Name: The Politics of Stakeholders within the CISO world
Start: 2013-01-31T19:00:00Z
End: 2013-01-31T19:55:24.000Z
Location: BrightTALK
Rating: 4.21

Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

Cyberthreats to water infrastructure have prompted EPA recommendations, including using funds provided in the Bipartisan Infrastructure Bill to bolster cybersecurity defenses. Here’s what you need to know – and how Tenable can help.

How Tenable Helps Water Utilities with latest EPA Cyber Regs

Your attack surface is getting bigger and more complicated, even as you move to the cloud. To help you build a hybrid-cloud security strategy that is effective, scalable and affordable, join Tenable and former Gartner analyst Tom Croll, now with Lionfish Technology Advisors, for an informative on-demand webinar exploring:

> Lessons learned so far from public-cloud security models
> The 5 pillars of hybrid cloud security
> Key considerations and practices for creating secure hybrid-cloud applications

5 Must Haves for Hybrid Cloud Security

For organizations reliant on operational technologies, one of the important threat detection frameworks is MITRE ATT&CK® for ICS. Based on real actions exhibited by threat actors, MITRE ATT&CK for ICS is a variant of the enterprise and mobile ATT&CK matrices, and is regularly updated to reflect the latest adversary behaviors.

Join Dick Bussiere for this on-demand webinar to learn the techniques attackers use to compromise OT infrastructures. By understanding the techniques, you can proactively bolster your security posture with Tenable.ot. Through discussion and demonstration, the session will explore:

> Using MITRE to think like an attacker and become more proactive
> Ways to incorporate MITRE ATT&CK for ICS into your overall OT security workflows
> How Tenable.ot maps to the ATT&CK techniques and tactics

The MITRE ATT&CK for ICS Framework... And What to do About it

No matter what technology you're working with, there are two things you can count on: compliance audits and resulting remediations. You may not be able to control when an audit is requested, but you can dramatically decrease the time and effort needed to fulfill an audit request by implementing an automated approach to cloud policy compliance.

To help you make this happen, join Tenable experts for discussion and demonstration covering:

> Key considerations for choosing a unified cloud security posture management(CSPM) and compliance(GRC) management solution

> How Tenable Cloud Security helps you streamline and ensure continuous compliance in multi-cloud and hybrid environments

> Additional reporting and auditing capabilities included with Tenable One for Cloud Security

Continuously Assess Your Multi-Cloud Environments for Policy Violations

To help you build a cloud security strategy that is effective, scalable and affordable, check out this on-demand webinar examining:

>> Key cloud security capabilities needed to effectively implement security baselines when scaling cloud adoption

>> How Tenable improves cross-team engagement and security impact by enabling the adoption of policy as code
 >> The evolution of cloud security posture management (CSPM) solutions to encompass infrastructure-as-code (IaC) security testing and risk-based analytics

When It Comes to Effective Cloud Security, Sharing is Caring

Tenable is proud to sponsor the SANS 2022 DevSecOpsSurvey: Creating a Culture to Significantly Improve Your Organization’s Security Posture. 

The SANS 2022 DevSecOps survey is a yearly retrospective that quantifies progress made toward improving organization's security posture and operational effectiveness. The report details best practices in the alignment of development, security and operations teams and securing multiple cloud environments at scale. Other key report topics include:

- Automated compliance
- Devops Foundational Practices
- Securing Container Services

Creating a Culture to Significantly Improve Your Organization's Security Posture

Check out this on-demand webinar for insights into the development of the National Security Telecommunications Advisory Committee (NSTAC) draft report, and a discussion about its recommendations for improving the security of your converged IT/OT systems.

Led by experts who contributed to the NSTAC report, this webinar shares key findings, recommendations and guidance for measures you can take to improve the resilience of your organization's IT/OT networks and systems. Though focused on Federal Civilian Agencies, the report and its findings are relevant for all public and private sector organizations reliant on OT.

The Time for Prioritizing Your IT/OT Cybersecurity is Now

When it comes to protecting your mission-critical operations, one of your overarching goals should be gaining complete visibility of your OT networks. In most cases, this is best accomplished using a combination of passive and active discovery technologies.

The use of active querying is not without controversy, largely due to a lack of understanding of how it works. In this on-demand webinar, Dominic Storey, Principal OT Security Engineer with Tenable, explains how you can use active querying safely and effectively in your OT environment.

Demystifying and Optimizing Active Querying in OT Environments

Check out this on-demand webinar to find out how you can proactively secure and continuously monitor your Active Directory environment to protect your business from cyber attacks.

Continuously Detect and Prevent Critical Attack Paths in Active Directory

Policy, containers, connections, and runtime. Focus on these four pillars of Kubernetes security to effectively protect your environment without slowing down dev. For guidance on making this happen, attend this webinar with Tenable experts, Piyush Sharma and Upkar Lidder. Through discussion and demonstration, the session will explore:
>> Best practices for implementing K8s security around the four pillars of policy, containers, connections, and runtime
>> Enabling effective cross-team collaboration between Dev, Sec and Ops
>> The Proactive vs reactive steps needed to establish and maintain complete and resilient Kubernetes security

Unleash the Full Potential of Kubernetes: The 4 Pillars of K8s Security

Full Active Directory compromise, once an attacker gains access to your network and has control of AD domain, is a nightmare situation for any CISO or CIO.  In this scenario the only way to be sure that you have completely removed the attacker is to complete a full reset and rebuild of the AD which can have significant business impact.
 
To gain insight into proven solutions for strengthening Active Directory security, join us for an Active Directory Masterclass.Highlights 

* What does ‘full AD compromise’ mean?
* How can I avoid it happening?
* How can a prepare to respond most effectively if it happens?

India Regulatory and compliance - Golden Ticket and rolling KRBTGT accounts

Going beyond risk-based vulnerability management, Exposure Management helps you prevent attacks and accurately communicate exposure risk to enable better business outcomes. In this on-demand webinar we’ll introduce the concept of Exposure Management, explaining how it helps you gain visibility across the modern attack surface, focus efforts to prevent likely attacks, and accurately communicate exposure risk to support optimal business performance.

Led by Tenable’s Chief Security Strategist, Nathan Wenzler, this webinar will cover the following topics:

 >> The path from Risk-Based Vulnerability Management to Exposure Management
 >> How siloed vulnerability and security data inhibits true attack surface visibility
 >> Gaining the right context is crucial for effective prioritization and cross-team communications

Exposure Management for the Modern Attack Surface

Cloud adoption accelerates the pace of digital transformation, but introduces new challenges to maintaining security and compliance. Traditional approaches don't translate well to the cloud and can slow delivery, exacerbate audit pain, and you with an incomplete view of cloud security and compliance posture.

Fortunately, new security frameworks and solutions purpose-built for the cloud are ready for primetime. For insights into ways you can successfully extend and embed security into your organization’s cloud transformation, join industry leaders: Hart Rossman, Director Global Security and Infrastructure, AWS, and Tenable's Vice President of Cloud Security Engineering, Piyush Sharma and Senior Manager, Information Security, Phillip Hayes for this roundtable discussion covering:

 >> The top challenges facing organizations looking to scale cloud adoption
 >> What “secure by design” means in the cloud world
 >> Guidance for designing and delivering a collaborative and effective cloud security program

Scaling Cloud Adoption without Sacrificing Security Standards

Mission critical systems are the backbone to modern society and business globally. These systems rely on operational technologies. A variety of security frameworks are available for mission critical system to help users meet security standards, government regulations ,  continuously identify security gaps, and communicate business risk to executives.

In this session, we will feature how organisations can comply with these regulations and standards related to asset inventory management, security management (malicious code prevention, security event monitoring), configuration and change management, vulnerability assessment and more across the extended enterprise in real time.

We will provide guidance in the use of key frameworks by leveraging recommendations from the National Institute of Standards and Technology Framework (NIST) Framework for OT, cyber security best practices from ISO 27001, IEC 62443, etc as well as cover key compliance elements from government agencies from India such as CEA.

In this session the expert will deep dive into the below areas:

How Organisations can act in accordance with these regulations and standards related to asset inventory management?
Provide Guidance on how to use these key frameworks;
Cover key compliance elements from government agencies.

Mapping Security Frameworks to your  Critical Assets - Focus on India Guidelines

With attack surface sprawl and growing numbers of vulnerabilities to address, security and IT teams are increasingly challenged to meet remediation targets. To overcome this problem, teams need an automated way of identifying and correlating the highest risk vulnerabilities with the right remediation steps. Join Tenable and Big Fix APAC for insights into the ways your organization can effectively streamline remediation and improve cross-functional alignment.

Remediate the most exploitable vulnerabilities effectively and quickly.

When it comes to provisioning infrastructure as code, your DevOps team is a well-oiled machine, cranked to 11. Except when it comes to security and compliance: false positives, unscheduled work and friction put a heavy hit on velocity. In this on-demand webinar, experts from HashiCorp and Tenable share best practices for delivering clean, compliant and secure infrastructure as code. Topics covered include:

> Automating security with low-friction additions to your existing workflows
> Squashing cloud and Kubernetes misconfigs in your IDE
> Deploying better code that doesn’t come back to bite you

The DevSecOps Guide to Clean, Compliant and Secure Infrastructure as Code

Tenable Research recently published its Ransomware Ecosystem report, offering detailed insights into the tactics, tools and practices that make ransomware a persistent and relentless threat. In this on-demand webinar we focus on the most actionable elements of the report, helping you better understand common attack vectors and the steps you can take to avoid becoming a victim.

Tenable’s Ransomware Ecosystem Report

To truly know your risk posture it’s essential to have comprehensive and continuous insight into every part of your attack surface – especially all of your internet facing assets. You also need a way to make those insights actionable so you can identify, prioritize and address the most pressing risks first.

In this on-demand webinar we introduce Tenable.asm, a solution for external attack surface Management (EASM). Topics covered include:

> What is EASM and how does it enhance your current vulnerability management efforts beyond the network perimeter?
> How does Tenable.asm enable continuous and comprehensive attack surface discovery and risk assessment?
> Lessons learned from a real-world EASM deployment

Finally Know the Whole Truth About Your External Attack Surface Risk

CISOs must deal with several stakeholders within the organization. These stakeholders range from BOD members, C-Level management, peer compliance stakeholders (e.g. Legal, Privacy Office), vendors, and the IT organization itself.

This session will focus on critical success factors to dealing with this wide array of stakeholders and success case studies.

Specifically, this session will discuss the politics of getting alignment and buy in with the many stakeholders within the organizations such as:
•Board of Directors and C-Level management
•Natural allies such as compliance, privacy, audit, enterprise risk management
•Potential contentious relationships with line or business unit management
•IT organization strategic and tactical delivery goals and objectives

Speakers include:
•Craig Shumard, Principal, Shumard and Associates, LLC, Emeritus CISO, Cigna
•Tom Doughty, VP & CISO,Prudential
•Larry Brock, CISO emeritus, Dupont
•Bob Hillmer, Director, Enterprise Information Security and Directory Services
•Marcus Ranum, CSO, Tenable Network Security

The Politics of Stakeholders within the CISO world

Security

Network

CISO

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Politics of Stakeholders within the CISO world

Presented by

About this talk

More from this channel