Name: Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification
Start: 2025-10-23T14:00:00Z
End: 2025-10-23T14:01:01.000Z
Location: BrightTALK
Rating: 4.6

Dedicated to serving the information security community, in person, in print and online.

With the speed of development in AI-driven threats, SOC teams are more and more overwhelmed by increasingly sophisticated threats that demand a smarter approach. 
AI-driven insights are now essential for security teams to detect, investigate and respond to threats through integrated Cloud SIEM, while keeping systems secure and running smoothly.
As defenders face resource constraints, deploying specialized AI agents into security operations can help streamline data analysis, highlight relevant intelligence, distil insights from complex data and multiply analyst capabilities.
During this session, our panel of experts will also discuss how defenders can leverage AI tools to reduce the mean time to recovery (MTTR) and substantially reduce the financial cost of incident response.
By joining this webinar, you will learn:
1. How defenders must adopt intelligent approach to intelligence operations in the age of AI 
2. How to bring together IT, development and security operations with full-stack visibility through the unified Intelligent Operations platform
3. How built-in monitoring, troubleshooting and security with Sumo Logic built on AWS provides end-to-end monitoring across AWS and brings 50% faster analysis and 75% reduction in MTTR

How To Enhance Security Operations with AI-Powered Defenses

While traditional Infosec focuses on infrastructure responsibility, SaaS introduces a shared security model. The platform provider (like Salesforce) secures the apartment building and shared utilities, but the customer controls who has the 'front door key' and what happens inside—meaning they own the data and access controls.
 
 This is critical for availability and integrity. Standard Recovery Time Objective (RTO) and Recovery Point Objective (RPO) metrics don't capture the customer's burden of granular data recovery (e.g., fixing a single field value across millions of records). 
 
 More importantly, in interconnected SaaS ecosystems, rolling back a flawed change is insufficient. As demonstrated by scenarios like manufacturing errors, the integrity of downstream processes is lost. Therefore, senior security leaders must embrace a remediate-to-fail-forward strategy instead of relying on traditional failure mitigation.
 
 Join this session to: 
 
 • Understand why traditional RTO and RPO are insufficient for SaaS data resilience and learn practical steps needed to bridge the gap between platform-level uptime and application-level data integrity
 
 • Learn why rolling back changes in SaaS often makes things worse and how adopting a “fail-forward” approach ensures faster recovery and preserves data integrity across interconnected systems
 
Gain clarity on where SaaS provider responsibility ends and your ownership begins, plus practical steps for managing access, user provisioning, and data backup to strengthen compliance and reduce risk

Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

With 63% of breached organizations lacking AI policies and one in four CISOs reporting AI-generated attacks, the need for AI security expertise has never been more critical.  
Enter ISACA's new Advanced in AI Security Management (AAISM) certification, the industry's answer to the AI security governance problem. Designed exclusively for CISM and CISSP holders, AAISM validates your ability to govern, assess and secure AI implementations at the enterprise level.  
In this 30-minute session, ISACA's Kirsten Lora and Infosec Institute's Keatron Evans will unpack the new AAISM certification and share insights into mastering AI security. 
Join this 30-minute session to learn: 
• Why ISACA created the AAISM certification 
• If the AAISM is right for you and your team 
• Current AI governance and security challenges 
• Practical advice for implement AI governance frameworks

Mastering AI Security With ISACA’s New AAISM Certification

The race to integrate generative AI has created a dangerous blind spot, expanding the digital attack surface with entirely new vulnerabilities. This new frontier demands we understand the difference between AI Security (protecting the system) vs AI Safety (ensuring responsible behavior).

Join our panel of industry experts, including veteran pentester Gisela Hinojosa, research lead at Cobalt. Gisela will share firsthand accounts from the front lines of AI pentesting, including tactics attackers use and the defensive strategies you can deploy.

Join this session to learn:

• The critical differences between AI Security and AI Safety, and why you should address both
• Real-world examples of how attackers exploit LLMs, including prompt injection and sensitive data disclosure
• Actionable advice for building a proactive security program

Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

In an era of rapidly expanding regulations and a dynamic, complex risk environment, traditional approaches to IT audit and Governance, Risk, and Compliance (GRC) are proving insufficient. 
Many organisations grapple with outdated technologies and reactive, ad-hoc processes, leaving them vulnerable to data breaches, privacy violations, and non-compliance. 
This session will explore the transformative potential of emerging technologies, including Artificial Intelligence (AI), automated workflows, and advanced data analytics. 
We will delve into practical strategies for integrating these tools to build more effective, efficient, and forward-thinking IT audit and GRC programs, enabling teams to proactively address new challenges and safeguard their organisations.
• Understand the Modern IT Audit and GRC Imperative: Review the foundational principles of IT audit and GRC, and discuss why evolving risk landscapes and regulatory demands necessitate a shift from legacy practices.
• Demystify Key Emerging Technologies: Define and differentiate core concepts of AI, RPA, and data analytics, and identify their specific applications and benefits within audit and GRC contexts.
• Create Technology Integration Plans: Discuss best practices for identifying organizational needs and effectively integrating data analytics and other emerging technologies to enhance assessment, testing, and continuous monitoring processes.
• Address Implementation Challenges: Identify common pain points, bottlenecks, and risks (e.g., data leakage, IP concerns) associated with adopting new technologies and explore strategies to mitigate them.

Audit and Compliance in the Era of AI and Emerging Technology

Between rising regulatory demands, evolving threats, and stretched security teams, it’s no surprise that organizations are rethinking how they approach GRC. But nearly one third (30%) still rank compliance as a top-three challenge. 
In this session, explore the biggest sources of friction to maturing a GRC program, areas where GRC teams have leveraged orchestration and automation to make an immediate impact, and what the path forward looks like for proactively managing risk and compliance in high-regulation environments. Transform GRC from a checkbox into a strategic advantage.
Join this session to learn: 
Practical insights into reducing friction in GRC processes without adding headcount
Real-world examples of how teams are using workflow automation to drive efficiency and resilience
Actionable steps to align your GRC strategy with today’s regulatory environment and threat landscape

Modernizing GRC: From Checkbox to Strategic Advantage

This year has seen numerous well-known brands suffer cyber-incidents as a result of attacks emanating from compromised third-party vendors. The litany of victims include airlines, retail giants, fashion brands, tech companies and manufacturers. 

In many cases, attackers have targeted third-party suppliers with social engineering techniques which have been successful in enabling them access to high-value credentials. 

The spate of recent attacks has seen significant operational disruption and loss of revenue for victims. 

During this discussion, a panel of experts will analyze the lessons that can be taken from recent incidents and how third-party risk management strategies must evolve to keep pace with attackers' tactics.

Join this session to learn:

• How social engineering has been leveraged to steal credentials from third-party IT providers in 2025
• Why current third-party risk management strategies have fallen short in preventing these incidents
• How third-party strategies need to evolve to protect organizations from tactics deployed by groups like Scattered Spider

How to Stop the Third-Party Breach Epidemic Before It Hits You

The pressure is on for CISOs to present a clear, compelling case for cybersecurity to senior leadership, the c-suite and board of directors.

CISOs must assess their company's risk appetite (e.g. what level of risk is the organization willing to accept to achieve its objectives?) and tailor their communication to demonstrate how cybersecurity initiatives fall within that appetite.

During this discussion, a panel of experts will cover what metrics matter most to the board, how to frame security investments in terms of business value and best practices for demonstrating the ROI of your security program.


By joining this session, you will leave with a clear understanding of how to build trust and credibility with key stakeholders.

Join this session to learn:

 • Strategies to assess your organization’s risk appetite and align to your risk and threat profile (critical asset, sensitive data, attack surface, threat intelligence reports…)
 • How to prepare and deliver effective briefings that resonate with non-technical audiences
 • How to translate this risk profile into business terms and actionable insights 
 • Best practices for calculating and communicating the ROI of your security investments

Briefing the Board: Communicating Cyber Risk to Executives and Stakeholders

Discover why mid-market businesses are now prime cyber targets and how you can turn this risk into a strategic advantage. 

During this webinar, our panel of experts will discuss how to unlock the full value of your existing Microsoft Security stack, harness AI for both defense and efficiency, and build a culture of resilience through people and process. 

Take away practical steps to maximize your security investments, leverage AI and empower your team to transform cybersecurity from a cost centre into a true business enabler.

Join this session to:
Understand how you can maximise what you already own
 • Most mid-market firms have access to enterprise-grade Microsoft security tools. The challenge is activation, configuration, and ongoing optimisation, not buying more tech
 • Action: Audit your current Microsoft security stack and engage expert partners to unlock its full potential
Harness the power of AI with Microsoft Security
 • Cybercriminals are weaponizing AI, but Microsoft’s AI-powered security tools (like Security Copilot) can help you detect and respond to threats faster and smarter
 • Action: Invest in AI-driven security solutions and ensure your team is trained to use them effectively
Leverage your first line of defence: people & process
 • Technology alone isn’t enough. Regular employee training, a Zero Trust approach, and managed detection & response are critical for resilience
Action: Build a culture of security awareness and consider partnering with a specialist MSP for 24/7 protection

How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

Operational technology (OT) security continues to evolve and is an increasingly complex environment to manage. 

Security teams require more details, context and evidence to proactively tackle growing threats and meet internal and external documentation requirements, including to the boardroom and regulators.

In this environment, OT entities must establish a thorough, contextual view of the environment as well as automate and update its data in near real time.

In this 30-minute session, Rockwell Automation’s John Speakman will set out how to build a multi-dimensional view of the OT environment, going far beyond a simple inventory.

The presentation will also highlight how these insights can be leveraged for proactive risk identification and reduction across multiple industries.

Join this webinar to learn:

• The significant data collection and context challenges in OT security
• How to build a multi-dimensional view of the OT environment
• Gaining contextual risk calculation and resulting automated analysis
• Case studies from successful OT practitioners

OT Security Ecosystem for Targeted Risk Reduction and Reporting

The browser has become the central hub for modern work, yet it remains a significant blind spot in many organizations' security strategies. 
This 30-minute talking tactics webinar will explore the evolving landscape of browser-based attacks, drawing insights from real-world incidents and threat intelligence. This session will feature Mandiant and Chrome Enterprise experts who will provide frontline insights and practical guidance.
Join this session to:
• Uncover the hidden risks: Gain insights into real-world attack scenarios that exploit browser vulnerabilities, including phishing, data breaches and malicious extensions, highlighting the limitations of traditional security measures
• Gain practical strategies: Get actionable strategies for enhancing browser security
• Hear expert perspectives: Benefit from frontline insights from Mandiant and Chrome Enterprise experts, gain a deeper understanding of the threat landscape and learn effective defense techniques

The Invisible Frontline: Proactive Approaches to Browser Defense

Deploying and maintaining identity and access management in the cloud presents unique challenges, especially when considering non-human identities and service accounts.
These are vulnerable to issues such as account hijacking, lack of visibility, improper provisioning and inadequate access controls that can lead to data breaches and compliance failures.
This session covers why these accounts are prime targets for attackers, the risks inherent in their misuse and how they differ from regular user accounts.
Join the session to:
 ○ Identify the pitfalls of current practices in managing these identities
 ○ Understand principles of least privilege and comprehensive permission auditing tailored for service accounts
 ○ Learn how to implement robust, automated and comprehensive security measures to mitigate potential risks

Mastering Identity and Access for Non-Human Cloud Entities

In today’s complex, data-driven cloud environments, the greatest risk isn’t just a data breach—it’s a breach of trust. As organisations shift more applications and sensitive data to the cloud, identity has emerged as the new control plane for securing access. 

Yet many still face challenges: siloed identity systems, inconsistent access policies, and a growing landscape of threats—from misconfigurations to AI-driven fraud.

Join Rob Otto, EMEA CTO at Ping Identity, to learn how global enterprises are using identity-first security strategies to re-establish control, simplify cloud access, and protect critical data—without compromising user experience. This session will explore how adaptive identity can underpin a resilient cloud posture, empower zero trust initiatives, and build confidence in every digital interaction.

Key learnings:
 • Why identity is critical to securing multi-cloud and hybrid environments—and how to get it right.
 • How to use AI-driven identity threat protection to counter deep fakes, account takeover and API-based attacks.
 • Practical ways to unify identity across users, apps and ecosystems to reduce risk and improve agility.

From Chaos to Confidence: Establishing Trust in Every Cloud Interaction

IT compliance and cybersecurity teams have long struggled to effectively communicate the impact of threats and vulnerabilities to executives. 

When done right, cyber risk quantification allows IT professionals to speak the language of the business: financial impact. 

While the importance of cyber risk quantification is apparent, many organizations struggle to get these projects funded. 

During this webinar we will explain how cyber risk quantification can mature your overall risk management program. Our panel of experts will also help you recognize the limitations of solely relying on compliance frameworks and adopt a proactive, business-aligned approach to IT security and assurance.

Communication is key and cybersecurity leaders must develop the skills to articulate the financial impact of cyber risks effectively, enabling IT compliance teams to align with business objectives and secure buy-in for key initiatives.

Join our experts to explore: 

● The basics of risk quantification and how to get started without trying to boil the ocean
● The importance of moving beyond framework-driven security and assurance
● Best practices for communicating the impact of IT security and supporting business growth
● How to drive risk-informed decision-making within your organization

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

cybersecurity

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

Presented by

About this talk

Infosecurity Magazine