The New Global Risk Standard; Putting It to Work in Your Organization
In this intermediate-level seminar you will learn about the critical components that make up what we believe to be the new de facto risk assessment standard which is being used by companies around the world. The big ‘take-away” from this presentation is that we can significantly increase our abilities to contend with risk assessments that require us to incorporate risk attributes such as level of business impact, threat duration, level of risk forewarning, and many others in a mathematically valid way. We can also contend with complex (multi-objective) governance decision-making that confound teams dealing with risk mitigation planning, cyber security threats and regulatory compliance challenges.
For years companies have struggled to enhance risk assessment policy and standard operating procedures (processes). More recently, these issues have been significantly broadened with our new-found emphasis on the need to guide “good governance”. What we have needed is a global risk and governance (decision-making) standard that not only produces more consistent risk assessments but also more optimal governance decisions. The newly emerging standard helps us to achieve significant increases in forecasting accuracy and in work efficiency while transforming how we link and integrate the following activities:
· All Forms of Strategic Planning
· Risk Assessments & Risk Mitigation Planning
· Control Self-Assessments (CSA’s)
· Surveys and Polls
· Process Maturity Modeling and Best Practice Assessments
· Industry Benchmarking (peer averages, best-in-class performance, etc.)
RecordedJan 17 201349 mins
Your place is confirmed, we'll send you email reminders
As organizations continue to ramp-up their migration to cloud-based environments, they will need to account for the associated security and control risks. There are hidden dangers and blind spots that arise through the use of virtualization technology in the data center. These hidden dangers and blind spots become more prevalent as business-critical applications are increasingly deployed on the public cloud. This is a problem considering that an organization’s operations are dependent on a cloud environment that inherently has a huge visibility gap.
Many are now making the necessary changes to keep data secure in the cloud. This talk will focus on how to pragmatically accomplish cloud security through increased emphasis on cloud network visibility and cloud access security brokers. Enterprises that can properly implement appropriate cloud network visibility and cloud access security brokers will experience a third fewer security failures. Learn about practical steps and tools that you can use for accomplishing cloud security in your organization.
Contrary to the fear around malicious insiders and external hackers, the Information Commissioner's Office recently reported that the most common data security incidents reported to them are all due to inadvertent human error (incidents like misaddressed emails and laptops being left on trains).
In the face of game-changing regulatory changes like GDPR, it's crucial that information security and data protection professionals prioritise addressing the most prevalent risks first, not the ones that appear the scariest.
This webinar is ideal for any security professionals looking to understand the regulatory and data protection landscape; reduce vulnerabilities; respond to threats more effectively and remediate breaches more effectively.
This webinar will discuss the merits of CensorNet's Multi-Factor Authentication system and how mobile devices can drive adoption and productivity.
This webinar is ideal for security professionals who are keen to ensure that the correct devices are accessing the network and no malicious devices are breaching the security protocols to compromise the network. Mobile devices are key to ensuring employee mobility but need to come with the appropriate security checks and balances.
Social Media has come of age. Collectively, social platforms have attracted two-thirds of the world’s internet users with more joining every day. This ubiquity has lead many organisations to make social an integral part of their digital channels strategy, along with their web presence and mobile apps.
For organisations engaging in social media, the importance of having an advanced social media strategy is more critical than ever.
During the session you will learn:
* The attack methods hackers use to exploit social media platforms and profiles.
* Which weaknesses cyber criminals look for so you can protect your company’s social media reputation.
* How to strengthen your security approach to combat social media threats.
* The defense techniques an organization must employ to prevent social phishing attacks, brand impersonation, recruiting scams, customer service impersonations, malware attempts, RDC, and more.
Financial services firms face increasing risk from both advanced attacks and insider threats. Responsible for protecting sensitive data on a massive scale, it’s understandable Security Professionals feel overwhelmed. But just like the human body when under attack, we need to treat the illness and not just the symptoms. By strengthening our immune system, we encourage the body to self-heal and remain resilient. In this informative webinar, learn from Absolute how to apply this same methodology to information security. Gain actionable insights on how to balance the emphasis between detecting threats and preventing them in the first place, starting with visibility, allowing you to see the forest and the trees.
CEO Richard Hibbert & Head of Products, Oliver Vistisen
The GDPR comes into force 25 May 2018 and this will have a significant impact on the way in which organisations collect, process and share data. Companies that fail to prepare for the GDPR risk incurring hefty fines of 20m euros or 4% of world-wide revenues, whichever is greatest. As such all organisations need a strategy for GDPR. By implementing a structured approach through the use of cloud-based applications, organisations will be able to effectively achieve and maintain compliance.
In this webinar we will: explore the key provisions of GDPR, examine the challenges organisations are facing with the new rules, provide guidance for Risk Managers, Compliance Leaders and other IT Professionals on how to approach these challenges, then demonstrate how our cloud-based GDPR Applications Suite can provide effective solutions that ensure your business can achieve and maintain compliance
Key network infrastructure devices are overlooked yet they provide critical functionality. Exploiting web application weaknesses and service buffer overflows is exciting, but the housekeeping of network infrastructure is not. Issues in network infrastructure devices can lead to network wide problems that would cause system admininstration nightmares. This presentation provides a review of key security devices, often side-lined when looking at security. It covers the value of these devices to "Blue Teams", issues "Red Teams" can highlight, desired outcomes and auditing practices.
Chris Matthieu, Director of IoT Engineering, Citrix, John Smith, Principal Solutions Architect, ExtraHop Networks
In the ever-evolving world of persistent threats to your environment the only way to keep up with malicious actors is by utilizing behavior based profiling. In this webinar, we will show how you can rethink the network to detect and remediate threats in real time. When wire data visibility from ExtraHop meets automated response from Citrix Octoblu you're able to protect your environment without having to spend all your time wading through alerts.
This webinar is perfect for any network or security professionals who are keen to maintain optimum visibility accross their entire network, allowing them to neutralise threats and reduce vulnerabilities.
About the presenters:
John Smith is Solutions Architect at ExtraHop and author of the wiredata.net blog. He is a Citrix Technology Professional and 16-year IT veteran specializing in application delivery, event correlation, security, web applications, and application virtualization. John’s background gives him an invaluable perspective on the challenges facing IT, and creating new approaches to deal with them. Follow him on Twitter: @jmsazboy
Chris was the co-founder and CTO of Octoblu, a revolutionary real-time IoT platform recently acquired by Citrix. Octoblu connects things, systems, people and clouds to a global mesh network allowing users to automate and control design flows, processes and sensor data, and analyze/react to real-time events and messages as well as big data trends and anomalies.
Follow him on Twitter: @ChrisMatthieu
Join us to learn about the top predictions for 2017, as identified by Kaspersky Lab's Global Research & Analysis Team (GReAT). Gain the latest intelligence on the threat landscape and our predictions for 2017
We face a future of increasingly subtle and sophisticated threat factors; a world where traditional clues and indicators are no longer enough on their own to identify and block attacks; where information is wielded as a weapon, misdirection is king, and global networks of connected devices can be used to paralyse the Internet. What does this mean for business in 2017?
Kaspersky Lab UK's Principal Security Researcher, David Emm, shall present the Who, What, How and Why in Kaspersky Lab's predictions for 2017 and explain how they will affect the cyber-security landscape throughout the year.
- Who: The business sectors we predict will be particularly targeted in 2017 and who will attack them.
- What: The data, behaviour and habits that will expose businesses to increasingly sophisticated threat factors.
- How: The technical methods through which businesses will be targeted.
- Why: What Kaspersky predict to be the endgame of 2017's cyber-criminals.
Stephen Pritchard - InfoSecurity Magazine, Bob Tarzey - Quocirca, Nathan Dornbrook - ECS, Tom Salmon - LogRhythm
Good security operations have never been more critical for a business than today. More and more businesses are suffering damaging breaches. Outdated or overly complex security measures are a barrier to productivity, and to adopting new technologies.
Plus, manual processes and a lack of visibility into unusual network behaviour by a user, machine or network device, can slow a security team down.
How can advancements in security technology help to connect, unite and enable better processes to help drive greater business agility?
In this webinar we will address:
• SIEM’s role in enabling fast detection and response to modern-day threats
• Implementing a security strategy that protects company assets and aligns to business objectives
• How having faster access to the right data at the right time, enables better decision making and increased productivity
• How to modernise your operations with real-time visibility and actionable intelligence
Palo Alto Networks: Georgie Barrat, Greg Day, Christian Doolmann, Marion Gauthier
Cyber Defence Today - Episode 2
Welcome to the Decembers episode of our Cyber Defence Today series, finishing off 2016 with a high!
The session will look back at the year in review and the lessons that should be learned, as well analysing what's coming up in 2017; the key threats and vulnerabilities to watch out for!
The session will be hosted by leading technology journalist Georgie Barrat, who will be speaking with IT Security Experts from all over Europe, discussing recent Cyber Security events and what they can mean for your organisation. The episode will also feature panel discussions where our top-class selection of thought leaders will break down the challenges facing the security community, both today and on the horizon in the new year.
December’s episode will feature:
- Greg Day’s Cyber Security Predictions for 2017
- How ‘Aperture’ will revolutionise the way companies approach their internet security
- Silver Terrier: That Nigerian Prince has evolved his game
Moshe Elias, Director of Product Marketing and Scott Poretsky, AVP Solutions Architect
The Distributed Denial of Service (DDoS) attack launched Friday, October 21, against Dyn - one of the largest managed DNS infrastructure providers - was the most destructive attack to date launched from an IoT botnet. The threat of mega attacks launched from infected connected devices is now a reality that dramatically changes the paradigm for mobile and fixed operators whose core infrastructure is susceptible to global attacks that are large enough to significantly disrupt subscriber quality of experience (QoE).
Join us in this webinar to learn:
•The impact of IoT driven DDoS mega attacks
•Architectural approaches to volumetric DDOS mitigation
•How to measure and maintain subscriber quality of experience during an attack
It is critical for organizations to onboard new technologies and improve processes to remain competitive. Yet, safely navigating a migration or consolidation project can be challenging.
The ExtraHop platform takes the guesswork out of application and data center migration by providing complete visibility and performance metrics that make clear the risks, but also support the success, of projects at any scale. By knowing before going, you can avoid unnecessary downtime and be sure that your user experiences remain consistent.
In this webinar, ExtraHop' Nick Brackney explains how the ExtraHop platform helps to ensure successful migrations and consolidations.
Alvaro Vitta, Principal Software Architect, Quest Security
Enterprises are rapidly adopting cloud-based Office 365 to empower their workforce, reduce cost and boost productivity. Because Office 365 relies on Microsoft Azure Active Directory (AD) to provide directory services for Office 365 applications, it can introduce critical security weaknesses in hybrid scenarios where on-premise AD user profiles are projected into the cloud (which is the case for over 75 percent of enterprises with more than 500 employees).
The 2016 Cloud Security Report confirms that 53 percent of organizations see unauthorized access through misuse of employee credentials and improper access controls as the single biggest threat to cloud security.
Join the Office 365 security webinar and learn from cloud security expert Alvaro Vitta how to:
- understand the dangers and pitfalls of not properly securing Active Directory for Office 365,
- continually assess who has access to what – permissions, privileged groups, sensitive business groups, GPOs and data,
- detect and alert through real-time monitoring when suspicious activities occur,
- remediate and mitigate unauthorized actions across AD and O365 environments,
- respond to alerts quickly to minimize damage from unsanctioned changes,
- investigate and recover faster across your O365 environment.
James Carder, LogRhythm CISO and VP of LogRhythm Labs
A SOC is a major component of a company’s GRC operations, as well as a critical IT center. But having your own SOC means more than just employing a couple of analysts to read log files. Do you know what kind of budget and expertise you’ll need to have if you decide to build your own SOC?
In this webcast, James Carder, LogRhythm CISO and VP of LogRhythm Labs, discusses the decision-making process you’ll need to go through before you build your own security operations center (SOC) and the impact it will have on your organization.
•The build vs buy trade-offs for a SOC
•The impact of a SOC on your GRC program and processes
•A SOC’s role in meeting compliance requirements
•Questions you should be asking before building a SOC
Watch now to learn the factors that go into planning for, building, and maintaining a modern SOC.
We all know that technology plays a role in our everyday life but do you know the extent of that role? Advertising tells us to spend more and more of our life online and embrace technology in our homes, cars and everywhere else a microchip can be placed.
But nowhere is there a message about the consequences of the misuse of that technology. 2016 has seen a rise in the number of incidents involving ransomware, IoT, and simply well intentioned connectivity gone wrong. That momentum is set to continue into 2017 and beyond.
Although past performance does not guarantee future results, this session will focus on what we have seen this year and what we expect to see in the near future.
The rise of attacks resulting in huge business losses have brought cyber security into the board room. Prior to the Target breach, the board of directors was not very interested in cyber security. However, things have changed, and we see more and more CISOs reporting into the CRO, CFO, or CEO and not the CIO. Put simply, if you report into the board more than once or twice a year you have to be speaking their language.
Cyber breaches have impactful results. In 2015, Target’s CEO Gregg Steinhafel, a 35-year employee of the company with the last six at the helm, was forced to resign in light of the recent holiday-season credit-card security breach that affected 40 million customers.
As a result, we are seeing a major shift in corporate cybersecurity policy. The board of directors is no longer interested in check box compliance. They are understanding their role much better. They are responsible to ensure that cyber controls are in place that protect business assets of the firm in alignment with their risk tolerance.
Lydia Kostopoulos, PhD, Principal Consultant - Cybersecurity (Human Risk), @LKCyber
As the sophistication of encryption and technical defences rises each year, so do the attacks against the people in organizations. Hence the rise in PICNIC = Problem In Chair, Not In Computer.
This session gives an overview of the latest insider threats facing critical infrastructures and how they can compromise air-gapped networks. It provides proactive, preventative and defensive measures to manage the risk, and concludes with a discussion of the responsibilities organizations who manage critical infrastructures have to support national security, the well-being of society and economic prosperity.
Josh Goldfarb, VP, CTO - Emerging Technologies, FireEye, Inc.
Tis the season of predictions looking ahead to 2017 and paying lip service to the threat landscape. Not a fan of either of those? You’re not alone. Join FireEye in this BrightTalk webinar where we’ll discuss more than just the threats that may or may not be awaiting us in 2017. We’ll discuss real attacker tactics and techniques, along with how you can actually counter the risk they present.
As 2016 draws to a close, security professionals worldwide will be left pondering another year of publicised breaches, vulnerabilities and threats. So what are the key takeaways and how can global security events from the past 12 months inform your plans for 2017?
We’ve asked a panel of experts from the SecureWorks Counter Threat Unit (CTU), our highly-trained team of experienced security researchers, to paint a picture of threat actors and their tradecraft across the globe by sharing their views on 2016’s most significant security events. The panel will end the session by providing actionable insights and recommendations for organisations to factor into their security strategy in 2017.
Join this exclusive webcast to gain CTU insight on the following topics and more:
- eCrime trends including the rise of ransomware, business email compromise and the Mirai IoT botnet activity
- Nation state sponsored threats and whether organisations are set up to defend against them
- How organisations can use threat intelligence gathered in 2016 to improve security
Your Resource for Information Security Trends & Education
With over 280,000 members, the Information Security Community is the largest community of cybersecurity professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.
The New Global Risk Standard; Putting It to Work in Your OrganizationPhil Wilson, Founder & Chairman RuleSphere International, Inc.[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]49 mins