Hi [[ session.user.profile.firstName ]]

A How-To Guide for CISOs: Navigating the Top Trends in Third-Party Risk

The world of third-party risk management is rapidly changing. Each day, organizations like yours face new security, privacy, and compliance threats when working with third parties. The good news is there are world-class teams around the world that are paving the way with new best practices for the next generation of third-party risk management. In working with hundreds of these organizations, we’ve seen first-hand what it takes to be successful and secure when working with third parties.

So, is your third-party risk management program ahead of the curve? Attend this webinar to find out and learn more about:

- New trends in the third-party risk industry
- What emerging threats you can expect and how to address them
-How to find and leverage assessment communities and shared due diligence data

Jason Sabourin is the Product Manager for OneTrust Vendorpedia – part of the largest and most widely used technology platform to operationalize third-party risk, security, and privacy management. In his role, Sabourin is responsible for driving the development and delivery OneTrust Vendorpedia’s product line, as well as driving the refinement of the toolset and offerings. He takes a customer-based approach to product development and derives the majority of his backlog from customer feedback and direction. Prior to OneTrust, Sabourin spent six years at Manhattan Associate’s as a Design Lead where he collaborated with customers and R&D directors to identify market trends and opportunities for efficiency gains within clients distribution centers by utilizing Warehouse Management for Open Systems (WMOS). Sabourin is a Certified Information Privacy Professional (CIPP/E, CIPM) and a Certified Scrum Product Owner. He holds a Bachelor of Engineering in Mechanical Engineering from Vanderbilt University.
Recorded May 25 2021 48 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jason Sabourin |GRCP, CIPP/E, CIPM, CSPO, OneTrust Vendorpedia
Presentation preview: A How-To Guide for CISOs: Navigating the Top Trends in Third-Party Risk

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Why Zero Trust Starts with Identity Security Jun 16 2021 12:00 pm UTC 60 mins
    ISF and CyberArk
    Modern threats and recent incidents, such as the SolarWinds digital supply chain attack, are further proof that identity has become the new security battleground and that an “assume breach” mentality is a critical starting point to developing an effective security strategy.

    In this panel discussion, we bring together leading executives and analysts, who have decades of experience in this field, to provide CISOs and security executives with lessons learned and recommendations on Zero Trust models.

    Topics covered will include:
    • How the risks around privileged access are changing as users and resources are increasingly outside the corporate network,
    • What techniques attackers are using to try to gain privileged access,
    • How organizations can adopt a Zero Trust approach by moving toward comprehensive Identity Security.
  • A How-To Guide for CISOs: Navigating the Top Trends in Third-Party Risk Recorded: May 25 2021 48 mins
    Jason Sabourin |GRCP, CIPP/E, CIPM, CSPO, OneTrust Vendorpedia
    The world of third-party risk management is rapidly changing. Each day, organizations like yours face new security, privacy, and compliance threats when working with third parties. The good news is there are world-class teams around the world that are paving the way with new best practices for the next generation of third-party risk management. In working with hundreds of these organizations, we’ve seen first-hand what it takes to be successful and secure when working with third parties.

    So, is your third-party risk management program ahead of the curve? Attend this webinar to find out and learn more about:

    - New trends in the third-party risk industry
    - What emerging threats you can expect and how to address them
    -How to find and leverage assessment communities and shared due diligence data

    Jason Sabourin is the Product Manager for OneTrust Vendorpedia – part of the largest and most widely used technology platform to operationalize third-party risk, security, and privacy management. In his role, Sabourin is responsible for driving the development and delivery OneTrust Vendorpedia’s product line, as well as driving the refinement of the toolset and offerings. He takes a customer-based approach to product development and derives the majority of his backlog from customer feedback and direction. Prior to OneTrust, Sabourin spent six years at Manhattan Associate’s as a Design Lead where he collaborated with customers and R&D directors to identify market trends and opportunities for efficiency gains within clients distribution centers by utilizing Warehouse Management for Open Systems (WMOS). Sabourin is a Certified Information Privacy Professional (CIPP/E, CIPM) and a Certified Scrum Product Owner. He holds a Bachelor of Engineering in Mechanical Engineering from Vanderbilt University.
  • Extinction Level Attacks: Surviving Ransomware and Nation States Recorded: May 12 2021 44 mins
    Andy Jones, Distinguished Analyst, ISF
    Extinction level attacks present an almost insurmountable challenge as the digital world becomes weaponised. They are difficult to predict and very likely to overcome technical preventative controls. The devastation that they can cause is profound and business threatening. Accepting the reality of extinction level attacks and planning for survival represents a cost-effective and pragmatic approach.

    On Wednesday 12th May, 13:00 BST, Andy Jones, Distinguished Analyst at the ISF will be discussing his findings from this most recent research report, Extinction Level Attacks: A survival guide, in three key stages:

    • Prepare – tasks to complete before an attack, to ensure that the organisation is better prepared to respond to the attack when it happens.
    • Respond – tasks to execute during an attack, in order to lessen its impact and to speed the recovery.
    • Resume – tasks that are instrumental in returning to a stable and secure organisational state as quickly as possible.
  • What is your SASE architecture missing? Recorded: May 6 2021 56 mins
    Ross Asquith, Senior Sales Engineer, Netskope
    2020 proved that a digitally transformed future is coming faster than anyone could’ve ever imagined. Traditional network security architectures need to transform too, and Gartner is positioning the Secure Access Service Architecture (SASE) as the only way forward. It’s likely that you’ve already implemented components and principles of this new architecture into your environment, and your security strategy is more SASE than you perhaps think.

    ISF and Netskope are holding an exclusive virtual event on Thursday 6th May from 12.30 – 13.30 BST where we’ll be guiding you through an online SASE assessment. You’ll obtain a SASE score based on your assessment responses and a tailored report laying out suggested next steps for your journey to SASE.
  • Ransomware: It really is everywhere Recorded: Apr 21 2021 46 mins
    ISF and Crowdstrike
    On Wednesday 21st April, 14:00 BST, the ISF will be joined by Zeki Turedi, CTO, Europe, Middle East and Africa, CrowdStrike for a live panel discussion exploring the dangers of Ransomware, current trends, and how you can protect your organisation.

    Throughout this live conversation, we will discuss:

    • Recommendations for how you can protect your organisation’s data and network across both corporate-supplied and employee-owned devices, regardless of where they are located
    • What the trends are in the attacks of today and who is being targeted, including a dissection of key examples
    • Why ransomware that leverages the fear and uncertainty around the pandemic is on the rise and what can be done to combat it
    • Latest findings from the 2020 OverWatch report, including analysis on key adversary activity
  • Change Automation: Turning Network Security Alerts into Action Recorded: Apr 14 2021 45 mins
    Leslie McIntosh, Senior Engineer, AlgoSec
    You use multiple network security controls in your organization, but chances are, they’re not talking to each other. And while you probably get alerts from SIEM solutions and vulnerability scanners, responding to them feels like a twisted game of whack-a-mole.

    So, if manual, error-prone changes are insufficient for your multi-device, multi-vendor hybrid network, what’s the solution? Simple: Network security change automation.

    On Wednesday 14th April, 17:00 GMT, the ISF will be joined by Leslie McIntosh, Senior Engineer, AlgoSec for a webinar exploring how enterprise-wide change automation can transform your network security policies—without replacing existing business processes:

    1. Comprehensive Change Automation: Increase agility, accelerate incident response, and reduce compliance violations and security misconfigurations

    2. Smarter Security, Part 1: Automate security policy changes without breaking core network connectivity

    3. Smarter Security, Part 2: Analyze and recommend changes to your network security policies

    4. Smarter Security, Part 3: Push network security policy changes with zero-touch automation to your multi-vendor security devices

    5. Use What You’ve Got: Maximize ROI of your existing security controls by automatically analyzing, validating, and implementing network security policy changes
  • Why a Zero Trust Mindset is driving an Identity Centric Security Strategy Recorded: Mar 31 2021 39 mins
    Yuval Moss, VP Identity Security, CyberArk Ltd, DavidHiggins, EMEA Technical Director, CyberArk Ltd
    As Organisations continue to adopt and embrace new technology platforms, it also brings with it the requirement to reassess how these new environments are secured.

    The Assume Breach mindset, a key aspect of a Zero Trust, shifts the risk posture to that of applying defence against the concept that the perimeter has already been breached.

    In this session we run through the Tactics, Techniques and Procedures used in recent breaches and highlight the commonality across them; identity compromise and privilege elevation. This analysis will highlight the importance of taking an assume breach mindset to defence and that Identity becomes central to this strategy. Further, we will then position recommendations on how to protect against Credential Theft, Lateral Movement and Privileged Escalation across hybrid and cloud environments.
  • Cloud Security – a dynamic approach to cloud risk monitoring and reporting Recorded: Mar 16 2021 46 mins
    Benoit Heynderickx, Principal Analyst, ISF
    On Tuesday 16th March at 15:00 GMT, Benoit Heynderickx Principal Analyst at the ISF will be hosting a live webinar exploring cloud security and a dynamic approach to cloud risk monitoring and reporting.

    In this session we will be looking at:

    - Some of the new challenges faced by security and risk function when it comes to monitoring the risks posed by the multitude of cloud services recently acquired
    - The various solutions at-hands for cloud risk monitoring and reporting across the whole multi-cloud environment
    - Future trends leveraging the use of AI techniques for cloud risk monitoring.

    Benoit is a principal analyst at the ISF. He is the project lead for the ISF’s Supply Chain suite of products and the research lead for cloud security. Benoit has over 20 years’ experience in information security risk and assurance and has worked across various industries and large organisations. Benoit also has a special interest in the emerging quantitative techniques in risk analysis.
  • Continuous Supply Chain Assurance: Always know your risk Recorded: Feb 25 2021 47 mins
    Richard Absalom, Senior Research Analyst, ISF
    It is impossible to operate a business without having a supply chain. In the increasingly globalised environment, suppliers help to keep daily operations moving in every organisation. But this also brings information risk: supplier vulnerabilities are an increasingly common cause of compromise. Keeping a watchful eye on the security status of suppliers – always knowing the risk they present – is an important part of building resilience and maintaining operations.

    On Thursday 25th February, 14.00 GMT, Richard Absalom, Senior Research Analyst at the ISF and author of the Continuous Supply Chain Assurance report, will host an interactive panel discussing the need to continuously monitor supplier security and exploring the tools and techniques that organisations can use right now. He will be joined by David Aubrey-Jones, Threat Readiness Team Leader at NatWest Group, Elli Tsiala, Information Security Expert at ABN AMRO Bank N.V., and Phil Ramage, Head of Security Operations for Defence & National Security at Fujitsu.
  • Cybercrime Trends of 2021: A look into Cybercrime, Nation State and Ransomware Recorded: Feb 18 2021 47 mins
    Jared Phipps, SVP Worldwide Sales Engineering at SentinalOne
    Ransomware is on the rise—there's no doubt about that.

    On Thursday 18th February, 14:00 GMT/15:00 CET, the ISF will be joined by Jared Phipps, SVP Worldwide Sales Engineering at SentinelOne for a webinar looking into the cybercrime trends to look out for in 2021.

    Tune into this webinar and you will:
    • Understand who is behind today's ransomware attacks
    • Find out their motivation
    • Take a tour of the major nation-state players in cybercrime, including their methods, as well as providing mitigations to keep your infrastructure safe
  • Human-Centred Security: Positively influencing security behaviour Recorded: Feb 3 2021 45 mins
    Daniel Norman, Senior Solutions Analyst, ISF
    Human error and negligence still contribute to a significant number of security incidents, yet current approaches to mitigating this risk are failing to have the desired impact. Many organisations have not always prioritised the effective management of this risk and have historically relied upon security awareness to influence security behaviour. Yet this only resolves a small part of the problem and neglects other factors. A robust human-centred security programme is required.

    This webinar will help you to:

    - understand the key factors that influence behaviour
    - deliver impactful security education, training and awareness
    - design systems, applications, processes and the physical environment to account for user behaviour
    - develop metrics to measure behaviour change and demonstrate return on investment.
  • Why 5G security standards are so important and what is the latest progress? Recorded: Jan 26 2021 43 mins
    Yoann Klein, Senior Cyber Security Advisor
    5G promises many new capabilities and use cases, making this technology the coming preferred platform for the digitalized world. That is why security and resilience of our telco networks will become even more critical in the future. Our 5G networks must be built on a strong assurance system.

    NESAS is a collaborative, agreed and promoted standard amongst the telco industry. From vendors to operators but also at governmental level, it is perceived as the major foundation for answering our telco security challenges. But what is exactly the NESAS standard ? How is it making 5G more secure? And what can we expect from it today and in the future ?

    This webinar will propose you an overview of the 5G security standard ecosystem and to discover what are the latest updates on NESAS
  • Managing the Insider Threat: Human-Centred Security Recorded: Jan 20 2021 44 mins
    Daniel Norman, Senior Solutions Analyst at ISF, Dr Margaret Cunningham of Forcepoint, Oz Alashe of CybSafe
    The insider threat comes in many forms, with employees acting maliciously, negligently and even accidentally to compromise information assets. Managing the insider threat is arguably the biggest challenge in information security, with the majority of security incidents coming from a human source. A lack of understanding of behaviour, mismanagement of resources and an inability to measure the success of initiatives has contributed to the wider issue.

    On Wednesday 20th January, 13:00 GMT, Daniel Norman, Senior Solutions Analyst at the ISF and author of the ISF Human-Centred Security research series will be joined by Dr Margaret Cunningham, Principal Research Scientist for Human Behavior at Forcepoint, and Oz Alashe MBE, CEO at CybSafe for a live interactive panel discussion exploring the insider threat and the impact it has on cybersecurity.

    About our speakers
    Dr Margaret Cunningham, Principal Research Scientist for Human Behaviour, Forcepoint

    Dr. Margaret Cunningham is Principal Research Scientist for Human Behavior within Forcepoint X-Labs, focused on establishing a human-centric model for improving cybersecurity. Previously, Dr Cunningham supported technology acquisition, research and development, operational testing and evaluation, and integration for the U.S. Department of Homeland Security and U.S. Coast Guard

    Oz Alashe MBE, CEO, CybSafe

    Oz Alashe MBE is CEO and Founder at CybSafe, a behavioural science and data analytics company that builds software to better manage human risk. A former UK Special Forces Lieutenant Colonel, Oz is focused on making society more secure by helping organisations address the human aspect of cyber security. He has extensive experience and understanding in the areas of intelligence insight, complex human networks, and human cyber risk and resilience. He’s also passionate about reducing societal threats to stability and security by making the most of the opportunities presented through advancements in technology.
  • A Wizards Guide to Security in the Cloud Recorded: Jan 12 2021 43 mins
    Ell Marquez, Linux and Security Advocate, Intezer
    A Horcrux is a powerful object in which a Dark wizard or witch [attacker] has hidden a fragment of his or her soul [code] for the purpose of attaining immortality [persistence].

    Creating a Horcrux gives one the ability to anchor their own soul [code] to earth[environment], if the body [process] is destroyed.

    In this session, we will come to understand how attackers are able to not only compromise our cloud environments but also maintain persistence—while our security teams are distracted by a mountain of false alerts. If we focus on the root cause of all cyber attacks: unauthorized spells, wait, I mean unauthorized code.
  • Using AI, automation and open standards to modernize security Recorded: Dec 15 2020 47 mins
    Chris Meenan, Director of Threat Management Offering Management and Strategy at IBM Security IBM Security
    As organizations manage increasing cloud-based workloads and a remote workforce, the need to shift to a modernized, remote security operations center (SOC) is a high priority for security leaders. SOC teams need to be able to analyze user, device and application behaviors across devices, networks and multiple cloud services. They have to do this while maintaining existing staffing levels and a fragmented security tool environment. In order to address these challenges, security leaders are adopting a modern, unified approach to managing threats that brings together automation, AI and a standards-based approach that provides better visibility and detection across hybrid, multicloud deployments.

    Join this webinar to hear how IBM Security is addressing these challenges by bringing together threat management and data security solutions, leveraging an open, multicloud platform and working to simplify and streamline the analyst workload.

    Speaker:

    Chris Meenan
    Director of Threat Management Offering Management and Strategy at IBM Security
    IBM Security

    Chris Meenan is the Director of Threat Management Offering Management and Strategy within the IBM Security division. He has over 15 years of experience in product management and has been involved in developing, managing, releasing and selling software products for over 25 years. Chris has an extensive market, domain, and customer knowledge in IT Security, Customer Relationship Management and Telecom OSS solutions. Chris holds a 1st Honours degree in Physics and has a PhD in telecommunications.
  • Emerging Cyber Threats for 2021 Recorded: Dec 9 2020 47 mins
    Steve Durbin, Managing Director, ISF
    The fallout from COVID-19 has presented a complex set of interrelated factors, causing a ripple effect that impacts the global economy, every geographic region and all industry sectors.

    Organisations have been thrust into chaos, and the role of the Security Officer and security function is about to come under increasing pressure with a number on previously unanticipated scenarios and threats over the coming months.

    On Wednesday 9th December, 13:00 GMT, join Steve Durbin, Managing Director of the ISF for our annual emerging threats webinar, exploring the key information security threats to look out for in 2021 and how you can prepare for them.

    Throughout this webinar, Steve will explore the following threats:
    •The insider threat
    •Edge computing pushes security to the brink
    •The digital generation becoming the scammers dream
  • Looking Forward to 2021: The Future of Security Intelligence Recorded: Dec 3 2020 28 mins
    Jason Steer, director of EMEA presales at Recorded Future
    On Thursday 3rd December, 11:00 ET/ 16:00 GMT, the ISF will be joined by Jason Steer, director of EMEA presales at Recorded Future for a webinar exploring the future of security intelligence and what we can expect in 2021.

    It’s critical for organisations to know how to evaluate a security intelligence provider, and ultimately choose one that will effectively reduce alert fatigue, improve decision making across the business, and deliver unique insights on a broad range of threats.

    But what are the capabilities you should be looking for in a provider to best enable your business to benefit?
  • Assess. Comply. Assure: Eight Cyber Challenges in an Uncertain World Recorded: Nov 12 2020 45 mins
    Alex Jordan, Senior Analyst, ISF
    Cybercrime flourishes in an economic downturn, and as more organisations
    adopt digitalisation and move operations online, their need to protect data
    and critical assets increases.

    We live in an uncertain world where budgets and resources are tight, yet
    the need to manage information risk and establish resilience has never been
    more important.

    On Thursday 12th November, 09:00 GMT, Alex Jordan, Senior Analyst at the ISF will be exploring eight cyber challenges in an uncertain world and how the ISF Aligned Tools Suite 2020 equips you to respond.

    This webinar will help you answer questions such as:

    ‒ How do you prioritise when resources are under pressure?
    ‒ How do you determine a manageable level of information risk?
    ‒ How do you assure your supply chain?
    ‒ How do you manage compliance across multiple standards?
  • The Hitchhiker’s Guide to Cybersecurity Recorded: Nov 4 2020 44 mins
    Ashley Ward, Cloud CTO at Palo Alto Networks
    Imagine, like Arthur Dent, that you have to deal with rapid change brought on by forces beyond your control. In this talk we’ll look at how cybersecurity has had its “Earth” demolished to make way for a “DevOps bypass” and how security can and will adapt to this new future.

    This talk uses Douglas Adams’ book The Hitchhiker’s Guide to the Galaxy as a basis to provide both structure and entertainment. Roughly following the book’s plot, we’ll showcase how cybersecurity has had its world turned upside down and how processes in this new world sometimes appear to be counterintuitive. In this way, we’ll examine how DevOps, cloud native computing, and agile ways of working can be used by security teams to adapt and improve their cybersecurity technology and outcomes even though they might initially seem very alien.

    We’ll pepper the talk with actionable ideas for teams to embrace and enhance the security of their organizations.

    Learning outcomes
    1. Understand that cybersecurity expertise is needed more than ever in cloud native environments. Once thought of as “blockers,” security teams are now actually business enablers.
    2. Appreciate that security leaders have to learn to automate and operate more efficiently or be overwhelmed. With the right technology in place, it’s possible to scale security teams as needed to be able to respond to any and all threats.
    3. Get excited about this new way of working – having gone through a DevOps digital transformation with a financial services organisation, I’ll give senior cybersecurity leaders intel they can use to sidestep the pitfalls that usually accompany this level of change.
  • Slackers, Go-Getters, & Evildoers: Understanding Negative Workplace Behaviors Recorded: Oct 29 2020 46 mins
    Dr. Margaret Cunningham, Principal Research Scientist for Human Behavior, Forcepoint X-Labs
    Understanding bad behavior is critical to establishing effective cybersecurity solutions. Be part of the live conversation as the ISF explores three different types of rule breakers with Forcepoint’s research scientist Dr. Margaret Cunningham, and tries to understand how their motivations can jeopardize security.

    Key takeaways for attendees will include the identification of challenges and strategies for mitigating the risks that stem from negative workplace behaviors.

    Dr. Margaret Cunningham is Principal Research Scientist for Human Behavior within Forcepoint X-Labs, focused on establishing a human-centric model for improving cybersecurity. Previously, Cunningham supported technology acquisition, research and development, operational testing and evaluation, and integration for the U.S. Department of Homeland Security and U.S. Coast Guard
Live monthly webcasts for CISO’s and business leaders
Steve Durbin, Managing Director of ISF Ltd and ISF analysts will present the ISF webinar series: "In pursuit of the secure organisation..."
We will be sharing thought leadership and practical guidance drawn from ISF Members, which include many of the world’s leading Fortune and Forbes listed organisations) on how to address cyber, information security and risk management issues facing businesses and their security teams.

1. Emerging Cyber Threats (ISF Threat Horizon annual series)
2. The role of the CEO and business leaders in cyber security
3. Being a successful CISO
4. Cyber-attack trends
5. Critical Asset Management
6. Data breach prevention
7. Supply chain
8. Insider Threat and the role of the end user

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: A How-To Guide for CISOs: Navigating the Top Trends in Third-Party Risk
  • Live at: May 25 2021 12:00 pm
  • Presented by: Jason Sabourin |GRCP, CIPP/E, CIPM, CSPO, OneTrust Vendorpedia
  • From:
Your email has been sent.
or close