Name: A Deep-Dive into TPRM & NIST Framework Integration
Start: 2023-04-20T17:00:00Z
End: 2023-04-20T17:01:15.000Z
Location: BrightTALK
Rating: 4.7

The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Earn 1.5 CPE Credits on this Webinar

Understanding the intricacies of nth party relationships is paramount for effective risk management. Optimizing risk classification in nth party relationships entails a multifaceted approach geared towards enhancing visibility, comprehending dependencies, and implementing proactive risk management strategies. 

In this webinar we will delve into the concept of nth party relationships, the inherent risks involved, and strategies for optimizing risk classification in these relationships. Attendees will gain insights on:

- Advanced machine learning methodologies and how they can enhance risk scoring and classification systems. 
- Strategies to integrate risk scoring and classification systems with diverse data sources, including fraud detection systems, ICT systems, and transactional systems, to foster a comprehensive view of data. 
- The benefits of implementing ongoing monitoring processes and increasing automation in forensic analytics processes, as well as integrating with blockchain technology for heightened security and data integrity.
- How social media and text analytics can help augment risk scoring and classification systems by providing valuable insights into individual behaviors, entity interactions, and emerging events.

CPE | Optimizing Risk Classification in Nth Party Relationships

Earn 1.5 CPE Credits on this webinar

In today's fast-paced digital landscape, businesses face numerous challenges in achieving security, compliance, and operational efficiency. While Governance, Risk, and Compliance (GRC) processes are critical for success, effective collaboration between InfoSec and GRC teams often proves elusive for many organizations. This lack of collaboration leads them to miss out on improvements in risk management, compliance, and resilience against cyber threats. On this webinar our panel of experts will delve into the symbiotic relationship between InfoSec and GRC, exploring strategies to unlock their full potential, and attendees will gain insights on:

- The interconnected roles of InfoSec and GRC within an organization's risk management framework.
- Common challenges and barriers to effective InfoSec and GRC collaboration, along with practical solutions for overcoming them.
- Strategies for fostering communication and collaboration between InfoSec and GRC teams to enhance overall cybersecurity posture.
- How to leverage integrated tools and technologies to streamline processes and facilitate seamless cooperation between InfoSec and GRC functions.

CPE | Unlocking the Potential of InfoSec & GRC Collaboration

Earn 1.5 CPE Credits on this webinar

Today, most security and IT teams are dealing with an attack surface that is exponentially larger than it used to be, and many organizations lack full visibility into their entire asset landscape. Networks often include hundreds or thousands of networking devices, security products, IoT devices, and connected OT systems; and businesses are relying more and more on third-party code and apps to get their work done.

On this webinar we will explore actionable strategies for reducing your attack surface and defending against third-party risks, and attendees will gain insights on:

- The different types of attack surfaces, including digital, social engineering, and physical. 
- Common attack vectors utilized by threat actors, such as vulnerable web components, phishing emails, weak credentials, malware, and misconfiguration exploits. 
- Innovative approaches to attack surface reduction, including meticulous inventory management, access restriction, network segmentation, and comprehensive employee cybersecurity training.
- Effective strategies to combat threats and mitigate third-party risks.

CPE | Fortifying Your Attack Surface: How to Defend Against Third-Party Risks

In today's complex threat landscape, cyberattacks are inevitable. Malicious actors are becoming increasingly sophisticated, financially motivated attacks are becoming more widespread, and new malware families are being discovered daily, making it even more important for organizations — of all sizes and across industries — to have a plan of attack in place.

On this webinar, we will explore essential CISO strategies aimed at preventing surprises before, during, and after a cyber incident. Attendees will have the opportunity to earn 1.5 CPE credits while learning how to:

- Develop a comprehensive cyber incident response plan complete with detailed frameworks that delineate roles and responsibilities. Participants will also discover methods for continuously testing and refining these plans to effectively counter evolving threats.
- Cultivate engagement with business leaders to nurture a culture of cybersecurity awareness. This includes ensuring stakeholders grasp their roles and responsibilities should an attack occur.
- Prioritize effective communication strategies during a cyberattack.
- Harness postmortem analyses to fine-tune response strategies and bolster cybersecurity resilience.

Join us as we equip you with the necessary tools and insights to navigate the complex landscape of cyber threats and emerge stronger in the face of adversity. Don't miss this opportunity to enhance your organization's cybersecurity readiness and resilience. Register now!

CISO Strategies to Manage Cyberattacks in the Age of Vulnerabilities

The clock is ticking on PCI DSS v3.2.1. On 31 March 2024, PCI DSS v3.2.1 will be retired, making the transition to PCI DSS v4.0 essential for organizations involved in payment data security. 

Join us to gain valuable insights, practical tips, and expert guidance to ensure your organization's successful transition to PCI DSS v4.0. Our panel of experts including the PCI Security Standards Council will guide you through the essential steps for a seamless transition, including:

- The importance of starting the transition process now to ensure a smooth and efficient shift to PCI DSS v4.0 before the retirement of v3.2.1.
- The significance of maintaining existing security controls, even as you implement changes for PCI DSS v4.0, to ensure ongoing protection of payment data.
- How to navigate the changes in PCI DSS v4.0 by understanding the requirements, mapping them against current security controls, and analyzing their impact on your organization.
- Customized approaches for PCI DSS v4.0 validation, considering your organization's security strategy and risk management approach.

Live attendees will earn 1.5 CPE credits on this webinar. Register now to secure your spot and prepare your organization for the future of PCI DSS!

Preparing for PCI DSS 4.0: What You Need to Know

In today's data-driven landscape, safeguarding sensitive information and mitigating the risk of data breaches and compliance violations is paramount. Organizations grapple with the ever-evolving challenges of managing data access while ensuring the utmost security for their vital data assets. 
We invite you to join us with Scott Augenbaum, a retired FBI Supervisory Special Agent and cybersecurity expert. 

Scott will share  real-life case studies, emphasizing the importance of robust Data Access Governance in the digital age, and we will delve into the following key topics:

- The Four Truths About Cybersecurity
- The Significance of Data Access Governance in Today's Business Environment
- The Essential Components of a Robust Data Access Governance Program
- Navigating a Full-Cycle Data Access Governance Program: A Comprehensive Approach
 
Join us to gain a deeper understanding of data access governance best practices and discover how to empower your organization to navigate the complexities of data security with confidence.

Data Access Governance in Action: Ensuring Data Security

As technology continues to advance, the critical necessity of investing in robust cybersecurity measures becomes increasingly clear, ensuring the integrity of our digital society. On this webinar we will address the key components of cybersecurity risk management, understanding that organizations cannot eliminate all vulnerabilities but can prioritize and mitigate the most critical threats promptly. 

Attendees will gain valuable insights into the practices for seamlessly integrating cybersecurity into the enterprise risk management framework, and learn how to:

- Implementing a risk management approach that identifies and addresses the most critical vulnerabilities first, ensuring timely and effective responses.
- Identify value-creating workflows that generate the greatest business value and define their associated risks. 
- Conduct effective cybersecurity risk assessments and equip participants to make informed decisions about risk mitigation measures.
- Navigate common threat vectors, and discover effective mitigation strategies to minimize the impact of these threats on organizational security.

*As per NASBA requirements attendees must attend the LIVE webinar for CPE credit.

Cybersecurity 101: How to Manage IT Risk like a Pro

Join us as we explore the latest advancements in securing software supply chains. As the digital landscape evolves, so do the threats to software integrity. The National Institute of Standards and Technology (NIST) has updated its guidelines to address these challenges, and this webinar will provide a comprehensive understanding of how to leverage NIST 2.0 for robust supply chain security. By attending you will earn 1.5 CPE credits and:

- Gain a thorough understanding of the key components and updates in the NIST 2.0 framework. 
- Learn practical strategies for identifying, assessing, and mitigating risks within the software supply chain. 
- Explore the incident response and continuous monitoring aspects of NIST 2.0 to enhance your organization's ability to detect and respond to security incidents promptly. 
- Understand how to implement effective monitoring mechanisms for ongoing evaluation and improvement of software supply chain security.

Don't miss this opportunity to stay ahead in the ever-evolving landscape of software supply chain security. Whether you are a developer, IT professional, or security expert, this webinar will equip you with the knowledge and tools needed to safeguard your software supply chain effectively. Register now to secure your spot!

Who Should Attend:
IT and Security Professionals
CIOs, CISOs, and IT Directors
Risk and Compliance Managers
Business Owners and Executives
Anyone interested in enhancing their organization's cybersecurity posture

Enhancing Software Supply Chain Security with NIST 2.0

In today's interconnected business landscape, companies rely on third-party vendors and partners for various critical functions, but this dependence comes with inherent risks. Ensuring compliance and mitigating these risks is crucial for safeguarding your organization's reputation, financial stability, and regulatory adherence. The use of AI is a game-changer in this realm, as it empowers businesses to streamline processes, enhance decision-making, and optimize their resource allocation. 

Attend this webinar to discover how cutting-edge artificial intelligence (AI) technologies are revolutionizing the way organizations manage third-party risks and compliance, ultimately leading to improved returns on investment (ROI). You will learn how to:

- Convert business requirements into workflows with AI, enabling all users to tap into advanced operations, leading to cost and time savings.
- Engage in a conversational approach to data with AI, offering real-time, deeper insights which drive smarter business decisions and enhanced profitability.
- Use AI to dramatically simplify the supplier onboarding process. 
- Empower users to kick-start processes by simplifying forwarding emails or PDFs, slashing response times and ensuring seamless, efficient interactions.

Boosting ROI in Third Party Risk and Compliance with AI

In today's complex business landscape, effective Third-Party Governance, Risk Management, and Compliance (GRC) strategies are paramount for organizations seeking to thrive and maintain trust in the global marketplace. However, without the support of executive leadership, implementing and maintaining a robust third-party risk management program (TPRM) can be an uphill battle. On this webinar we will address strategies to secure executive buy-in and ensure the success of your third-party risk management program.

Attendees will learn how to showcase the substantial ROI that investing in third-party risk management can yield, reducing annual loss expectancy from third-party-related adverse events, including how to:

- Craft a persuasive business case that emphasizes the financial benefits of a TPRM program,
- Enlist an executive sponsor from the C-suite and equip them with the knowledge and enthusiasm needed to champion your TPRM program effectively,
- Build alliances across various organizational functions and align your third-party GRC program with the broader strategic objectives of your organization,
- Integrate your TPRM processes into official company policies.

Transforming Third-Party GRC Strategies with Executive Buy-in

In today's rapidly evolving IT landscape, identity systems, especially Microsoft Active Directory (AD) used by over 90% of enterprises, are under consistent threat. As such, safeguarding identity systems is no longer an option; it's a necessity. 

Join us for this illuminating session led by Dirk Schrader, VP of Security Research at Netwrix, where he’ll delve into the depths of Identity Threat Detection and Response (ITDR) — a term introduced by Gartner to describe tools and best practices to protect identity systems. 

Dirk will uncover the insidious ploys utilized by cybercriminals to exploit identity infrastructure misconfigurations and vulnerabilities. Gain a comprehensive understanding of critical ITDR capabilities you need to prevent, detect, respond to, and recover from identity-based threats. 

Also, Dirk will demonstrate how Netwrix cutting-edge solutions empower organizations to efficiently defend against identity-based threats. 

Join this enlightening session to:
• Understand why identity-based attacks are one of the top security threats today. 
• Gain insights into the stealthy tactics that cybercriminals use to compromise identity systems.
• Learn the multi-layered strategy to prevent, detect, and respond to identity-related threats.

By the end of this immersive session, you will be equipped with actionable insights and advanced strategies to secure your key identity store — Active Directory, effectively navigating the intricate challenges posed by contemporary identity threats in the ever-evolving cybersecurity landscape.

Identity Threat Detection & Response: Mastering the Next Era of Protection

Cybersecurity and compliance go hand in hand. In this webinar, we will delve into the latest cybersecurity disclosure rules mandated by the U.S. Securities and Exchange Commission (SEC) and explore how organizations can effectively navigate and comply with these regulations. 

Join us to strengthen your organization's cybersecurity posture and resilience against cybersecurity risks, as we take a deep dive into the new rules and the specific reporting processes set to take effect on December 15, 2023. Attendees will earn 1.5 CPE credits and learn about:

• The recently enacted SEC cybersecurity disclosure rules and their implications for publicly traded companies.
• Best practices for aligning cybersecurity policies and practices with regulatory requirements to ensure compliance.
• The core cybersecurity practices necessary to establish a resilient compliance posture.
• Actionable takeaways and a roadmap for implementing robust cybersecurity disclosure practices within their organization.

Adopting the New SEC Cybersecurity Rules for Compliance Resilience

In today's dynamic business landscape, effective risk management is essential for organizations to safeguard their assets, reputation, and long-term success.

During this CPE accredited webinar, our expert panel will delve into the intricacies of measuring the return on investment (ROI) of your risk management program. We will explore practical strategies, methodologies, and key performance indicators (KPIs) to help you quantify the value your risk management initiatives bring to your organization. 

Attendees will learn how to:

• Define and align measurable objectives for your risk management program.
• Identify relevant KPIs to assess the effectiveness of your risk management efforts.
• Techniques for collecting and analyzing data to measure ROI accurately.
• Evaluate the financial and non-financial impact of risk management activities.
• Communicate ROI findings to stakeholders for enhanced decision-making.

How to Measure the ROI of Your Risk Management Program

In today's interconnected business landscape, organizations heavily rely on third-party vendors, suppliers, and partners. While these collaborations offer numerous benefits, they also introduce potential risks and vulnerabilities that need to be proactively managed.

In this CPE webinar, our panel of experts will delve into the latest strategies, tools, and techniques empowered by artificial intelligence (AI) that can revolutionize your organization's approach to identifying, assessing, and mitigating third-party risks. Attendees will gain valuable insights into leveraging targeted Risk Intelligence, enhanced by AI, to drive effective TPRM. 

Join us to gain an understanding of:

• The concept of targeted Risk Intelligence and explore how AI can amplify its application in enhancing TPRM.
• Potential risks and vulnerabilities associated with third-party engagements through the integration of AI-driven risk assessment methodologies.
• Practical strategies for mitigating third-party risks by harnessing the power of targeted Risk Intelligence complemented by AI capabilities.
• The transformative potential of automation, analytics, and AI in streamlining risk assessment processes, empowering data-driven decision-making, and ultimately enhancing the overall effectiveness of your TPRM practices.

Harnessing AI for Enhanced TPRM: Driving Targeted Risk Intelligence

In today's interconnected business landscape, managing risks associated with third-party relationships has become crucial for organizations across industries. Continuous Controls Monitoring (CCM) offers a proactive approach to monitor and mitigate risks by continuously evaluating controls and compliance measures. 

Join our expert panel on this CPE webinar and equip yourself with the knowledge and practical guidance needed to implement CCM effectively for third parties, and:

• Understand the significance of CCM in the context of third-party risk management: Discover why traditional point-in-time assessments are no longer sufficient and how CCM provides real-time insights into the effectiveness of controls implemented by third parties.
• Learn the key steps involved in implementing CCM for third parties: Gain practical knowledge of the step-by-step process required to establish a robust CCM program, including defining control objectives, selecting appropriate monitoring techniques, and setting up an automated monitoring system.
• Explore best practices for selecting and assessing third-party controls: Identify the critical factors to consider when evaluating third-party controls and gain insights into effective control assessment methodologies that align with CCM principles.
• Discover strategies to enhance third-party risk mitigation through CCM: Explore how CCM enables organizations to identify and address control gaps and non-compliance issues in real time, enhancing risk mitigation efforts and fostering stronger relationships with third parties

Key Steps to Implement Continuous Controls Monitoring for Third Parties

This is an exclusive immersive workshop, where you'll have the opportunity to explore various critical security aspects, such as safeguarding against insider threats, preventing unauthorized access, and eliminating local admin rights. The best part: you'll have the power to choose which problems our experts will face! The session will be filled with practical insights, best practices, and an in-depth demonstration of the Netwrix PAM Solution, showcasing how it can revolutionize your organizational security posture.

Join us for an interactive webcast featuring two cybersecurity heroes from Netwrix: Jeremy Moskowitz and Martin Cannard. Jeremy Moskowitz, CTO, and Founder of PolicyPak, and an 18X Microsoft MVP, brings his extensive expertise to the table, alongside Martin Cannard, an experienced technologist with over 30 years of specialization in Privileged Access Management.

Together, they will guide you on an exciting security adventure tailored to your needs. During the session, you will learn how to:

- Thwart cyberattacks by removing unmanaged privileged accounts.
- Minimize security risk related to privileged access, enhance team performance and pass audits with less effort.
- Strengthen the security and compliance posture of workstations across the organization without interrupting end-user productivity.

Interactive Cybersecurity Adventure: Exploring Privileged Access

Ransomware attacks have become more frequent and sophisticated, causing significant damage and financial loss to businesses of all sizes. According to Verizon’s 2022 data breach report, ransomware attacks saw a 13% increase in the past five years. The first half of 2022 saw nearly 236.7 million ransomware attacks worldwide, and the average cost of a ransomware attack was $1.85 million.

Statistics reveal that a ransomware attack will occur every 2 seconds by 2031. How well is your compliance team prepared?

Join our panel of experts on this CPE webinar as we discuss the emerging trends and best practices to combat ransomware and be better prepare for escalating cybersecurity threats, including how to:

- Understand the latest trends and tactics used by cybercriminals to launch ransomware attacks, including the use of advanced techniques like double extortion.
- Identify the key components of a comprehensive ransomware protection strategy, including backup and recovery, network segmentation, and employee training.
- Evaluate different ransomware defense solutions, such as endpoint protection, threat intelligence, and incident response planning, and select the most appropriate approach for their organization's needs.
- Learn from real-world examples and case studies of ransomware attacks and their impact on businesses, and apply these lessons to enhance their own security posture and resilience.

Emerging Trends & Best Practices to Combat Ransomware

Are you looking for effective strategies and tactics to improve group and identity management within your organization? Join us for an insightful webinar tailored specifically to address the challenges faced by IT professionals. In this webinar, we will explore best practices and techniques that enhance security, compliance, and efficiency in group and identity management.

Key topics to be covered include:

•     Industry-Leading Approaches for Efficient Group and Identity Management.
•     Strategies For Scalability and Adaptability in A Changing Enterprise Landscape.
•     Leveraging Tools to Streamline Group and Identity Management
•     Real-World Case Studies Highlighting Successful Implementations.

Join us with Jonathan Blackwell as we discuss the best practices that drive efficient and secure group and identity management.

Register now to reserve your spot.

Enterprise Best Practices for Group and Identity Management

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is one of the leading frameworks for private and public sector cybersecurity maintenance and used by organizations of all sizes. The Framework helps to secure information systems and guide key decision points about risk management activities through the various levels of an organization from senior executives, to business and process level, and operations.

NIST has issued special publications focused on improving Third-Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM), however this isn’t a light read. With 5 functions, 23 categories, and 108 subcategories, identifying the NIST CSF security controls applicable to cyber supply chain risk management is a daunting task. On this CPE webinar we will address the specific security controls for third-party information security management and explain how to align risk management processes against these requirements, including how to:

- Prioritize and assess third-parties using a cyber supply chain risk assessment process,
- Develop processes for continuously monitoring third-party security postures, and determining control effectiveness,
- Identify security gaps and conduct response action plans with suppliers and third-party providers,
- Track the progress of implementing the NIST framework through a 4-tier maturity scale.

A Deep-Dive into TPRM & NIST Framework Integration

Business Resiliency

Operational Resilience

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

A Deep-Dive into TPRM & NIST Framework Integration

Presented by

About this talk

More from this channel