#IMOS20: Security at the Speed of Business: Keep Up or Get Left Behind
In this session learn:
•Why security teams must operate at the high speed of business innovation
•What challenges security functions must overcome in the face of business advancement
•How to maintain efficient security processed in a data-driven age
RecordedMar 25 202060 mins
Your place is confirmed, we'll send you email reminders
Moderator: Dan Raywood - Speakers: Ryan Manyika, Valerie Lyons
The ISO 27701 certification for a Privacy Information Management System - the privacy extension of ISO 27001 - establishes privacy controls for the processing of personal data, and may become the foundation for future GDPR certifications. This new privacy standard leaves many wondering, what does it take to get ISO 27701 certified, and why does it matter?
While ISO 27001 focuses on the assessment of risks and protection of the organization, ISO 27701 focuses on Privacy Information Management Systems
In this webinar, learn about the ISO 27701 certification to get a straight-forward guide to achieving ISO 27701 compliance
Understand the ISO 27701 privacy standard and its application within regulatory compliance
Learn the steps to becoming ISO 27701 certified and how to leverage an existing ISO 27001 certification throughout the audit process
How to develop a roadmap and action plan for bridging privacy and security in your organization
Moderators: Dan Raywood and Michael Hill, Speakers: Natasha Amlani, Caitlin Fennessy, Caroline Thompson
Following the introduction of the EU GDPR in 2018, the state of California introduced its own data security act this year, offering privacy standards for its consumers. Officially launched in January, the CCPA has been broadly welcomed across the industry as a refreshing take on data privacy legislation.
However, after seven months of working under this new legislation, enforcement is set to begin no later than July 1, and we could see a lot of action and enforcement taken as CCPA enforcement begins.
In this webinar, we take a detailed look at what the CCPA is and assess what we can expect from it.
•What the CCPA is all about, and how it applies to your business
•What the dates mean in terms of compliance and monetary enforcement
•How you can achieve compliance with CCPA and other data privacy and protection standards
•What we can expect to happen under CCPA enforcement in the next six-12 months
Moderator: Dan Raywood - Speakers: Jason Georgi, Kevin Fielder, Rory Duncan
IT and security specialists have had to adapt to the demand for remote working at speed and at scale. Technology has kept the UK PLC in business, and home has become the new Enterprise. It is clear that many organizations are unlikely to return to normal office life until much later in the year – and for some businesses, this may be the tipping point to change the way they work forever.
As lockdowns are eased and people begin to return to their workplaces, what can we learn from this unplanned period to build greater cyber resilience and protect our colleagues, devices, processes and services? In the struggle to react, have we lost sight of the strategic goal of becoming secure by design?
In this webinar, we will look at tactics and strategies to ensure a secure by design approach to remote access capacity and scalability, identity management, secure access to cloud-based applications and workloads, and the value of threat intelligence to protect and future-proof your remote users.
1.Which challenges to a secure, compliant remote business should organizations prioritize and how can threat intelligence support intelligent security decision making?
2.How can you get the most out of your existing assets to build resilience into your remote access capacity and scalability, identity management and access to cloud-based applications?
3.Why does a secure by design approach help build resilience now and in the future?
Moderator: Dan Raywood - Speakers: Scott Register, Andy Young, Joe Hancock
Data breaches and cybersecurity attacks have not reduced in recent times, and whilst you can only do so much to protect against external attacks, you can attack yourself before they do. Using breach and attack simulation (BAS), you safely run the entire kill chain of attacks against your network to expose gaps, misconfigurations, and even lateral movement.
In this webinar, we will look at the evolution of breach and attack simulation, where it stands today, how it works, and what you should look at before you consider implementing a BAS solution.
•What breach attack and simulation is, and how it reduces security risk
•How to properly run a BAS program within your organization
•How to deal with the results of a simulation
•How this is different from a penetration test or red team exercise
Moderator: Michael Hill, Nikhil Khare, Gemma Moore, Sam Temple
Cloud applications and hosting services continue to grow in popularity with enterprises because of the benefits they can provide in scalability, flexibility and costs.
Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. However, the key is mastering said effective security strategy so that it allows for safe, seamless and remote working for all employees.
The principles of zero-trust security can address this challenge and help you maintain your security posture regardless of whether a user is working on your network or on-the-go.
In this webinar, we will discuss the fundamentals and application of zero-trust principles, and outline how you can implement them in your own environment.
•The security benefits of zero-trust security
•How to effectively implement and manage a zero-trust approach
•Key insights on making remote working secure and safe for your
Moderator: Michael Hill Speakers: Oli Venn, Mark Chaplin, Brian Honan
The cyber-threat landscape continues to evolve. Each year, attackers add new techniques and tactics to their arsenal, increasing their ability to evade detection and attack your systems.
Zero day threats and advanced malware can easily evade anti-virus solutions that are simply too slow to respond to the constant stream of emerging threats.
The findings from WatchGuard’s Q4 2019 Internet Security report show that threat actors are always evolving their attack methods. With over two-thirds of malware in the wild obfuscated to sneak past signature-based defenses and innovations like Mac adware on the rise, businesses of all sizes need to consider implementing multiple layers of security.
In this webinar, we will investigate evolving zero day and malware threats and discuss the best practice options for protecting your business.
•Discover more about how zero day threats can evade traditional defenses
•Understand more about new and rapidly-evolving cyber-threats in 2020
•Learn the tools, techniques and technologies needed to defend against zero day threats
•Best practice advice to implement a multi-layered approach to protect your organization.
What is keeping CISOs up at night? What isn’t these days! Hairpin turns in direction amid a global pandemic and evolving cyber-threats have caused disruption in business continuity, supply chains and infrastructure throughout 2020.
This has given rise to diverse cybersecurity challenges and risks, whilst also provided unique opportunities for innovation and progress. Where do CISOs need to start in getting a grip on it all?
In this webinar, a panel of seasoned security leaders and experts discuss the state of the CISO in 2020, reflecting on lessons learned from a thus far turbulent year, discussing the struggles that need to be overcome and the outlining the long-term benefits yielded by new businesses dynamics.
•Why and how 2020 has been an unprecedented year of information security tests, risks and opportunity
•The key challenges impacting modern CISOs, and how to overcome them
•What the second half of 2020 will have in store for security leaders
Moderator: Dan Raywood Speakers: James Gosnold, Jonathan Lee, Bindu Channaveerappa
According to Gartner: “Digital transformation, cloud adoption, edge computing, and mobile mean that appliance-based network security models (designed originally to protect on-premises architectures) are being replaced.”
In the current business landscape, there’s no doubt that the web is now the most important business tool. Critical systems such as ERP, CRM, collaboration and communication platforms, customer-facing apps and other business tools that were once on-premises are moving to the Cloud as a widely trusted alternative. Users can log in from anywhere and access all the information they need to conduct business on a daily basis.
Office 365, for example, is now used by one in five corporate employees worldwide, making it the most widely used cloud service by user count. Clearly, businesses are undergoing journeys of digital transformation and moving to the cloud in huge numbers, but successful cloud adoption and implementation is not without its security challenges.
This webinar will explore how organizations can cut through the noise and make a success of cloud transformation, leveraging the benefits of cloud technologies – including efficiency, agility and scalability – while avoiding the pitfalls.
· Why are existing security infrastructures inadequate for large-scale SaaS adoption?
· How to reduce MPLS backhaul costs and increase internet bandwidth for users
· How to maintain visibility and control over users’ traffic and protect against data exfiltration
Moderator: Eleanor Dallaway, Panellists: Becky Pinkard, Dr Jessica Barker and Sherrod DeGrippo
Infosecurity Magazine is thrilled to be virtually hosting the 4th annual Women in Cybersecurity networking event in advance of the Infosecurity Europe Virtual Conference. On Monday 01 June, the industry will once again meet to celebrate the women of cybersecurity and discuss the challenges around diversity.
Hosted by Infosecurity Magazine editorial director Eleanor Dallaway, the event will shine a spotlight on gender diversity in recruitment and retention, from both the perspective of the employer and employee. The webinar will consider how we can attract more women into the sector, what job adverts and interview processes should look like to encourage maximum applicants, and explore best practice for retaining staff. Our panel will share their own experiences, challenges and successes, and are ready to answer any questions the audience throws their way.
Join the discussion with Becky Pinkard, CISO, Aldermore Bank, Dr Jessica Barker, co-CEO, Cygenta and Sherrod DeGrippo, Senior Director of Threat Research and Detection, ProofPoint
Moderator: Dan Raywood, Speakers: Matt Wilson, Chris Matthews
Many of us in the security industry are struggling with how to deal with the issues that a remote workforce has created. So with resources stretched thin, we’re facing an expanded array of threats that can impact network performance, take us offline completely and cut off our employees. DDoS defense has, traditionally, been a complex effort focused primarily on detection and mitigation. Imagine being able to anticipate, minimize or even prevent an attack before it happens.
In this webinar, we’ll show you how attack prevention should be part of your security plan, as well as:
-How threat intelligence can be used as effective attack prevention
-How the rise of smaller DDoS attacks can go unnoticed and Securing your Network During a Crisis
-How to better protect your remote workforce and VPN infrastructure
Moderator: Dan Raywood Speakers: Ed Tucker, Peter Cassidy, David Appelbaum
There are increased instances of cyber-criminals developing new and sophisticated techniques for the sole purpose of duping users and extorting money or information, and many of these are common phishing techniques founded on impersonation, or fake sender identity.
Whether it is emails from “the World Health Organization” urging you to take action, or an email from “your CEO” asking for gift cards or donations, fraudsters prey on empathy, sympathy, and humans’ tendency to act and react.
In this webinar, we will look at how phishing attacks can be detected and prevented, and how to focus your defenses on a sender identity approach.
•The nuances of “automated phishing”
•Why user awareness training isn’t enough to defend your organization and prevent losses
•How authenticating “whom” is sending is the key to defining email security policies and protecting your organization
•Defending against phishing and Business Email Compromise (BEC) attacks
Moderator: Michael Hill Speakers: Bogdan Carlescu,
Digital transformation offers many advantages for organizations, but it also creates significant security vulnerabilities. There are few organizations today that can continue to effectively operate with their IT systems down or compromised, and it doesn’t come as a surprise that things can, and inevitably will, go wrong at some point.
Cyber-resilience is the ability to continue delivering the intended outcomes (digital services) despite adverse cyber-events and is now vital for business continuity amid the modern-day cyber-threat landscape.
However, mastering cyber-reliance brings with it various challenges which must be considered and overcome.
This webinar will explore how organizations can increase their cyber-resilience throughout digital transformation, outlining the pillars of a security architecture that provide the ability to detect cyber-incidents early and effectively respond to emerging threats.
•How detection and response contributes to cyber-resilience
•How to tackle the challenges of implementing a detection and response solution in a mid-sized organization
•How to simplify the security architecture with an extended detection and response strategy.
Moderator: Michael Hill Speakers: Robert Statsinger, Dominic Vogel
As organizations embrace digital transformation initiatives, DevOps and Agile play a critical role. Seeking greater speed and agility, DevOps teams have moved to modernize their software development lifecycles. This results in a continuous assembly-line approach to development and delivery.
However, AppSec has not kept pace. Still largely siloed, discontinuous and manual, traditional AppSec creates too much friction and drag on modern software development and delivery.
This webinar will explore why continuous integration and continuous delivery require continuous AppSec, which involves transforming ‘old-school’ static application testing models. It will also outline the key benefits of continuous AppSeC for your organization, including empowering developers to focus on coding and release cycles and freeing up security teams to work on higher-priority risks.
•How continuous AppSec uses instrumentation to automate vulnerability workflows – from identification to remediation verification
•The business benefits of implementing continuous AppSec
•How to master the art of modern, continuous AppSec in your organization
Moderators: Michael Hill Speakers: Maninder Pal Singh,
As the coronavirus (COVID19) pandemic continues to impact the world, it’s vital that organizations understand that it is not only health that’s currently at risk, but also the security of private data.
At vulnerable times like these, hackers and cyber-criminals look to prey on as many people as they possibly can through a variety of fraud attempts. With organizations around the globe currently implementing remote working at unprecedented levels, it’s never been more vital for businesses to maintain secure and trusted remote file transfers to safeguard the sharing of data.
In this webinar, we will explore the file and data collaboration risks and challenges impacting organizations during the COVID-19 pandemic, and outline best practices companies must adhere to in order to support their remote workforces and keep their vital information safe.
•Understand the file and data transfer risks impacting business during the COVID-19 pandemic
•The importance of safe and secure file transfer management in remote working
•How to remotely control file transfers and file processing
Moderator: Dan Raywood - Speakers: Chris Goetl, Andrew Hay
Consistent headlines have been made for years about the latest and nastiest vulnerability – how bad it is, how vulnerable you are to it, and what an attacker of any sophistication can do to you via it if you don’t patch it fast enough. This has led to a movement to do continuous vulnerability management, where you are able to do more than scan your network, but remediate also.
How can you bridge the gap between IT and operations to achieve a level of satisfactory security, to identify assets and ensure that the next zero-day doesn’t leave you feeling left behind? In this webinar we will look at ways to improve your continuous vulnerability management program.
How to reduce your time to patch, and patch in a 14 day cycle
Understand how accurate your discovery and asset management program is
Use efficient metrics to evaluate your vulnerability assessment and prioritization process
Running an efficient testing process for patches
Moderator: Dan Raywood - Speakers: Bob Erdman, Andrew Hay
There are countless ways that a businesses can make it easier for a threat actor to find their way in undetected – and the onus is on security to stop, detect and prevent the attacker from getting in the first place. This is where SIEM can enable a business, and ensure that aggregated and analyzed data and log records give you a clear picture of what is happening on your network.
In this webinar, we will look at the most common ways that organizations unintentionally put themselves at risk against threats, understand how organizations can be better equipped to find these malicious instances and what solutions they can put in place to get a clearer picture of what is happening on your network.
Strategies for mitigating risk, from specific tools to employee education
How to deploy SIEM effectively to highlight rogue incidents
Automation techniques to deal with a shortage of security staff
Spotting and dealing with misconfigurations and excessive access
Management of third parties – be they suppliers, vendors, providers or business partners – now needs to be an essential element of a company’s cybersecurity strategy. However, many companies do not know how to assess these suppliers, or what assessing a supplier actually involves.
In this webinar, we will look at how to scale an actionable third party program, and how that program can provide transparency into your partner’s security while facilitating significant improvements in your company’s cybersecurity posture.
How to do supplier evaluation based on the inherent risk or criticality of each relationship
Achieve transparency into suppliers’ security practices
How to implement compensating internal controls when the suppliers don't have or will not reveal their own
How to collaborate with suppliers to ensure success in the remediation process
Be able to create KPIs to help manage, improve the process and demonstrate achievements
Moderator: Michael Hill Speakers: Chuck Fried, Geoff Jones, Michael Zuckerman
In our increasingly cloud-first world, the idea of a trusted internal network zone and an untrusted external one is now outdated.
The truth is, today’s cyber-threats often get past perimeter defenses undetected, so you can no longer trust data traffic – no matter where it originates.
That’s where zero trust architectures come in. In this webinar, discover why zero trust approaches are becoming an urgent cybersecurity priority for enterprise and government organizations alike.
•The security trends fueling the adoption of zero trust architectures
•The critical role that DNS security plays in successful zero trust implementation
•The key elements you need to have in place and the next steps for moving forward
Moderators: Michael Hill and Dan Raywood Speakers: Kowsik Guruswamy, Lisa Forte, Raef Meeuwisse
The highly-infectious coronavirus, or COVID-19, is spreading across the globe at an alarming rate, significantly impacting a vast array of sectors and verticals. The information security is no exception.
As countries around the world attempt to slow the spread of the virus, one of the key strategies being implemented is ‘social distancing’ – reducing the amount of social interaction between people. As part of that, huge numbers of organizations have instigated mass working from home strategies for employees, opening up a vast array of security, operational and incident management risks as enterprises attempt to successfully shift to this unprecedented scale of remote working.
At the same time, droves of tailored COVID-19 scams and cyber-attacks have sought to take advantage of the uncertainty and fear of the current situation, with cyber-criminals launching unprecedented levels of coronavirus-related phishing and malware attacks.
In response, the information security industry has had to move quickly and innovatively to help support organizations and employees as this difficult time.
In this webinar, Infosecurrity Magazine will be joined by a panel of security experts to discuss the various impacts that COVID-19 is having on the information security industry, asses the greatest risks currently threatening the security of data and reflect on what the sector must do to address the challenges being faced.
Presenter: Michael Hill, Speaker- Wolfgang Goerlich, Advisory CISO, Duo Security
Description :Whether it’s called ‘zero trust’ or ‘an initial step on the road to CARTA’ – we know the classic design patterns of security have to change.
In this session, Infosecurity invites diamond sponsor Duo Security to discuss different strategies for building on the fundamentals of zero trust and working together with partners in stages to create better and more usable security.
#IMOS20: Security at the Speed of Business: Keep Up or Get Left BehindModerator:Stephen Pritchard, Speakers: Cate Pye, Malcolm Barske.[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]60 mins