Name: How to Optimize Third-Party Risk Management Programs Through NIST CSF 2.0
Start: 2024-05-16T17:00:00Z
End: 2024-05-16T17:00:59.000Z
Location: BrightTALK
Rating: 4.4

Dedicated to serving the information security community, in person, in print and online.

Hybrid cloud environments will dominate IT infrastructure in the coming years, providing the flexibility and scalability that modern businesses need to stay competitive. Yet, as they transition to these environments, businesses face security challenges that outdated methods cannot address. 

The shift from on-premises to hybrid cloud requires a fundamental rethink of security strategies. Traditional perimeter-based defences no longer suffice in this new landscape. Instead, modern approaches like zero trust architecture and defence-in-depth have become essential. Embedding security into DevSecOps workflows is key to achieving robust protection without compromising agility.
In this 30-minute session, Red Hat experts will explore how organisations can empower their DevSecOps teams to meet these challenges head-on. With the right strategies, securing a hybrid cloud environment can be a catalyst for business growth and innovation.
Join us to learn:
How to address the unique challenges of hybrid cloud security in a rapidly evolving landscape
Why traditional perimeter-based security falls short and the need for modern approaches like zero trust
Expert insights on the benefits of implementing defence-in-depth, including micro-segmentation and continuous user validation
How Red Hat empowers DevSecOps teams and developers to secure hybrid cloud environments effectively

Securing Your Move to Hybrid Cloud Infrastructure

Generative AI technologies have huge potential in enhancing the capabilities of cyber defenders – from writing secure code to speeding up incident response.
In this session, we will focus on the practical application of generative AI in cybersecurity teams – looking at current real-world applications and hearing from security leaders who have implemented these tools to good effect.
The aim is to help security leaders understand the ways generative AI can help their teams today, improving efficiencies and reducing workloads. 
This webinar will highlight:
• The areas generative AI can have the most impact on cybersecurity operations
• The “noisy” generative AI cybersecurity marketplace, and how to find the solutions that are appropriate for your business needs
• How to deploy generative AI in security operations effectively, as well as safely

Deploying Generative AI in Security Teams, it’s Time for Action

Insider threat incidents are on the rise, recently a North Korean hacker targeted cybersecurity firm KnowBe4 by posing as a fake IT worker.
In this case, an AI ‘enhanced’ image was used on the application in order to fool the hiring managers and despite video conference calls being conducted the worker was hired.
This is just one example of a growing trend in threat actors using AI and other sophisticated methods to infiltrate organizations.
However, we know that defenders can use AI tools to support their efforts in tackling insider threats, including for behavioral analysis.
It is critical that organizations recognize and act on internal threats, as well as the risks posed by external actors.
This session will focus on:
• The latest trends in insider threat incidents, and how AI is being leveraged to make these intruders more sophisticated
• The challenges organizations face in an environment where there is a lack of any formalized framework for discussing insider threat
• What tools and processes can help identify potential insider threat actors early
• How to appropriately address suspicious behavior and create an environment that is less conducive to insider threat incidents occurring

Defending Against AI-Driven Insider Threats: Best Practices and Strategies

In August 2024, the US National Institute of Standards & Technology (NIST) formalized the world’s first post-quantum cryptography standards, paving the way for arguably the biggest ever cybersecurity transition.
The new standards provide organizations with a framework to transition to quantum-secure encryption before quantum computers are capable of breaking existing encryption algorithms, which would leave all digital information vulnerable.
This phenomenon, known as Q-Day, could occur in the next 5-10 years, according to experts. 
In this 30-minute fireside chat, NIST mathematician Dustin Moody will explain the new standards and advise organizations on how to safely transition to quantum-safe cryptographic algorithms as soon as possible.
Join this session to learn:
• The threat posed by future quantum developments, and why this issue is relevant today
• How the new NIST standards will help protect digitally-stored data from quantum-enabled attacks
• How to develop a roadmap to safely transition to quantum-secure cryptography

Fireside Chat: Implementing NIST's Post-Quantum Cryptographic Standards

Software vulnerabilities are one of the biggest cyber-threats to organizations, with a record number of vulnerability disclosures in 2023. Zero days are being actively exploited by sophisticated threat groups, as demonstrated by the Ivanti vulnerabilities that were discovered earlier this year.
The continuous process of applying fixes to vulnerabilities across all software stacks is an overwhelming task for many organizations. A new strategy is needed to make vulnerability management a sustainable and effective process.
A panel of experts will discuss best practice approaches for a modern vulnerability management program, tailored to business risk and prioritization. 
Sign up to hear:
• How threat actors target software vulnerabilities, and why this tactic is often so damaging
• Vulnerability management challenges across an increasingly complex tech stack
• How to create a sustainable software patch management program, tailored to business needs

Tackling Rising Software Vulnerabilities Sustainably

Public schools face unique cybersecurity challenges, holding complex tech environments and managing the sensitive data and educational needs of hundreds, sometimes thousands of students.
The difficulty of protecting this environment has led to US public schools being a top target for ransomware attackers in recent years.
In this keynote session, Charles Britt, CEO of Startfield, will discuss how to develop an effective cybersecurity strategy in the K-12 school system, in which security leaders must manage public funds and navigate a myriad of data protection regulations.
These lessons and principles can be utilized in other industries, as they navigate rising cyber-threats.
Join this session to learn:
How to effectively communicate data privacy laws and regulations in public schools
Developing enterprise policies within a complex educational environment
Working with organizational leaders to managing cyber-risks with public sector budget and resources

The K-12 Conundrum: Mitigating Risk from the Classroom to the C-Suite

Cyber threat actors are well-known for their ability to adapt, continuously finding novel ways to target organizations in the face of ever-improving defenses. One example of this is the practice of stealing data and threatening to publish as well as encrypting it during ransomware attacks, amid improved backup capabilities.
From combining DDoS with ransomware, to finding alternative initial access techniques, it can feel like a near impossible challenge for defenders to stay up-to-date with cybercriminals and adapt their security posture accordingly.
In this session, a panel of threat intelligence experts will highlight novel tactics being employed by threat actors so far in 2024, and discuss the areas cybersecurity teams should be prioritizing their resources on.
Join this session to learn:
• New approaches used by threat actors in 2024, including in launch DDoS and ransomware attacks
• Changes in initial access techniques and technologies utilized, and why these shifts have occurred
• The areas cybersecurity teams should be prioritizing their defenses towards in the face of these trends

Keeping up with the Attackers: Reviewing the Latest Threat Techniques

The Jersey Cyber Security Centre (JCSC) has emerged as a vital pillar in safeguarding the digital landscape of the Channel Island. Led by Matt Palmer, the JCSC has played a pivotal role in establishing a Computer Emergency Response Team (CERT) to address the growing cybersecurity threats faced by the region.
Join us for a fireside chat with Matt Palmer, where we delve into the journey that led to the creation of the JCSC. Discover the challenges and opportunities that drove the initiative and the significant impact it has had on enhancing cybersecurity in Jersey.
Learn about the JCSC's core missions and the critical tasks undertaken by its team. Gain insights into how the CERT provides essential services to businesses and organizations, helping them mitigate risks and respond effectively to cyber incidents.
We’ll also discuss the geopolitical and regulatory challenges faced by organizations in Jersey and how the JCSC is working to address these issues.
Join us to:
• Discover the origin story and impact of JCSC on the Channel Island’s cyber resilience
• Learn how businesses can collaborate with a CERT to enhance their cybersecurity
• Explore the challenges and opportunities presented by the evolving geopolitical and regulatory landscape

Fireside Chat: A CERT Insider's Look on Building Jersey's Cyber Resilience

The belief that cybercriminals only target large businesses has been widely disproven in the past few years. For example, research from Sage found that around half of small and medium enterprises (SMEs) experienced at least one cyber incident in 2023.
SMEs hold highly valuable data and are viewed as a soft target by cybercriminals due to the limited resources they are often able to put into their cybersecurity posture. This is an issue that has been exacerbated by the current financial crisis, with cybersecurity spending expected to be slashed in 41% of SMEs in 2024 according to JumpCloud research.
During this panel, we will highlight how SMEs are being targeted by threat actors, and how IT teams in these organizations can utilize their limited resources most effectively, as well as fight for additional support from business leaders.
• The latest cyber-attack trends relating to SMEs, including how and why attackers are targeting these firms
• The unique security challenges faced by SMEs, such as limited expertise and resources
• How SME IT teams can utilize their limited resources more effectively, and where to look for outsource expertise

Cybersecurity on a Budget: How SMEs Can Stay Safe Amid Rising Attacks

CISOs face unprecedented challenges in building and maintaining an effective cybersecurity team. Organizations are experiencing rising attacks across increasingly complex and interconnected IT estates.
On top of this is the widely discussed cyber skills gap, meaning many security teams are understaffed. This in turn is leading to stress and burnout among cyber professionals, with many considering leaving the sector.
An expert panel will discuss innovative approaches CISOs can take to build, nurture and retain an effective cybersecurity team in this environment, encouraging novel approaches to motivation and progression opportunities.
This session will highlight:
• The challenges faced by security leaders in building and developing an effective cybersecurity team
• Providing development opportunities and other strategies to retain cybersecurity professionals for longer
• How new technologies, such as AI, can be utilized effectively to positively impact cybersecurity roles

CISO Management 101: Nurturing an Effective Cybersecurity Team

Join us for the opening keynote session of Infosecurity Magazine’s Online Summit, where an industry luminary will unveil critical insights into the future of cyber-defense. 

Speaker to be announced!

Security by Design in Digital Transformation: Lessons from the National Trust

Operational Technology (OT) environments, critical to the infrastructure of industries such as manufacturing, energy, and healthcare, are increasingly vulnerable to cyber threats. 
Third party risks have exploded in recent months and are a top concern for cybersecurity leaders working in organizations with sprawling supply chains and multiple vendors. 
Ensuring secure and controlled access for vendors is paramount to maintaining the integrity and safety of OT systems. 
In this 30-minute session, experts from Imprivata will introduce the unique security challenges in OT environments and the increased importance of security vendor access in OT sectors. 
Join us to learn: 
• How real-world examples of OT security breaches can be mitigated 
• Ways to enhance security through multi-factor authentication (MFA) and session recording
• Expert insights on overcoming common hurdles in OT security 
• How Imprivata VPAM provides secure, controlled, and audited vendor access

Supply Chain Risk and Mitigation in Operational Technology

Security teams face the reality that eventually adversaries will compromise an environment.

A user may click on a link in a phishing email that downloads malware. A threat actor may exploit an unpatched vulnerability, or log in with compromised credentials. Once an adversary gains access, there is an opportunity for threat hunting to identify and remove the threat.

To act swiftly in a sea of log data, threat hunters need to know the tactics, techniques, and procedures (TTPs) of the adversary — an innovative and reliable way to identify intrusions and eliminate threats inside a network.

This is intelligence-driven behavioral threat hunting.

Adversaries often embed their malware in trusted applications to gain access to an organization. This allows threats to conceal their activity, which increases the difficulty to detect ephemeral  indicators of compromise (IOCs) and artifacts. It’s much harder for adversaries to adapt TTPs collected in cyber threat intelligence (CTI) programs.

Join Intel 471 for this 30-minute webinar to discover how:  

CTI elevates hunts to new levels of accuracy and measurements of success
To maximize the value of your security logging data with CTI-driven behavioral threat hunting
To use CTI-powered behavioral threat hunt packages to assist in identifying stealthy, malicious activity
Behavioral threat hunting can identify precursors to ransomware attacks
Don't miss this opportunity to strengthen your organization's security posture!

Supercharge Your Security With Intelligence-Driven Behavioral Hunting

Account fraud is a growing risk for organizations and their customers, with threat actors becoming adept at techniques like fake account creations and account takeovers (ATO). 
Attackers are also expanding the volume of account fraud through the use of bots, and we are seeing severe consequences and escalating risks to businesses.
In this webinar, a panel of expert speakers will help fraud and cybersecurity experts stay abreast of the latest trends in account fraud attacks, including the advanced tactics employed by threat actors and the industries primarily being targeted.
The speakers will also provide best practice advice on how to combat these threats, including leveraging advanced technologies such as AI anomaly detection and other approaches to fortify your defenses to protect against the next wave of account fraud.
Join this webinar to learn about:
• The latest trends in account fraud, including the evolving tactics used by threat actors and industry-specific challenges
• The inadequacies of current security measures in protecting against these threats
• The critical solutions organizations need to implement to protect against account fraud, including the role of multi-layered machine learning and AI

The Future of Fraud: Defending Against Advanced Account Attacks

Digital transformation has added exponentially more devices, networks and cloud access to nearly every organization. In this interconnected reality, IT security and cybersecurity professionals are challenged with proactively protecting this expanding external attack surface from rising cyber-threats.
Managing these potential points of entry into your digital ecosystem begins with discovering exposed assets, evaluating potential risks and mitigating them.  
Leveraging cyber threat intelligence (CTI) provides a more efficient and effective approach to attack surface management (ASM), by enabling security teams to identify and prioritize remediation of the most at risk internet-facing assets.
This allows organizations to go beyond traditional ASM approaches by seeing their attack surface from the attackers’ view.
But not all CTI is equal. The question is how relevant, timely and accurate is the CTI I'm using to protect my business?      
Sign up to learn:
• How cyber threat actors are targeting the expanded external attack surface
• How CTI-led ASM can allow security teams to prioritization and remediation initiatives
• How CTI-led ASM addresses multiple use cases including third-party monitoring 
• How to discover the most appropriate ASM solutions using advanced business requirements

Going Beyond Traditional ASM with Cyber Threat Intelligence

As cyber threats continue to evolve, safeguarding sensitive information and maintaining regulatory compliance has never been more crucial.
Join us for an insightful webinar tailored for professionals in the industrial sector, focusing on critical strategies for securing intellectual property (IP) and CAD files. 
This session will explore the implementation of zero trust architecture and robust data loss prevention (DLP) measures to ensure comprehensive risk management across your organization.
Key discussion points include:
• Securing IP and CAD Files: Learn how to protect your most valuable assets from unauthorized access and cyber threats.
• Compliance: Stay ahead of regulatory requirements and ensure your cybersecurity practices meet industry standards.
• Zero Trust: Understand the principles of zero trust and how to apply them to create a resilient security framework.
• Data Loss Prevention: Explore advanced DLP solutions to prevent data breaches and accidental data leaks. Discover strategies for safeguarding SAP files during export processes to ensure data integrity and confidentiality.

How to Secure Industrial IP with Data Loss Protection Strategies

Sophisticated cyber attackers are constantly devising new ways to infiltrate networks and compromise sensitive data. This webinar will provide valuable insights into the tactics, techniques and procedures (TTPs) used by these attackers, as well as strategies for detecting and preventing their malicious activities. 
During the session, our expert speakers will delve into real-world examples and case studies to illustrate the methods employed by sophisticated attackers. 

You will gain a deeper understanding of the vulnerabilities commonly exploited by these adversaries and learn best practices for fortifying your network defenses. 
Join us to learn:
- Top tactics and techniques sophisticated attackers are using on your network
- Advanced threat protection strategies 
- Best practices for network security resilience

Unpacking the Top Vulnerabilities Exploited by Sophisticated Attackers

"Ransomware remains the top cyber threat, with attackers employing new tactics. Law enforcement takedowns and botnet disruptions might disrupt the ecosystem, but the pay-to-decrypt debate continues. 
Speaking to Infosecurity, Jon Davies, Senior Director - Cyber Defense at News Corp, shares his expert insights on these issues and lessons learned from recent attacks.
Alongside his role at News Corp, Jon is also a Board Director, Fellow and Full member of CIISEC. He was previously a Microsoft Chief Security Advisor and the first Specialist Fellow - Cyber Security for the UK MOD. 
Jon has extensive experience across multiple pillars of cyber security having worked across various industries within both IT & OT. 
Jon also advises PE & VC with respect to cyber risk associated with M&A and facilitated the first UK ransomware tabletop to include NCA, ICO and hostage & kidnap negotiators in support of the NCRC."

Ransomware Realities, Jon Davies Talks Tactics, Takedowns & Lessons Learned

Extensive digital transformation programs in organizations over the past few years has sparked an explosion in their use of third-party services. While this trend has helped enhanced operational capabilities, it has also expanded organizations’ cyber-attack surfaces, with an explosion in access points and potential vulnerabilities.
The latest edition of the popular National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF), version 2.0, has recognized these changes and provides new guidance to help organizations effectively manage the subsequent risk.
In this webinar, an expert panel will explore the updates to the CSF in relation to third-party risk, and offer practical advice on how to integrate the framework into their supply chain risk management programs.
Join this session to learn about:
• The evolving third-party risk management landscape, and how attackers are taking advantage of more complex attack surfaces
• How the NIST CST 2.0 approaches this area of cybersecurity and why these changes have been made
• How to effectively integrate the provisions into your third-party risk management program, taking into account your specific organization and sector

How to Optimize Third-Party Risk Management Programs Through NIST CSF 2.0

NIST

Cybersecurity

Framework

Regulations

Third party risk

Supply Chain

Risk Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How to Optimize Third-Party Risk Management Programs Through NIST CSF 2.0

Presented by

About this talk

More from this channel