Hi [[ session.user.profile.firstName ]]

The Politics of Stakeholders within the CISO world

CISOs must deal with several stakeholders within the organization. These stakeholders range from BOD members, C-Level management, peer compliance stakeholders (e.g. Legal, Privacy Office), vendors, and the IT organization itself.

This session will focus on critical success factors to dealing with this wide array of stakeholders and success case studies.

Specifically, this session will discuss the politics of getting alignment and buy in with the many stakeholders within the organizations such as:
•Board of Directors and C-Level management
•Natural allies such as compliance, privacy, audit, enterprise risk management
•Potential contentious relationships with line or business unit management
•IT organization strategic and tactical delivery goals and objectives

Speakers include:
•Craig Shumard, Principal, Shumard and Associates, LLC, Emeritus CISO, Cigna
•Tom Doughty, VP & CISO,Prudential
•Larry Brock, CISO emeritus, Dupont
•Bob Hillmer, Director, Enterprise Information Security and Directory Services
•Marcus Ranum, CSO, Tenable Network Security
Recorded Jan 31 2013 56 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Craig Shumard, Principal, Shumard and Associates, LLC, Emeritus CISO, Cigna
Presentation preview: The Politics of Stakeholders within the CISO world

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Architecting OT Security for critical infrastructures in Singapore Recorded: Sep 12 2021 39 mins
    Richard Bussiere, Head of Operational Technology at Tenable and NG Koon Yeow, AVP, Cybersecurity Products, ST Engineering
    Join Tenable and ST Engineering as we share the benefits of a reference architecture that facilitates the comprehensive and safe monitoring and segregation of your entire Operational Technology infrastructure without disruption using a combination of technologies.

    Guidance provided by Singapore’s Code of Cybersecurity Practices for CII (CCoP) and NIST will also be provided.

    Join us along with ST Engineering as we detail:

    * How attacks can be executed and how you can defend
    * What a data diode does and why it protects your critical assets
    * Reference architecture and use cases
    * A strategy for meeting your compliance obligations
  • Cyber Hygiene - A focus on Thailand Cyber Security Guidelines and Ransomware Recorded: Sep 11 2021 28 mins
    Suwitcha Musijaral, Security Architect, Thailand (CISSP, CISA)
    Cyber hygiene fundamentals that can help organisations understand their vulnerabilities across their entire attacks surface and prioritize the actions they must take to protect themselves from cyber attacks and breaches. Highlights include
    - Guidelines and best practices in relation to the Cyber Hygiene guidelines
    - A data-science approaching to finding and patching the vulnerabilities that post the most risk.
    - Case Study: How cyber hygiene apply to core infrastructure like Active Directory
  • Complying with Bank Negara Malaysia Risk Management Technology (RMiT) Guidelines Recorded: Sep 10 2021 10 mins
    Kannan Velayutham, Security Engineer, Malaysia, Tenable
    The Risk Management in Technology (RMiT) exposure draft published by Bank Negara Malaysia is intended to establish the necessary frameworks, management structures, policies and procedures to ensure that banks and financial organisations in Malaysia reduce their cyber risk.

    This 10-minute video will share best practice guidelines to help organizations identify, implement and enhance their cybersecurity practices as well as focus on applying the NIST Cybersecurity Framework (CSF) as a well-defined tool to help organizations in Malaysia to comply with these new regulations.
  • SANS 2021 OT/ICS Cybersecurity Survey - A Panel Discussion Recorded: Sep 8 2021 63 mins
    SANS
    This on-demand panel discussion explores findings from SANS' 2021 OT/ICS Survey. Featuring experts from Dragos, Keysight Technologies, SANS, and Tenable, the survey explores safety and security challenges facing industrial enterprises and critical infrastructure operations. Topics covered include defensive postures for control system cyber assets, communication protocols, and supporting operations.
  • Mapping Security Frameworks to Critical Assets - Focus on Asia Guidelines Recorded: Aug 20 2021 31 mins
    Richard Bussiere, Operational Technology Head, APAC
    This session will guide you in the use of key frameworks by leveraging recommendations from the National Institute of Standards and Technology Framework (NIST) Framework for OT, the Singapore CSA OT Masterplan and key elements from the Singapore Cybersecurity Code of Practice for CII.
  • Q3 2021 Industrial Cybersecurity Update: A Virtual Retreat for Security Leaders Recorded: Aug 16 2021 44 mins
    Marty Edwards, VP OT Security, Tenable and Leo Simonovich, VP and Global Head, Industrial Cyber, Siemens Energy
    During this webinar/virtual retreat, panelists Marty Edwards, vice president of OT security, Tenable and Leo Simonovich, vice president and global head, Industrial Cyber, Siemens, will share real-world experiences and best practices. This will include addressing recent matters impacting OT, notably the “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems,” issued on July 28, 2021.
  • Five Ways to Strengthen Active Directory Security and Prevent Ransomware Attacks Recorded: Jul 28 2021 58 mins
    Derek Melber, Technical Director, Microsoft MVP; Jérôme Robert Senior Director, Marketing
    Led by Tenable Active Directory security experts, this on-demand webinar shares insights and proven solutions for strengthening Active Directory to prevent ransomware exploitation. Key takeaways:

    * Five issues plaguing every Active Directory environment and five corresponding actions to dramatically improve your AD security

    * Preventing privilege escalation by avoiding AD and group policy misconfigurations

    * Proven actions you can take to close backdoors
  • How to Stop Freaking Out about Too Many Vulnerabilities (Part 2) Recorded: Jul 23 2021 62 mins
    Nathan Wenzler, Technical Director, Tenable AND Seth Matheson, Principal Security Engineer, Tenable
    As a follow-up to Part 1, this webinar Tenable experts, Seth Matheson and Nathan Wenzler, show you how Tenable helps overcome the challenges of having too many vulns, even when you have coverage gaps across your entire attack surface. Through discussion and demonstration, you'll learn:

    * How you can effectively discover and assess your entire attack surface

    * Proven methods for breaking down assessment and analysis silos
  • It May Be Time to Stop Freaking Out About Too Many Vulnerabilities (Part 1) Recorded: Jul 23 2021 62 mins
    Nathan Wenzler, Technical Director, Tenable AND Seth Matheson, Principal Security Engineer, Tenable
    There are two core challenges impacting most vulnerability management programs: too many vulns already(!) AND incomplete coverage across your entire attack surface. Risk-based vulnerability management offers a proven solution to this duopoly of vulnerability challenges. Learn how by watching this on-demand webinar covering the following topics:

    * The right sensors and methods for discovering and assessing your entire attack surface

    * Breaking down assessment and analysis silos

    * Optimizing assessment and reporting to boost the impact and efficacy of your program
  • Active Directory Security: Why Do We Fail and What Do Admins and Auditors Miss? Recorded: Jul 23 2021 45 mins
    Sylvain Cortes, 16x MVP Microsoft
    Everyone knows Active Directory (AD). It is a seasoned IAM, not to mention one that nearly every organization in the world uses. As AD is responsible for controlling access to most corporate assets, it is the target of most attacks. After 20 years of being overlooked, Active Directory is riddled with vulnerabilities. In this security workshop, a 16x Microsoft MVP will give you direct actions that you can take to reduce your AD security risk.

    Five takeaways:
    -Learn where threats against AD originate
    -Understand why there are so many vulnerabilities in AD
    -Master the rules of Active Directory security
    -Discover how to detect specific AD attacks used by ransomware
    -Define what steps to take to reduce AD security risk
  • Beefing Up Security at the Intersection of Active Directory and OT Recorded: Jul 16 2021 47 mins
    Derek Melber, Senior Director, Customer Evangelist, Tenable; Barak Perelman, Vice President, OT Security, Tenable
    Critical infrastructure and industrial organizations must curtail common attack paths to better protect operations from ransomware. This on-demand webinar share a collaborative “zero trust” approach for securing these environments, providing insights to help you:

    + Effectively identify and remediate the Active Directory flaws putting your organization at risk
    + Secure your OT environment by taking the most impactful steps to improve overall cyber hygiene
    + Address the latest CISA guidance on ransomware in OT environments (released June 8, 2021)
  • Mapping Security Frameworks to Critical Assets - Focus on Asia Guidelines Recorded: Jun 24 2021 31 mins
    Richard Bussiere, Operational Technology Head, APAC
    This session will guide you in the use of key frameworks by leveraging recommendations from the National Institute of Standards and Technology Framework (NIST) Framework for OT, the Singapore CSA OT Masterplan and key elements from the Singapore Cybersecurity Code of Practice for CII.
  • Comment concilier un plan de transformation Active Directory avec la sécurité ? Recorded: Jun 23 2021 62 mins
    Sylvain Cortes, Security Strategist
    La vie d’une infrastructure Active Directory n’est pas un long fleuve tranquille. Quelle que soit la taille de votre organisation, vous serez amené à modifier régulièrement votre infrastructure : re-design AD, implémentation du Tier-Model, migration d’objets suite à une M&A, etc.
    Oui mais… comment réaliser ces modifications et évolutions sans mettre en péril votre résilience IT ?

    Dans ce webinar, Sylvain Cortes, 16x Microsoft MVP et spécialiste Active Directory, présente les 4 points indispensables pour démarrer votre projet de transformation AD :

    - Pourquoi les plans de transformation AD sont nécessaires ?
    - Quels concepts prendre en compte pour la planification de votre projet ?
    - Quels risques devez-vous prendre en compte lors de la transformation ?
    - Comment réduire les risques tout au long du parcours du projet ?
  • BloodHound est un bon outil, mais vous méritez mieux ! Recorded: Jun 23 2021 52 mins
    Sylvain Cortes, Security Strategist
    En 2014, des chercheurs français de l'ANSII présentent un document de recherche détaillant une approche innovante basée sur la théorie des graphes afin de cartographier les failles de sécurité au sein d'Active Directory. Cette recherche a ensuite été utilisée par des tiers pour développer le produit open-source BloodHound.

    Six ans plus tard, les mêmes chercheurs responsables de ces découvertes initiales sont allés encore plus loin afin d’explorer les limites de leur modèle en évoluant vers la théorie des hyper graphes dans l’objectif d’appliquer leurs recherches initiales au monde de l’entreprise.

    Rejoignez-nous pour découvrir comment la théorie des hyper graphes peut vous aider à résoudre les problèmes de sécurité AD les plus avancés.

    Alsid vous présente cet agenda :

    - Quels sont les chemins d'attaque et de contrôle ?
    - Evolution des chemins d'attaque et de contrôle
    - En quoi la surveillance des changements AD en temps réel est cruciale pour la sécurité du réseau ?
    - Survivre aux ransomwares grâce au suivi des changements de GPO
    - Naviguer dans le paysage complexe de la sécurité AD
    - Découvrir les changements cachés et les backdoors
  • Active Directory Security Risk: How High is the Risk? Recorded: Jun 23 2021 54 mins
    Derek Melber, Chief Technology and Security Strategist
    Risk is calculated as the intersection between threat, vulnerability, and asset value. When it comes to Active Directory risk is extremely high, based on the three components that risk is based on being so high. As Active Directory is responsible for controlling access to most of the corporate assets, it is usually the target for most attacks, making the threat extremely high. Due to the age, lack of knowledge, lack of attention, and many other factors, Active Directory is riddled with vulnerabilities. In this webinar 17X Microsoft MVP will give you clear and direct actions that you can take to reduce your Active Directory security risk. In this webinar you will learn:
    - Where the threat against AD come from
    - Why there are so many vulnerabilities in AD
    - How AD controls access to corporate assets
    - What steps to take to reduce AD security risk
  • 5 Active Directory Security Settings Attackers Leverage Recorded: Jun 23 2021 29 mins
    Derek Melber, Chief Technology and Security Strategist
    Everyone knows Active Directory. Not only is it a seasoned IAM, nearly every organization in the world uses it. That said, there are many built-in configurations and processes that “just work” without the need for any manual configurations. Many administrators are not aware these exist. Surprise: the attacker does and leverages them to move laterally and gain privileges.

    In this webinar you will learn:

    • How an attacker can leverage the SDProp process
    • Which service account configurations attackers look for
    • How an old Unix attribute can cause an immediate privilege elevation
    • How a migration-related attribute can allow domain admin privileges
    • What details you need to verify for your trusts

    Looking for concrete actions to fortify your organization's security today? Start watching.
  • A look at RaaS operators and why their target is your Active Directory Recorded: Jun 23 2021 57 mins
    Kenneth Teo, Senior Security Engineer & Ben Mudie, Security Engineer
    With major ransomware-as-a-service (RaaS) incidents occurring more frequently across Asia Tenable.ad will discuss how you can better prepare to defend against these types of events.
    In this webinar you will see:
    - Overview of ransomware-as-a-service (RaaS) operators and why their target is your Active Directory
    - Approaches and effectiveness of detecting ransomware-as-a-service (RaaS) during an attack
    - What can you do proactively to defend against ransomware-as-a-service (RaaS)
  • Active Directory Tier Model : Stratégie d'implémentation et de sécurité Recorded: Jun 23 2021 79 mins
    Sylvain Cortes, Security Strategist
    -Re-Design Active Directory pour renforcer la sécurité
    -Présentation du Microsoft Tier-Model
    -Comment gérer le projet au travers de la migration ou de la consolidation AD
    -Outillage et méthode pour accompagner votre projet
  • The Many Faces of OT Security Recorded: May 24 2021 59 mins
    Marty Edwards, VP of OT Security; Michael Rothschild, Senior Director of OT Solutions
    OT used to be segregated and air-gapped, and only accessible by OT professionals. Now, with IT/OT convergence, and the expanding adoption of IoT technology, securing the entirety of your attack surface is essential – and goes well beyond OT. As the scope and scale of your attack surface grows, more people in your organization will require OT insights than ever before. For guidance on how to address this challenge, join experts from Tenable for this on-demand webinar exploring the following topics:

    Who needs access to OT information and insights anyway?
    Effective approaches to OT infrastructure security
    RBAC for OT and converged environments
  • Introducing Tenable.ad – Secure Active Directory and Disrupt Attack Paths Recorded: May 21 2021 61 mins
    Derek Melber, Technical Director, Microsoft MVP; Gavin Millard, VP Marketing; Jérôme Robert Sr Director, Marketing
    Active Directory (AD) is a favored target for attackers to elevate privileges and facilitate lateral movement by leveraging known flaws and misconfigurations. It doesn’t have to be this way.

    With Tenable.ad, you can continuously detect and prevent Active Directory attacks without agents, privileges or delays. Learn how. Join Microsoft MVP Active Directory security experts for a webinar introducing Tenable.ad. Topics covered include:

    * Discovering and prioritizing weaknesses in Active Directory

    * Detecting Active Directory attacks like DCShadow, brute force, password spraying, DCSync and more

    * Improving and accelerating incident response by integrating Active Directory security data from Tenable.ad with your SIEM, SOAR and/or SOC platforms
Industry-expert insights on overcoming critical security challenges
Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Politics of Stakeholders within the CISO world
  • Live at: Jan 31 2013 7:00 pm
  • Presented by: Craig Shumard, Principal, Shumard and Associates, LLC, Emeritus CISO, Cigna
  • From:
Your email has been sent.
or close