Name: Paradigm Shift: Using NIST Cybersecurity Principles to Drive Risk Strategy
Start: 2021-11-16T18:00:00Z
End: 2021-11-16T19:15:46.000Z
Location: BrightTALK
Rating: 4.6

The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Earn 1.5 CPE Credits on this webinar

Third-party risk management (TPRM) is a crucial aspect of any organization's overall risk management strategy. With the increasing reliance on third-party vendors, contractors, and service providers, it's more important than ever to understand the risks associated with these relationships and take steps to mitigate them.
To effectively manage third-party risk, organizations must be able to track the right metrics. On this CPE webinar, we'll look at the core metrics that organizations should track and how they can be tracked. Attendees will learn about:

• The core metrics that you should track to effectively manage for third-party risk.
• How to identify, measure, and track key metrics to assess third-party risk.
• Different approaches to measuring and tracking third-party risk.
• Practical insights and best practices for effectively managing third-party risk using metrics.

This webinar is designed for risk management professionals, compliance officers, and senior executives who are responsible for managing third-party risk within their organizations. Whether you are new to the field or have been working in third-party risk management for some time, this webinar will provide you with the knowledge and tools you need to effectively track and manage third-party risk.

CPE | Third-Party Risk Management Core Metrics to Track and How to Track Them

Earn 1.5 CPE Credits on this webinar

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is one of the leading frameworks for private and public sector cybersecurity maintenance and used by organizations of all sizes. The Framework helps to secure information systems and guide key decision points about risk management activities through the various levels of an organization from senior executives, to business and process level, and operations.

NIST has issued special publications focused on improving Third-Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM), however this isn’t a light read. With 5 functions, 23 categories, and 108 subcategories, identifying the NIST CSF security controls applicable to cyber supply chain risk management is a daunting task. On this CPE webinar we will address the specific security controls for third-party information security management and explain how to align risk management processes against these requirements, including how to:

- Prioritize and assess third-parties using a cyber supply chain risk assessment process,
- Develop processes for continuously monitoring third-party security postures, and determining control effectiveness,
- Identify security gaps and conduct response action plans with suppliers and third-party providers,
- Track the progress of implementing the NIST framework through a 4-tier maturity scale.

CPE | A Deep-Dive into TPRM & NIST Framework Integration

Earn 1.5 CPE Credits on this webinar.

Active Directory controls access to critical systems and data for organizations around the world — but it is not always managed securely. That makes it a top target of attackers.

How can you best protect your organizations from these attacks? And when they happen, how can you detect them promptly and respond effectively?

Learn from the experts how you can secure your Active Directory from end to end and gain peace of mind. Jeff Forsyth (PreSales Engineer at STEALTHbits Technologies) and Sander Berkouwer (CTO at DirTeam and 14-time Microsoft MVP) will explain how you can:

·   Identify and mitigate AD security risks before attackers can exploit them.
·   Promptly detect and contain active threats.
·   Quickly recover from incidents to ensure business continuity.

 Join us to become the Active Directory security hero your organization needs!

CPE | [Attack]tive Directory: How To Overcome Exploits and Prevent Attacks

Cybersecurity is one of the largest concerns facing businesses today and hackers continuously develop diverse ways of penetrating your cybersecurity defences. By adopting the mindset of a hacker, you can be one step ahead of malicious attacks and improve your cybersecurity infrastructure.

On this CPE webinar our panel of experts will address how and why security gaps arise in IT security posture, and provide some hacker tactics that you can use to identify those gaps. Attendees will gain insights on how to: 

- Conduct a thorough investigation of your systems by “footprinting” your entire system,
- Run penetration tests to identify the vulnerabilities that exist, 
- Perform a gap analysis to catch and close gaps as quickly as they open, across both your own systems or that of third-party vendors,
- Create a culture of cybersecurity with security awareness training to reduce the risk posed by your employees.

Think Like a Hacker: Tactics to Identify Gaps in Your IT Security Posture

The cyber threat landscape grows exponentially each year. Third-party cyber data breaches like the Kaseya data breach, a cyberattack that affected over 1,500 organizations, have prompted regulators to raise cybersecurity standards. In the United States, the Biden Administration aims to improve nationwide cybersecurity with an executive order. The 100-day plan aims to modernize federal infrastructure, improve supply chain security, establish a cybersecurity review board and more.

Gaining visibility into the security risks your supply chain or third-party vendors pose to your organization is a necessity among cybersecurity leaders. Next-generation cybersecurity practices will require organizations to align both internal and external cybersecurity risk processes to create a standardized process to facilitate effective third-party cyber risk mitigation. On this webinar as we explore the intersection of third-party risk management and cybersecurity best practices. We’ll review new strategies and outline the steps to mature your program, and you will learn how to:

∙ Map external third-party risk to internal cybersecurity controls,
∙ Evaluate control effectiveness internally and externally to track issues over time and stay ahead of future incidents,
∙ Prioritize third-party risk projects based on control gaps and domain inefficiencies,
∙ Build a cybersecurity program that protects against internal and external threats.

Aligning Cybersecurity Best Practices with Third-Party Risk

The state of cybersecurity feels volatile. Despite massive worldwide spending on risk management to the tune of $150 billion, cyber attacks keep happening. Ransomware attacks doubled in 2021, with average ransomware recovery costs doubling to $1.85 million and average downtime increasing to 22 days. Within the next few years, nearly half of companies worldwide will experience cyber attacks on their software supply chains. As companies scramble to respond to exploding cyber incidents and a massive threat landscape, they’re looking for cyber insurance coverage to protect themselves. 

But cyber insurers are responding to these industry challenges too. Many are rethinking their underwriting decisions altogether. The result? Stricter underwriting standards, tighter coverage expectations, increased premiums, and more denied applicants. As companies look to gain or expand their cyber coverage and negotiate premiums, they need to effectively demonstrate their risk profile to insurers. By improving their cybersecurity strategy and showcasing the effectiveness of their program, companies have a better chance to get the right cyber insurance coverage at an ideal premium. 

In this webinar, hear from experts in the field of cyber insurance, and learn about:

- A cyber insurer’s strategy to underwriting policies
- The top 10 concerns that cyber insurers have
- How to strengthen your security posture to influence coverage

Register today!

Navigating the Impacts of Your Security Performance on Cyber Insurance

In an interconnected, ever- changing digital world, how well your data is secured across your supply chain is a matter of great importance. Failing to adequately screen vendor security risks can lead to data breaches, which can shut down operations, damage customer trust, and incur hefty regulatory penalties.

Security ratings can help you grade your security performance, as well as that of your third- party vendors, by analyzing how well information is protected from external threats and breaches. Attend this webinar to learn how to use security ratings in TPRM, including how to:

- Grade your security performance and understand risk across your supply chain, including your vendors and business partners,
- Add context to your inherent risk tiers and gain visibility into the health of your vendor ecosystem,
- Increase accuracy across vendor risk assessments and continuous monitoring processes,
Speed up response and remediation efforts with real- time alerts on cybersecurity findings.

How to Utilize Security Ratings in Third-Party Risk Management

In today’s interconnected world of rapid data exchange, GRC Controls impact each and every part of an organization’s cybersecurity posture. Yet, despite this, countless organizations still take a siloed, reactive approach to GRC, often playing a constant game of catch-up. Not only are these businesses likely to miss things, but their approach to cybersecurity is often poorly optimized and they’re spending far more than they need to, investing in outdated manual processes to deal with overlapping requirements.

On this webinar, we will discuss how to streamline GRC controls and optimize cybersecurity risk management processes, to enable leaders to determine what investments best reduce risk with the best return on investment (ROI). Attendees will learn how to:

- Simplify GRC and security operations by reducing the number of controls your organization has to deal with, therefore reducing its workload to test and audit the controls
- Develop a set of controls baselined to the internal and external requirements that your organization needs to meet
- Enable both security process automation and enterprise risk decision-making 
- Shrink your organization's cybersecurity attack surface

Streamlining GRC Controls to Optimize Cybersecurity

Data privacy is a key component in many strict regulatory mandates and a subject of increasing attention from the public at large. To avoid steep fines and attract and retain customers, organizations must ensure the privacy of all the sensitive data they process and store. But what's the best path to achieving that goal?

Join this webcast to learn:

- What the essentials of data privacy include and why it all starts with data security
- How to automate privacy by design
- How to defend against risks to data privacy, including credential abuse and data theft

Data Privacy Essentials

With organizations having an average of over 5500 third parties in their vendor ecosystem, third-party risk management (TPRM) can be overwhelming and costly. Manual approaches to TPRM research and analysis are no longer appropriate. Targeted risk intelligence and automated data feeds can enable organizations to recognize risk sooner and respond with increased operational resilience, reducing the manual burden and cost.

Attend this webinar to learn how to incorporate targeted risk intelligence end enrich your TPRM program, including how to:

- Identify and prioritize the gaps in your security posture 
- Link data feeds to your TPRM platform and enable real-time visibility
- Automatically validate information provided in risk assessments
- Understand inherent risk across third-parties and make Nth party risk more discoverable
- Automate continuous monitoring by setting up risk intelligence feeds to detect changes in a vendor’s risk status, triggering workflow action

Enriching Third-Party Risk Processes with Targeted Risk Intelligence

Earn 1.5 CPE credits on this webinar

The corporate attack surface is rapidly expanding: how can security professionals get ahead of the curve and create resilient organizations?

Recent events suggest that easily-exploitable vulnerabilities are all too common, and they’re not limited to the technologies we commonly consider; Internet of things (IoT) devices could represent the next great risk to the enterprise, not to mention third-party supply chain partners.

The challenge is growing more serious each day. BitSight recently announced the discovery of critical vulnerabilities in a popular IoT device – a vehicle GPS tracker – potentially allowing hackers to track vehicles, remotely disable corporate fleets, and more. Explore media coverage on this research in The Associated Press, Bloomberg, and TechCrunch.

How can security professionals ensure that their organizations are taking advantage of the benefits of technologies without unintentionally creating new risk? In this conversation, you will gain insight into:

● The latest BitSight research into IoT device security.
● Factors contributing to the expanding attack surface.
● New government recommendations for supply chain risk.
● Strategies for continuous monitoring.
● Advice for security professionals on managing IoT and supply chain risk.

Speakers:
● Richard A. Clarke, National Security Expert and Chairman of Good Harbor Security Risk Management
● Pedro Umbelino, Principal Security Researcher, BitSight
● Stephen Boyer, Co-Founder, BitSight
● Jake Olcott, VP Gov. Affairs, BitSight (moderator)

Understanding the Modern Attack Surface: IoT and Supply Chain Risk

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. It disrupts or halts an organization’s operations and poses a dilemma for management: pay the ransom and hope that the attackers keep their word about restoring access and not disclosing data, or do not pay the ransom and restore operations themselves. The methods used to gain access to an organization’s information and systems are common to cyberattacks more broadly, but they are aimed at forcing a ransom to bepaid. 

Organizations must be able to quickly recover from a Ransomware attack and trust that any recovered data is accurate, complete, and free of malware. Fortunately, organizations can implement the NIST Cybersecurity Framework to prepare for and reduce the potential for successful ransomware attacks. Attend this webinar to learn how to go about this, including how to:

- Gauge your organization's level of readiness to mitigate ransomware threats 
- Identify security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events
- Understand how to manage data integrity risks and implement the appropriate safeguards to pretect critical data, systems, and devices from ransomware
- Prepare for and respond to any ransomware attacks that succeed

Preparing for Ransomware with the NIST Cybersecurity Framework

A huge percentage of data breaches start with privileged credential abuse. There are often many privileged accounts that today’s overburdened IT security teams lose track of them. Stop leaving privileged accounts available for attackers to compromise and insiders to misuse! Instead, discover and remove them to achieve zero standing privilege (ZSP).

Join this CPE webinar to discover how to:

· Find accounts with excessive privileges
· Dramatically reduce your attack surface area with just-in-time (JIT) privilege·
· Manage and track all privileged activity in one place
· Implement real-time attack detection and response
· Adopt additional controls detailed in the NIST cybersecurity framework

Utilizing the NIST Framework for Full-Cycle Privilege Orchestration

Earn 1.5 CPE Credits by attending this webinar

It has always been challenging for security leaders to communicate the value of cybersecurity investments to board. Giving transparency about the weakness of organizations can be pretty uncomfortable but, it is essential to increase the Cybersecurity level. As an IT Manager, CISO, or CSO, your understanding of risk and compliance is intimate and understood in infosec terminology. You must offer board executives a set of data to help them make informed decisions based upon the optimal management. 

However, the Board of Directors expect brevity, and examine business practices from a birds-eye perspective. Attend this webinar to learn how to improve your board’s cybersecurity posture by effectively communicating risks in business terms, including how to:

- Create trust with dialogue delivery and engage leadership with universal, non-security terms
- Show metrics to quantify challenges, & categorize in financial terms
- Use data to explain the problem, and share how that same data provides you with a way to solve it
- Help board executives move to an ‘internet everywhere’ approach

How to Effectively Communicate Cybersecurity Risks to the Board

The COVID-19 pandemic and increased geopolitical uncertainty has placed new priorities and responsibilities on the shoulders of risk and compliance professionals. Executives have realized that stronger ERM programs are required to remain competitive in this new era. Risk leaders, in turn, are looking beyond the urgent ERM measures required to handle the pandemic to how an effective enterprise risk management program can be a competitive differentiator for their companies.

 Join us our panel of experts as they identify the top regulatory and compliance trends impacting risk management, and learn how to:

- Implement an enterprise risk management framework
- Integrate risk management with digital transformation
- Develop a more comprehensive risk technology stack and broker C-level ERM buy-in
- Connect the dots between enterprise risk and environmental, social and governance (ESG) agendas
- Plan and demonstrate agility in your risk management program

Top Regulatory & Compliance Trends Impacting Risk Management

Cyber Risk Quantification can help CISOs financially quantify risk for senior executives, identify program gaps, and prioritize areas for improvement. Unfortunately, despite the obvious benefits, many CISOs are struggling to implement cyber risk quantification (CRQ).

Join Jake Olcott, BitSight VP of Communications, Dr. Jack Freund, VP, Head of Cyber Risk Methodology, BitSight, and a featured speaker from Forrester, as they discuss challenges and practical actions that CISOs can take to make CRQ a reality for their organizations, including how to:

- Get started on your CRQ journey
- Achieve CRQ without incurring significant cost
- Operationalize CRQ within your cybersecurity framework
- Align your CRQ strategy to industry standards

Cyber Risk Quantification: Turning the Dream into Reality

No matter how mature a cybersecurity program is, there always remains room for improvement. Digital transformation continually expands the scope of IT processes, and organizations continue to grapple with resource, staffing, and skill challenges. 

On this webinar, we’ll address how to augment staff expertise and resources with automation and continuous control assessments, enabling IT auditors and risk managers to work smarter and:

- Enhance security architecture to improve how segmentation is structured or controls are designed
- Use technology to automate, reduce human error, and focus your team on more strategic areas
- Reduce the time you need to keep up with risk assessments and meet compliance goals
- Optimize SOC processes and Simplify risk initiatives

Optimizing Controls to Mitigate Cybersecurity Risks

Data privacy continues to make headlines and be a concern for many organizations. According to a recent study by CNBC, 23.1% of the 39 CFOs see cyber-attacks as the number 1 external risk to their company. The average total cost of a data breach is $3.62 million, the global average cost per record is $141, the average data breach size is 24,089 records, and the odds of experiencing a data breach are as high as 1 in 4. With global regulations such as the GDPR and CCPA in place and more coming into effect as privacy practices mature, companies must take a very intentional review of the data they collect and how that data is processed across departments to comply with emerging privacy regulations. 

How is your organization managing data privacy? Does your board, executive team, and regulators have the confidence that the risk is being adequately addressed across your value chain?  Join this webinar as our panel of experts discuss how to use technology to close the GRC gap and achieve data privacy, including:

- Define and maintain a set of policies and procedures that indicate the expectations necessary to manage data privacy.
- Evaluate the control environment and provide evidence of sustainable risk management practices.
- Organize omni-channel data and manage privacy concerns from both a GRC and organizational perspective. 
- Translate legislation to business activities to ensure conformance with applicable laws. 
Incorporate globally accepted frameworks.

Data Privacy 101: Using Technology to Close the Compliance & Security Gap

Cybersecurity risks come in many forms, and most importantly, risks are evolving at an increasingly rapid pace. Organizations across industries should work to implement adaptive cybersecurity processes that enable them to predict, prepare and react to the shifting landscape of cyber threats. The NIST Cybersecurity Framework enables organizations to apply the principles and best practices of security to drive risk management and protect against constantly advancing cyber attacks.   Attend this CPE webinar to learn how to go about this, including how to:  - Outline the common security risks organizations face - Define cybersecurity threats, vulnerabilities, and consequences - Map the NIST CSF with security controls and reporting - Develop an established incident response plan

Paradigm Shift: Using NIST Cybersecurity Principles to Drive Risk Strategy

Cyber Security

Risk Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Paradigm Shift: Using NIST Cybersecurity Principles to Drive Risk Strategy

Presented by

About this talk

More from this channel