Name: Illuminate the Blind Spots: Why your security investments are failing
Start: 2023-03-21T13:00:00Z
End: 2023-03-21T13:47:28.000Z
Location: BrightTALK
Rating: 4.2

Steve Durbin, Chief Executive of the ISF and ISF analysts will present the ISF webinar series: "In pursuit of the secure organisation..."
We will be sharing thought leadership and practical guidance drawn from ISF Members, which include many of the world’s leading Fortune and Forbes listed organisations) on how to address cyber, information security and risk management issues facing businesses and their security teams. 

1.	Emerging Cyber Threats (ISF Threat Horizon annual series)
2.	The role of the CEO and business leaders in cyber security
3.	Being a successful CISO
4.	Cyber-attack trends
5.	Critical Asset Management
6.	Data breach prevention 
7.	Supply chain
8.	Insider Threat and the role of the end user

In this session, we will demonstrate how the cross reference can help security practitioners leverage the two resources to deploy effective controls over their multi-cloud environments.

Join Benoit Heynderickx (ISF) and Lefteris Skoutaris (CSA) on the 18th April 2023 to learn:
- what is the CSA CCM, and the importance of cloud controls
- how SOGP can be used by focusing on those controls that are mapped to CSA CCM  
- how to utilise the mapping to determine gaps within your cloud environments and where both the SOGP and the CSA CCM can be used to resolve these gaps.

Speakers:
Benoit Heynderickx - Principal Analyst, ISF

Benoit is a Principal Analyst at the ISF specialising in supply chain, cloud security and quantitative risk analysis. As an experienced information security professional, he has a wealth of knowledge and practical experience implementing large scale information security and risk programmes such as ISMS, SOX IT Compliance, and third-party risk assurance programmes. Benoit holds security certifications from ISACA and the CSA, as well as an MSc in Information Security and Risk from City, University of London. Benoit is also a Full Member of the Chartered Institute of Information Security.

Lefteris Skoutaris - Program Manager, Cloud Security Alliance (CSA)

Lefteris has been working as a security analyst for the Cloud Security Alliance (CSA) over the past 5 years and is currently managing CSA’s Cloud Controls Matrix (CCM) Working Group (WG) and CCM V4.0 program development activities. Mr. Skoutaris has previously worked at the European Space Agency (ESA) and European Organization for Network and Information Security (ENISA). He has been substantially contributing to cyber and cloud security related projects on research, architecture and frameworks development.

Using the SOGP and CCM for Multi-Cloud Security

With organisations increasingly relying on web applications, it is more vital than ever for CISOs to adopt a proactive approach to security testing. 

In this session John Stock, Director of Product Management at Outpost24, will be discussing the latest trends and challenges in application security, providing practical tips and best practices for identifying your attack surface and protecting your organisation from today's sophisticated threat landscape. 

This webinar will provide valuable insights and strategies to help you safeguard your organisation's critical assets. Register to learn more about the most pressing threats in application security and how to effectively mitigate them.

Threats to Watch Out For: A CISOs guide to application security

Phishing has been, is, and will continue to be one of the most prolific and challenging security problems faced by organisations worldwide. 

As a result, it is imperative to identify ways in which your organisation can fight back from a technology, operational, and leadership perspective.

Join us on 7th February 2023 at 14:00 GMT as the panel explore how AI/ML-based email security vendors, front-line CISOs, and board advisors view this problem and provide insight into how we can all start tackling phishing head-on.

Perspectives on Fighting Back Against Phishing Attacks

As 2022 comes to a close, we find ourselves faced with as challenging a landscape as ever: a global cost of living crisis spiralling out of control, tensions disturbingly rising between nation states, and a seemingly unsurmountable climate emergency.

Amongst all of this macro-economic, geopolitical, social and environmental change, our global dependence on technology is being exposed day by day. Organisations and governments are struggling to keep pace with threat actors, and citizens’ privacy, public service delivery and critical national infrastructure are all at risk.

To prepare leaders to step up to the challenge and guide their organisations back from tipping point, Chief Executive of the ISF Steve Durbin will be taking to the stage once again for our annual Emerging Threats webinar.

Join us on Wednesday 7th December 2022 at 14:00 GMT/09:00 EST for insight into the key information security threats to look out for in 2023, and guidance on how you can prepare against them.

Throughout this webinar, Steve will explore the following threats:
• continued growth of cyber attacks - the rise of ransomware as a service and the cyber mercenary
• the poisoning of the data well - data manipulation compromising the accuracy and credibility of information, damaging the integrity of decision making
• the world of the never normal - the constantly shifting security, regulatory and ethical landscape in which we all need to operate.

ISF Annual Threat Update: Emerging threats for 2023

Information risk assessments enable organisations to select controls or other treatment options that are commensurate with risk in order to reduce the frequency and impact of information security incidents.

ISF materials, including the SOGP, have been developed to support the risk assessment process of identifying business impacts, assessing key threats and vulnerabilities, in addition to treating information risks. These materials complement organisational approaches to information risk assessment and, when used in conjunction with ISF Risk methodologies such as IRAM2 or QIRA, enables an organisation to keep information risk within acceptable limits.

Join Gareth Haken, Principal Analyst at the ISF, for our final webinar in the ISF Cyber Security Showcase Week, where he considered all these different materials, and presented how they can be combined and used to effectively manage risk.

Protect your data and defend against cybercriminals. Download your FREE ISF cyber security awareness month resource kit today - https://bit.ly/3r0kHPs

Managing Risk the ISF Way

The digital transformation has affected all sectors: automotive, industry, banking, health, and since the pandemic the education sector has been transformed, not to mention remote working.

From the industrial network to the cloud, the attack surface has become fragmented, and hacker groups have become more and more agile in exploiting vulnerabilities that have often been present for many months. Finding attack paths before they are exploited across the entire attack surface is changing our approach to vulnerability management. Companies need to identify critical assets as soon as possible to reduce the risk of attack.

Protect your data and defend against cybercriminals. Download your FREE ISF cyber security awareness month resource kit today - https://bit.ly/3r0kHPs

How to Identify and Prioritise Attack Paths and Prevent their Exploitation

Following a turbulent two years, former-CISO and Distinguished Analyst at the ISF, Paul Watts, and Mark Ward, Senior Research Analyst at the ISF, are considering key recommendations for CISOs to improve or maintain their (and their team’s) prominence and relevance to their stakeholders.

In this session, Paul and Mark reflect on where CISOs find themselves today, and what changes they should be looking at to ensure their role continues to add value to an increasingly technically competent digital enterprise.

Protect your data and defend against cybercriminals. Download your FREE ISF cyber security awareness month resource kit today - https://bit.ly/3r0kHPs

The Future CISO: Securing the digital organisation of tomorrow

The post-digital transformation reality has exposed businesses differently across newly adopted IoT eco-systems and expanding regulations targeting cyber negligence. Exposure has been realised as incidents have increased in frequency, cost, and complexity. From business engagement to technology risk oversight, an integrated strategy is essential to reinforcing and measuring your InfoSec risk program.

In this session, Jorge highlights some of the latest market insights from InfoSec leaders, peers, and industry analysts, examining the driving factors behind business challenges in managing risk. He also discusses how scaling your approach to managing IT and data assets, risks, controls and policies can deliver a more complete picture to better measure and inform program investments.

Key takeaways:
 - how to evaluate your current IT-ecosystem and centralise key data points to enhance visibility to risk across critical areas of the business
 - enhance risk response by aligning with the business to transition from low to high trust risk and security culture
 - identify areas for efficiency gains to focus on strategic program investment.

Protect your data and defend against cybercriminals. Download your FREE ISF cyber security awareness month resource kit today - https://bit.ly/3r0kHPs

Keeping Pace with Cyber Security by Scaling IT Governance & Data Risk Management

Phishing continues to be the preferred method that cybercriminals use to gain access to a business-critical information. While many organisations have turned to technology to combat the threat, criminals blend their own technology and creativity to bypass legacy security systems and launch their attack – meaning your business’s customer, employee, and financial data is one corrupt email away from a breach.

As the threats gain in volume, organisations need to deploy a modern approach to email security to protect their business.

Watch Justin Pemberton, Senior Director of Sales for UK & Ireland at IRONSCALES, as he expands upon:

 - the types of attacks that sneak through legacy email security software
 - tips for creating a modern, hybrid approach to fight phishing
 - examples of the hybrid approach in action.

Protect your data and defend against cybercriminals. Download your FREE ISF cyber security awareness month resource kit today - https://bit.ly/3r0kHPs

The Modern Approach to Fight Phishing

Once viewed as an expensive luxury, developments in threat intelligence have enabled the capability to move into the realm of quicker, real-time updates of an organisation’s threat landscape and potential threat events.

However, threat intelligence can provide value only if it enables the business to take action. If skilfully crafted and employed, threat intelligence informs decisions and enables actions that equip an organisation to react not only to today’s threats, but also to prepare for tomorrows.

Join Max Brook, Research Analyst at the ISF, as he draws from his experiences in writing the latest ISF Threat Intelligence report, to get to the core of what intelligence really is and explore how you can develop and maintain an effective threat intelligence capability – helping your organisation to understand the threats you face, and make well-informed decisions about how to address them.

Protect your data and defend against cybercriminals. Download your FREE ISF cyber security awareness month resource kit today - https://bit.ly/3r0kHPs

Threat Intelligence: An evolving capability

Organisations around the world rely on Industrial Control Systems (ICS) assets and environments to support their business operations and processes every day.

Through innovations in ICS technology and broader digital transformation, these assets are increasingly breaking out of what were previously isolated environments and reaching out to external networks and even the internet, dramatically adjusting the attack surface.

Understanding and protecting these often-critical environments is of the utmost importance. Tune in as Paul Holland, Principal Research Analyst at the ISF, offers his unique author’s insight into the ISF’s research on protecting ICS, and how collaborating with other teams will enhance the way organisations can protect their key resources.

Protect your data and defend against cybercriminals. Download your FREE ISF cyber security awareness month resource kit today - https://bit.ly/3r0kHPs

Collaborating to Shift Away from Shadow OT

This session focussed on delivering deep insights into the current state of third party cyber risk across a multitude of industries, from media to auto and critical infrastructure.

BlueVoyant conducted independent research across 1500 people located globally and working across a range of industries. 80% of those surveyed said they suffered a breach as a result of a third party while 98% said they do not monitor third party risk daily and 29% of them say they have no way to determine if a cyber risk emerged in a third party. Additionally 59% of companies surveyed in the study have anywhere from over 500 third parties up to 10,000.

Managing distributed risk associated with hundreds and even thousands of vendors, suppliers, and partners is quickly becoming the defining cyber security challenge in today’s increasingly interconnected business environment.

Watch Dan Vasile, Vice President of Strategic Development at BlueVoyant, as he provides a perspective on what can be done to better protect organisations and their supply chains.

Protect your data and defend against cybercriminals. Download your FREE ISF cyber security awareness month resource kit today - https://bit.ly/3r0kHPs

Supply Chain Security - Industry Specific Insights

Supply chain attacks are high on the agenda of the board, but there are no easy fixes to a growing challenge. How do you secure your organisation against cyber threats that take advantage of large, complex and fast-changing supply chains?

Join Benoit Heynderickx, Principal at the ISF, in conversation with Elli Tsiala, Product Manager at ABN AMRO, as they discuss and explore how to:

 - communicate the threat of supply chain attacks
 - categorise and prioritise suppliers according to threats and impacts to the business
 - implement best practices throughout the full supplier management lifecycle.

Elli is a seasoned information security professional with more than 10 years of experience in the sector, specialising in Third Party Security Risk Management (TPSRM). She has developed and led multiple TPSRM programmes for multinational companies across sectors, and is currently working as the Product Owner for TPSRM in ABN AMRO bank, with a global mandate.

Protect your data and defend against cybercriminals. Download your FREE ISF Cyber Security Awareness Month resource kit today - https://bit.ly/3r0kHPs

Countering Supply Chain Attacks: Where next?

As connectivity, devices and applications have advanced over the decades, the volume of information has grown with it.

Security measures, however, have not been considered and implemented at the same accelerated pace at which organisations have digitally transformed; resulting in cyber attacks hitting global headlines and affecting businesses across all sectors day-by-day.

Kicking off the Cyber Security Showcase Week, Steve Dobson highlights how cyber threats are manifesting themselves today, how the resources of the ISF can help, and what we can all do to reduce the risk of cyber attack.

Protect your data and defend against cybercriminals. Download your FREE ISF Cyber Security Awareness Month resource kit today - https://bit.ly/3r0kHPs

Cyber for All: Why cyber is for everyone

As more and more companies connect together, it has never been more critical to understand the risk posed by third-party vendors. If their security posture isn’t up to your standards, it can create a backdoor into your systems that you have no control over. At the same time, companies can easily have hundreds or even thousands of connections with partners and vendors across the enterprise, making cyber security posture verification more than a full time job.

How can companies solve this at scale and reduce the burden this creates on security teams? By using a ratings system. Security ratings provide risk management and security teams with critical information needed to make informed decisions on whether a vendor and their own security posture is sufficient to prevent cyber attacks and ensure information security.

With this in mind, join SecurityScorecard’s Josh Fazio, Sr. Sales Engineer, and Miryam Meir, Senior Director of Product Marketing, as they dive into the topic of security ratings. 

This sponsored webinar will be moderated by Paul Holland, Principal Research Analyst at the ISF.

Cyber Security Ratings Are a Thing, What Do I Do Now?

In 2021 over 90% of security incidents were caused by human error, accidents or negligent behaviour. 

Organisations, however, are quick to ‘blame and shame’ individuals for falling victim to attacks, and continue to provide poorly designed security awareness, training and education activities. Archaic, compliance-led, ‘tick-box’ phishing simulations are slowly being replaced by progressive human-centred initiatives: Organisations are seeing real business value from improving security culture, using innovative ways to transform security behaviour. 

This panel session features Daniel Norman, Regional Director at the ISF, in conversation with:

Marcus Berglund - CISO at Skandinaviska Enskilda Banken (SEB) with more than 25 years of experience in all areas of IT, information and cyber security.

Knarik Avetisyan - Security Awareness & Compliance Specialist at Schibsted with 7 years experience in IT, change management in cyber security and the human side of security.
 
Join this webinar to gain real-world insight into:
- Why security leaders should focus on improving security behaviour and culture
- Best practice for elevating security awareness, training, education and alternative considerations
- How to communicate human elements of security to the board and beyond.

Strengthen Your Security Culture: A CISOs perspective

Third-party cyber risk is not a new concern for organisations. Over the last decade, it has become significantly more of a priority as more complex supply chains and vendor ecosystems are adopted by all sectors and industries.

Moving beyond traditional third-party cyber risk management, BlueVoyant’s Risk Operations Centre (ROC) creates a comprehensive defence for organisations within the most expansive and complex supply chains. The ROC, modelled after traditional Security Operations Centres (SOC), can quickly respond to and provide direct remediation across your third-party ecosystem, offering expert-driven interaction between seasoned analysts and your supply chain vendors.

But how does the ROC actually function, and what can it mean for your organisation? Join us on the 28th July to hear from one of BlueVoyant's ROC analysts, Darin Epling, as he uncovers how the ROC can go beyond simple management and provide comprehensive defence of your vendor ecosystem.

In this webinar, you’ll discover: how the ROC monitors thousands of third parties in order to understand an organisation’s security and risk posture, how analysts create and validate footprints of your extended attack surface to identify risk, the methods used to curate findings and communicate directly with vendors in a supply chain, and how ROC analysts respond to and remediate zero-day vulnerabilities in record time.

Innovating Defence: The life of a Risk Operations Centre (ROC) Analyst

We all know the story. The threat landscape is ever-evolving and security teams have to stay ahead of the curve and protect their networks. But what if we told you that the majority of security investments are failing?  

The reality is that your tools are only good as the data they receive. If you do not have the capability to see exactly what is on your network, then how can you expect your security tools to do what you paid them to do? 

It’s time to illuminate the blind spots and really protect your perimeter. 

Join FireMon on the 21st March, as they cover: 
• the evolving security landscape and the risks facing your organisation today 
• why asset discovery and identification is crucial to securing your environment, for good 
• how to maximise your security tool investments and extract their full value  
• how illuminating your blind spots delivers ROI, prevents breaches, data loss and reputational damage 
• beyond visibility, managing network access correctly.

Illuminate the Blind Spots: Why your security investments are failing

Investment Strategy

Threat Landscape

Threat Detection

Cyber Security

Cyber Attacks

Information Security

Information Risk

Risk Mitigation

Data Loss Prevention

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Illuminate the Blind Spots: Why your security investments are failing

Presented by

About this talk

More from this channel