Name: GDPR One year later: Is a Risk-Based Approach to Data Privacy possible?
Start: 2019-05-20T17:00:00Z
End: 2019-05-20T17:00:44.000Z
Location: BrightTALK
Rating: 4

A thought-provoking webinar programme developed from over three decades of collaborating with our Members across global business, government bodies, legislators and cyber security experts.

As the regulatory landscape continues to evolve, organizations are aligning with industry standards and frameworks to effectively support their operational, compliance and audit requirements.

Whilst security leaders are aware of the considerable advantages this strategic adoption brings, budget constraints, shifting priorities and a shortage of cyber security expertise are leaving security teams grappling with a host of organizational and technical roadblocks.

Faced with this reality, join us for the opportunity to engage with ISF experts and discover how the ISF Standard of Good Practice (SOGP) is supporting over 480 leading global organizations in managing compliance across multiple standards and jurisdictions.

In this session, we will explore how to:
- integrate up-to-date best practice into business processes, risk management and information security programmes and policies
- minimise effort and investment when looking to comply with international industry standards and frameworks
- build a strong foundation for resilience based on ISF security controls frameworks.

The Standard of Good Practice: A unified approach to compliance

Information risk assessments enable organisations to select controls or other treatment options that are commensurate with risk in order to reduce the frequency and impact of information security incidents.

ISF materials, including the SOGP, have been developed to support the risk assessment process of identifying business impacts, assessing key threats and vulnerabilities, in addition to treating information risks. These materials complement organisational approaches to information risk assessment and, when used in conjunction with ISF Risk methodologies such as IRAM2 or QIRA, enables an organisation to keep information risk within acceptable limits.

Join Benoit Heynderickx, Principal Analyst and Hui Shan, Senior Analyst, at the ISF, for our final webinar in the ISF Cyber Security Showcase Week, where they consider all these different materials, and present how they can be combined and used to effectively manage risk.

Manage Risk the ISF Way

Successfully withstanding, and recovering from, a major cyber incident depends on strong leadership, planning and preparation. During a cyber crisis, you face a second enemy - time!
 
In this session Mark Chaplin, ISF Principal, will share top tips and insights from the many Cyber Simulation Exercises he and his team have run for leading global organisations.
 
You will learn about best practices in cyber resilience and hear about the success factors and also pitfalls that challenge organisations at all levels, from technical and operational to executive and board level.

Lessons from the frontline: What we learn from Cyber Simulation Exercises

Have information security leaders changed business stakeholders' perception of security in recent years, or is security still merely seen as cost, friction and burden?

Security leaders and their teams remain committed to helping business stakeholders understand the value of balancing security, risk and innovation to achieve business goals and maintain competitive advantage. However, many are frustrated at the challenges faced when nurturing relationships with business stakeholders.

In this presentation, we will explore some of the reasons for the slow progress and suggest steps that could be taken to accelerate a more positive change in how security is perceived - unlocking its true value and potential.

Unlocking the Business Value of Security

Achieving behaviour and culture change requires execution of a multi-dimensional strategy that goes beyond just learning and awareness. The ISF has been building human centred security expertise by researching where the major gaps in organisations’ approach lie, and the corresponding solutions. This webinar will demonstrate how ISF methodologies and case studies can demonstrate how an intentional, targeted behaviour change programme can improve business resilience.

In this session, organisations will:
- Identify about common security incidents and data breaches caused by human behaviour.
- Understand what initiatives most effectively transform human behaviour and organisational culture.
- Hear case studies about how to implement behaviour and culture change programmes.

Human-Centred Security - Transforming Security Behaviours

This presentation will explore the present and future of the AI tools that everyone seems to be using right now.

ChatGPT, Bard, Mid-Journey, Llama and many others are all proving popular with businesses and consumers alike, but few are considering the risks they take when they ask them to generate text, create an image, write code or even just search for information.

By exposing the pressures these tools put on organisations, and the dangers people are courting, this talk will act as a guide on how to handle these sites and platforms so they do not wreck existing security safeguards or put people at risk. Properly harnessed, the tools have great potential to augment people and help them do a better job rather than expose them, and their employer, to unknown or unforeseen risks.

Surviving AI and Staying Safe

The recent commercialization of generative AI and large language models like OpenAI’s ChatGPT has sent shockwaves through the cybersecurity community.  From blocking its use to setting up “guardrails” the response has been quick but tentative. There is a lot to be learned.

On the opposite side of that concern is the promise that generative AI brings to cybersecurity processes and solutions.  In particular, generative AI will play a role in third-party security risk management.

In this session, Dov Goldman, VP Risk Strategy at Panorays, will explore what he and his firm see as the benefits AI will bring to the challenge of third-party security risk management and how they plan to utilize the power of this capability.

Beyond Third-Party Security

Some consider that cyber attacks are one of the four most important global concerns that society faces, to include Climate Change, Weapons of Mass Destruction and Disease Pandemics. Whether sensational talk or fact, cyber attacks are both increasing in number and scale.

Join Steve Dobson, Operations Director at the ISF, as he kicks-off the ISF Cyber Security Showcase Week to discuss:
- What are cyber attacks?
- What are the reasons behind the growth of cyber attacks?
- Who is most at risk?
- What are the five key steps everyone can do to be better aware - and better protected - from attack?

Why Cyber Security is for Everyone

In 2022, observed cloud exploitation cases grew by 95%. As organisations migrate more of their operations to the cloud, it is imperative to understand the motivations and strategies of these cloud adversaries to effectively defend against attacks.

CrowdStrike’s 2023 Cloud Risk Report puts a spotlight on the adversaries targeting enterprise cloud environments. Register to learn key trends in adversary activity, real-world stories of attacks on the cloud, the critical oversights leaving organisations vulnerable and guidance for defending against cloud-conscious adversaries. 

You'll learn about how:

- Adversaries are sharpening cloud TTPs
- Identity is a key access point in the cloud
- Human error drives cloud risk

The Rise of the Cloud-Conscious Adversary

Cyber asset discovery - the process of identifying and managing all devices, endpoints, and resources connected to a network, is a market projected to grow from $100M in 2021 to $4bn in 2030. Organisations from across all industries are facing a rise in cyber threats and are setting their sights on asset discovery solutions to avoid losing ground to bad actors.  

This panel session features ISF Analyst, Mark Ward in conversation with:

- Peter West –  Assistant Head, Defensive Cyber Organisation at UK Ministry of Defence, with 20 years’ experience across the MoD as a Crown Servant in Project and Programme Delivery.

- Justin Stouder – Chief Technology Officer at FireMon with over 20 years' experience building world-class software development and operations organisations.

Join this panel discussion to learn about:

- The rising significance and growth of asset discovery
- The pivotal role data quality and speed play in decision making
- The consequences of inadequate discovery and overcoming common challenges

Cyber Asset Discovery: From 'nice-to-have' to mission critical

Having a successful security posture is more easily said than done. It takes a well-designed strategy for a host of multi-faceted parameters to come together to truly bring security to an organization. 

Security Culture, being the ideas, customs, and social behaviours of an organization that influence security, is a powerful tool to help nurture and sustain that which keeps your organization safe.

In this session, we'll be hearing from industry expert Jelle Wieringa about how you can use security culture to your advantage. Based on statistics from academic research, combined with real-world experience, you'll hear everything you need to know to better understand what it can bring you and your organization

In this session you will learn:

- What defines a Security Culture
- How can you measure and better understand your existing security culture
- What are proven and practical ways to grow your security culture?

Security Culture: Making cybersecurity an active part of your organization

The cloud is big business, and threat actors know it. 

Ransomware attacks in the cloud are steadily increasing in both volume and sophistication, and organisations are struggling with a common cloud security challenge. The issue boils down to: how do we secure our cloud-enabled business without throttling innovation? After all, no one went to the cloud to slow down.

Join SentinelOne as they speak plainly about cloud defence in depth. From build time to runtime, they will discuss the complementary roles of agentless (“shift-left”) and agent-based (“shield right”) security layers. Covering both CNAPP (Cloud-Native Application Protection Platforms) and real-time cloud workload protection (CWPP), they will examine a cloud ransomware incident, and share insights to help your organisation accelerate innovation while operating securely.

Shift Left, Shield Right: The role of CWPP in a CNAPP world

Hybrid IT environments are no longer the exception for the modern enterprise; they are now the rule. 

Embracing hybrid clouds allow your organisation to innovate more rapidly and achieve better business outcomes through technology. But you have to achieve these outcomes while minimising risk - that’s the goal. 

Faced with this new reality, join Nachiket Joshi from CrowdStrike in July for a webinar exploring how IT leaders like yourself can manage and secure a continuously changing attack surface.

The Perfect Storm: Preparing today for the future state of cloud security

Even with the recent focus on increasing diversity across the industry, 75% of cyber security roles continue to be held by men. 

Particularly against the backdrop of a staffing and skills shortage, it is evident that there is a need to remove structural and cultural barriers to attract and retain diverse talent.

In this webinar, the ISF has brought together a panel of women, each with a unique and illuminating path into the industry. As a result, they are passionate about sharing their experiences to support and cultivate a community of aspiring female information security professionals. 

During this session, our panel will be discussing:

• how to break through the institutional and cultural barriers in the information security profession
• how to attract and retain a more diverse workforce from a variety of professional backgrounds
• the possible paths into the industry and the required skillsets for individuals at all career levels
• the network and training groups available for women in cyber.

Why Women Should Choose Cyber

In this session, we will demonstrate how the cross reference can help security practitioners leverage the two resources to deploy effective controls over their multi-cloud environments.

Join Benoit Heynderickx (ISF) and Lefteris Skoutaris (CSA) on the 18th April 2023 to learn:
- what is the CSA CCM, and the importance of cloud controls
- how SOGP can be used by focusing on those controls that are mapped to CSA CCM  
- how to utilise the mapping to determine gaps within your cloud environments and where both the SOGP and the CSA CCM can be used to resolve these gaps.

Speakers:
Benoit Heynderickx - Principal Analyst, ISF

Benoit is a Principal Analyst at the ISF specialising in supply chain, cloud security and quantitative risk analysis. As an experienced information security professional, he has a wealth of knowledge and practical experience implementing large scale information security and risk programmes such as ISMS, SOX IT Compliance, and third-party risk assurance programmes. Benoit holds security certifications from ISACA and the CSA, as well as an MSc in Information Security and Risk from City, University of London. Benoit is also a Full Member of the Chartered Institute of Information Security.

Lefteris Skoutaris - Program Manager, Cloud Security Alliance (CSA)

Lefteris has been working as a security analyst for the Cloud Security Alliance (CSA) over the past 5 years and is currently managing CSA’s Cloud Controls Matrix (CCM) Working Group (WG) and CCM V4.0 program development activities. Mr. Skoutaris has previously worked at the European Space Agency (ESA) and European Organization for Network and Information Security (ENISA). He has been substantially contributing to cyber and cloud security related projects on research, architecture and frameworks development.

Using the SOGP and CCM for Multi-Cloud Security

We all know the story. The threat landscape is ever-evolving and security teams have to stay ahead of the curve and protect their networks. But what if we told you that the majority of security investments are failing?  

The reality is that your tools are only good as the data they receive. If you do not have the capability to see exactly what is on your network, then how can you expect your security tools to do what you paid them to do? 

It’s time to illuminate the blind spots and really protect your perimeter. 

Join FireMon on the 21st March, as they cover: 
• the evolving security landscape and the risks facing your organisation today 
• why asset discovery and identification is crucial to securing your environment, for good 
• how to maximise your security tool investments and extract their full value  
• how illuminating your blind spots delivers ROI, prevents breaches, data loss and reputational damage 
• beyond visibility, managing network access correctly.

Illuminate the Blind Spots: Why your security investments are failing

With organisations increasingly relying on web applications, it is more vital than ever for CISOs to adopt a proactive approach to security testing. 

In this session John Stock, Director of Product Management at Outpost24, will be discussing the latest trends and challenges in application security, providing practical tips and best practices for identifying your attack surface and protecting your organisation from today's sophisticated threat landscape. 

This webinar will provide valuable insights and strategies to help you safeguard your organisation's critical assets. Register to learn more about the most pressing threats in application security and how to effectively mitigate them.

Threats to Watch Out For: A CISOs guide to application security

Phishing has been, is, and will continue to be one of the most prolific and challenging security problems faced by organisations worldwide. 

As a result, it is imperative to identify ways in which your organisation can fight back from a technology, operational, and leadership perspective.

Join us on 7th February 2023 at 14:00 GMT as the panel explore how AI/ML-based email security vendors, front-line CISOs, and board advisors view this problem and provide insight into how we can all start tackling phishing head-on.

Perspectives on Fighting Back Against Phishing Attacks

Understanding Facial Recognition Technology and Consumer Privacy Implications

Impact of GDPR on Go-To-Market Strategy

5 practical steps to implement your GDPR project

Riding New Data Regulation Waves: Intro to CCPA

Launch Your Global Cyber Career: Get NIST RMF Certified to Prevent GDPR Fines

Privacy & Security Under GDPR and CCPA

GDPR + Customer Identity: The Journey to Compliance

[PANEL] The GDPR Effect on Privacy & Security

GDPR - a new global standard?

GDPR turns one: Protecting Privacy & Maintaining Security in the new GDPR world

Checking a Box is Not Enough : Handling Lawful Consent in a Post-GDPR World

Privacy and security: A symbiotic relationship

The Monty Python Guide to Privacy Controls

Know Your Data, Manage Your Risk I Hold Less Data and Mitigate Breach Liability

Data Breach Response - what do you need to know?

Driving GDPR Compliance From The Inside Out

[PANEL] Ensuring Continued Compliance – Data Protection

GDPR: What’s happened in the last year

GDPR Explained in 6 Steps

Privacy in the age of big data and algorithms

GDPR Starts With Your Data, Not With Lawyers

Protecting personal data in the cloud:lessons learned after 12 months of GDPR

GDPR: One Year Later

With businesses streamlining processes and automating customer service through outsourced arrangements, the volume and content of electronically transmitted personal data records has increased beyond all previous estimates. The sharing of special categories of data between businesses and their suppliers has become the norm, sometimes without adequate protection for the individual’s privacy in breach of the GDPR. Where there are hundreds of supplier contracts, it is not pragmatic for an organisation to review and tighten all these contracts immediately in the wake of the GDPR, however a risk-based approach can certainly reduce the compliance burden upon existing teams.

In this seminar, we introduce the concept of a minimum viable product for this aspect of data privacy and describe how it can be aligned with an organisation’s risk appetite and agreed before prioritising and mitigating data privacy risks.

GDPR One year later: Is a Risk-Based Approach to Data Privacy possible?

GDPR

Data Privacy

Information Security

Risk Assessment

IT Security

Cyber Defence

Cyber Security

Compliance

Breach Prevention

Security Awareness

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

GDPR One year later: Is a Risk-Based Approach to Data Privacy possible?

Presented by

About this talk

More from this channel