across endpoint, cloud, and web applications.

Join this session to learn how Forcepoint can solve this problem for you with Data Security Everywhere.

1: IDC’s recent survey (Data Loss Prevention Survey, sponsored by Forcepoint, October 2023, US51335023

Unified DLP Revolution: IDC Unveils Game-Changing Solutions

Data, your most important asset, is growing at a breakneck pace and must be accessible to be useful in today’s business. How do we enable agility and innovation while enabling the necessary security controls? Gaining visibility into your data, where it resides, and who has access can help you proactively limit the scope and impact of a cyber attack. Join our industry experts as they discuss strategies and best practices for a proactive approach to data security.

Make sure to take a look at the attachments as well - we've added extra learnings on how to optimise data protection and provided you with additional resources to help set you up for success.

Strategies and Best Practices for Proactive Data Security

Join the BrightTALK Summits webinar addressing Data Security Risks and Challenges!

Say farewell to the era of weak passwords vulnerable to modern threats. Safeguarding your Active Directory necessitates a robust password policy. Native Windows tools often fall short in tackling today's security challenges and complex compliance requirements. The struggle is real, isn't it?

Introducing the game-changers: Netwrix Password Policy Enforcer and Netwrix Password Secure. Brace yourself for password enforcement that's not only powerful but also incredibly user-friendly. Bid farewell to the headaches and embrace rock-solid security. Your Active Directory will thank you!

Watch this session to discover how to:

- Set up a robust and user-friendly password policy for your Active Directory.
- Prevent the use of weak passwords by customizing dictionaries and cross-referencing against the HIBP database of compromised passwords.
- Simplify password compliance with pre-defined policy templates.
- Enforce the generation of passwords that meet policy requirements.
- Ensure secure password sharing among your employees.

Securing Your Active Directory: The Power of a Resilient Password Policy

The International Standards Organization’s ISO 27701 privacy information management standard is a framework that covers both security and privacy compliance aspects of various privacy regulations around the world. As a certified ISO 27701 Lead Auditor, Ralph Villanueva is more than happy to help the audience and their organizations resolve their data privacy risks and issues by pointing out how to use this very useful framework. 

Tune into this informative talk to learn the benefits of this new frameworks and how to make the best use of it. Even better, this framework will make enterprise-wide privacy compliance more cost effective across geographic locations, and add more value to the audience’s privacy work within the company as well.

How to Leverage ISO 27701 to Fulfill Data Privacy and Compliance Requirements

Staying ahead in the dynamic landscape of data privacy and compliance is not just a necessity but a strategic advantage in order to stay compliant and gain trust from your customers. As we approach 2024, several key trends are emerging that will reshape your understanding of and methodology to these crucial areas. 

Our live talk, on December 5 at 2 pm ET, led by Gary Brickhouse, CISO along with Dan Mengel, Practice Director, Compliance and Jason Eddinger, Senior Security Consultant, Data Privacy will discuss these pivotal shifts that will significantly impact your strategy heading into 2024.

Register today.

Navigating Compliance and Data Privacy Trends Into 2024

There is no shortage of privacy laws and regulations. We keep hearing that the latest privacy laws “will change everything”, but have they made a real difference? This session proposes an alternative approach. Privacy can be treated as an attribute of personally identifiable information and can be managed using data management techniques. Rather than building privacy programs on compliance with laws, it may be more productive to manage the data itself.  

Key takeaways include:
1.      Why and how data privacy has been managed in recent years.
2.      How the compliance-based approach to privacy has shaped organizational approaches to the issue.
3.      How data management principles can offer a different, and perhaps better, way for managing privacy.
4.      How a data management approach would alter organizational structures.

Have We Been Doing Data Privacy The Right Way?

With the explosion in AI, organizations need to be mindful of the security risks that this cutting-edge technology can bring. Rob Van de Veer, Senior Security Director and Trusted EU Advisor, shares how to implement rigorous security protocols in the world of AI engineering, AI lifecycle management, AI models, and privacy controls.

A.I. Security | A strategic guide to implementing security and risk controls

In an era where artificial intelligence (AI) is transforming industries and reshaping the way we live and work, striking the delicate balance between innovation and data privacy compliance is paramount. This session delves into the evolving landscape of AI, discussing how businesses can harness its power while safeguarding sensitive data and adhering to privacy regulations. Explore the challenges, ethical considerations, and strategies that are shaping the future of AI in a privacy-conscious world.

In this session, you will: 
1. Recognize how AI is reshaping industries and business operations, presenting exciting opportunities for innovation.
2. Understand the increasing concern regarding data privacy as AI systems rely on vast amounts of personal and sensitive information.
3. Gain insights into navigating the complex regulatory landscape, including GDPR and CCPA, to ensure compliance in AI projects. 
4. Explore ethical concerns such as bias, fairness, and transparency in AI development and their intersection with data privacy.
5. Learn about strategies and best practices for maintaining a balance between AI innovation and data privacy, building trust with consumers, and staying compliant.

Data Privacy and the Future of AI: Balancing Innovation and Compliance

Data Security Risks and Challenges

Companies need to understand “wicked” problems, and the best way to navigate the organization during periods of uncertainty.

Companies should ask themselves how speedy their response be to a data security incident, when escalating to the senior leadership team, more so when it is an extortion and/or ransomware attack that involves critical data sets.

Tune into this session presented by disaster recovery and cyber resilience expert Steve Yates as he brings to light the crisis management options for those scary technology moments for when super speedy decisions are needed (or are they)?

By the end of the session, you will be able to:
- Be aware of data security incident management processes and procedures. 
- Form an understanding of the need for having a plan (runbooks/playbooks) and agreed crisis escalation process.
- Be conversant with a joined-up thinking approach when reviewing technology incident management that is “fit-for-purpose”.

Data Security Incident Management: What Keeps You Awake At Night? Part 3

Data Security

Incident Management

Incident Response

Incident Resolution

Incident Detection

Security

SaaS

Security as a Service

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Data Security Incident Management: What Keeps You Awake At Night? Part 3

Presented by

About this talk

Information Security