Open Source: Assessing and Managing External Code in Application Development

All of our organizations are dependent on their supply chain and
having a secure and uninterrupted ecosystem of vendors and partners is critical
to smooth operations. Of course, if it is important to us, then it is a target,
no matter the locale. The recent SolarWinds attack illustrated how a patient
adversary can be successful as they work their way through multiple vendors in a
supply chain to reach their desired target. This infiltration was difficult to
spot and for many, even harder to respond to adequately. These types of attacks
will continue and grow in sophistication. Organizations need to use OSINT and
other vendor tools that can investigate their partners in the supply chain to
gain insight into if they can trust what those applications are doing on their
network. Join DomainTools Senior Security Researcher, Chad Anderson, and
(ISC)2 on March 4, 2021 at 1:00 PM Eastern for a roundtable discussion on supply chain attacks and security,
what tools work and can provide insight into your supply chain and partner’s
infrastructure, and how a good security posture builds from knowing the
inventory and behaviors of what’s running on your supply
chain.

With the massive shift to remote working in 2020, organizations are racing to rethink their security programs to both guard from external attacks as well as manage risk from insiders. Modern approaches to insider threat management must incorporate investments in People, Process, and Technology. This means formalized insider threat management programs; it means investment in insider threat management technologies; and it means building resilience into the fabric of your organization with training.

Join Proofpoint and (ISC)2 on February 23, 2021 at 1:00pm Eastern as we kick off the new year with a discussion about security awareness, education and insider threat management and how best to defend your organization and arm your users to mitigate an insider incident.

XDR (Extended Detection and Response) promises to unite and integrate such security tools as focused on threat protection, detection and response, creating a single megasolution. Such an approach could yield significant benefits for an organization, Join ExtraHop and (ISC)2 on January 28, 2021 at 1:00PM Eastern for an examination on the costs and benefits of this strategy, a discussion of use cases, as well as:

• How to avoid vendor lock-in while still getting the best security tools available

• What XDR is, and what it isn't, including which data sources and security tools are typically included in XDR offerings, and how they work together.

• The advantages and disadvantages of Best of Breed vs. Single Vendor detection and response strategies.

Every organization receives unwanted email and various forms of phishing on a daily basis. Most are common and some are quite unique. Protecting against malicious attachments and links on inbound email is now security table stakes. But with the continuous evolution of cybercriminals, what’s old is new and what’s new is new. They never stop recycling or reinventing. And the cybercrime-as-a-service ecosystem never stops making it easier and cheaper to setup and launch phishing-based campaigns to deliver ransomware, RATs, steal credentials, spread internally, impersonate your executives, or exploit your brand online. Mimecast and (ISC)2 will discuss both popular phishing related techniques as well as newly emerging ones on December 15, 2020 at 1:00pm Eastern. We’ll also discuss various types of defensive techniques, emerging analytics, and user training strategies that can be applied today to better protect your organization.

In most enterprises, you have the phenomenon of tool sprawl - the overlapping abundance of technology in which only 20-30% of a product’s functionality is being used. A product is acquired for a particular use case, then another use case and another, resulting in a potpourri of tools with overlapping capabilities and features. Whether its instances in the cloud, security tools, network management or even the proliferation of personal productivity and LOB SaaS applications, the consequence of technology sprawl is not only financial waste, but also user frustration, security risks, operational inefficiencies, technical debt and lack of visibility into the organization’s processes and functions. Join ExtraHop and (ISC)2 on December 3, 2020 at 1:00pm Eastern as a panel of IT and Security executives discuss the root causes of technology sprawl, a path out of this cycle and the benefits to be achieved.

A panel discussion about (ISC)2 Security Congress 2020

Join thousands of cybersecurity professionals at all levels for three days of industry discussion, continuing education and networking, November 16 – 18. Get your passes at: https://securitycongress.brighttalk.live/passes/

There can be many ramifications of a ransomware incident on an
organization. Financial, reputational and downtime are just some of the more damaging effects a ransomware attack can have. Organizations need to have a plan to deal with such incidents and to understand the marketplaces, economics and latest trends to be prepared. How do you prepare for such an incident? Set aside some money to pay if it happens? Will accounting or even legal allow you to do that? Join DomainTools and (ISC)2 on Thursday, October 29, 2020 at 1:00 PM Eastern for a discussion on the current state of ransomware. We’ll examine traditional ransomware vs RaaS (Ransomware as a Service), how RaaS is being leveraged by threat actors, what Blue teams should know and what to consider about planning, response and cyber/business interruption insurance.

Beyond just capturing “shadow IT” have you reached the full potential of your CASB? With a continuous stream of feature enhancements from User Entity Behavior Analysis to Data Loss Prevention, you may have more capabilities that are going untapped. Leveraging your CASBs to its fullest potential can result in a better security posture for your organization. Join Proofpoint and (ISC)2 on October 1, 2020 at 1:00 p.m. eastern for a discussion centered around CASBs, their potential for better security via threat protection and data protection.

Every organization today is in some state of digital transformation. While the understanding of security needs in the digital age has matured significantly in the last 2 decades, the implication for data privacy and in particular, its interaction with security, are still not well understood. As data regulations and laws continue to evolve, here in the U.S. and globally, organizations require increased understanding of privacy requirements and their impact to technology solutions. Join IAPP and (ISC)2 on September 30, 2020 at 1:00 p.m. Eastern as Bob Lewis and Cathy Scerbo from IAPP, along with Scott Giordano from Spirion, will share the evolution of privacy, discuss key privacy topics like Privacy by Design and the NIST Privacy framework, share their perspectives of the overlap between Security and Privacy and highlight the criticality of understanding the current implications of data privacy today.

Have you heard about Ripple20? It’s a series of 19 vulnerabilities detected in a widely used TCP/IP stack (Treck) could expose hundreds of millions of devices in healthcare and industrial settings to remote code execution and more. The Treck stack has been used in embedded devices for more than twenty years. These devices are hard to identify and more difficult to patch. Should you remove and/or replace these devices? That can get pricey. Join ExtraHop and (ISC)2 on September 17, 2020 at 1:00 p.m. Eastern as we explore the ramifications of this, how to detect vulnerable devices and determine if you should patch or replace.

As IT environments become increasingly complex, teams struggle to keep up and understand the asset management process and that can impact an organization’s cybersecurity posture. Companies spend millions on security solutions, but oftentimes cannot validate that they are deployed or preforming as they should. Join Axonius and (ISC)2 on September 3, 2020 at 1:00p.m. Eastern as we discuss the hurdles associated with implementing a cybersecurity asset management program at your company — and why it’s more important than ever to have a foundational understanding of the assets in your environment. We’ll look at:

· The challenges that come along with implementing modern asset management for cybersecurity
· Real-life stories that highlight the successes seen with cybersecurity asset management programs

· The pitfalls, hurdles, and lessons learned about cybersecurity asset management from industry leaders and practitioners

This webinar will feature several industry professionals within the information security industry who've held a variety of roles ranging from security architect, consultant and sales engineer to marketer to recruiter and CISO. The panel will discuss career direction and offer attendees new ideas and provocative thoughts on the various roles available throughout a security career. Join (ISC)2 on July 21, 2020 at 1:00PM Eastern for a discussion of the daily tasks involved in each respective area, the joys and the pitfalls, the qualifications typically necessary, and ways to go about getting different positions.

Many of us have embraced machine learning (ML) and even artificial intelligence (AI) for decreasing the time in detection and response for attacks, but our adversaries have also seen the promise of this technology. Offensive Machine Learning has bad actors using these tools to optimize tasks (like password cracking and other brute force methods), as well as creating “Deep Fakes” (for targeted impersonation and phishing attempts). Adversarial Machine Learning sees attackers using their understanding of machine learning to find blind spots and biases in ML platforms and models and exploit those. Join Domain Tools and (ISC)2 on July 16. 2020 at 1:00PM Eastern for a discussion on how organizations can better position their blue, red and purple teams to understand these automated platforms to protect themselves and do their tasks more effectively.

We know that integrating security operations (SecOps) and network operations (NetOps) teams can lead to faster response and improved productivity. And in the current situation we find ourselves (with budgets slashed and personnel laid off or furloughed), collaboration and shared visibility between the two teams can help IT and cybersecurity organizations adapt to changing requirements. Integrating the two operations can help you eliminate redundant tools, break down data silos, streamline processes, and optimize your budget. Join Extrahop and (ISC)2 on June 25, 2020 at 1:00PM Eastern for a discussion on why now is a great time to tackle this challenge and how you can go about doing so.