Name: Preparing for the EU Cyber Resilience Act: A new era for product cyber security
Start: 2025-05-21T10:00:00Z
End: 2025-05-21T10:01:00.000Z
Location: BrightTALK
Rating: 5

A thought-provoking webinar programme developed from over three decades of collaborating with our Members across global business, government bodies, legislators and cyber security experts.

As cyber threats grow, fostering employee awareness and preparedness becomes crucial for overall security.

In this session, Javvad Malik, Lead Security Awareness Advocate at KnowBe4, will delve into the ethical responsibility of organisations to ensure their employees are cyber resilient. He will explore best practices for creating a culture of cyber resilience, including ongoing training and leadership’s role in promoting awareness.

Don’t miss the opportunity – register now to discover how investing in your workforce enhances security and aligns with ethical business practices.


Speaker bio: 

Javvad Malik is the Lead Security Awareness Advocate at KnowBe4 and is based in London. Malik is an IT security professional with over 20 years of experience as an IT security administrator, consultant, industry analyst and security advocate. He is also a multi-award winner and is currently a Guinness World Records holder for the most views of a cybersecurity lesson on YouTube in 24 hours. Malik is passionate about helping people understand the value of cyber security and how every department and individual can play their part. He often educates his audience through blog posts, videos, podcasts and at public speaking events. Malik holds the SACP and CISSP certification.

Is ensuring your people are cyber-resilient the ethical responsibility of the organisation?

Organisations face an increasingly fast evolving regulatory landscape and a multitude of cybersecurity frameworks to help them defend against security threats.

In this interactive session, we will give some practical insights for leveraging the use of cybersecurity frameworks from major international organisations such as ISO, NIST, CSA, PCI DSS and the ISF, to develop a tailored security strategy for large multinational organisations. Discover how integrating diverse standards can enhance security controls and ensure comprehensive protection across global operations.

In this session you will gain practical insights into:
- Framework integration – how to create a robust customised security framework for a multinational organisation
- Pro-active risk management – the importance of adopting a multi-framework approach to identify and mitigate risks across different regions and operational environments.
- Continuous security improvement – strategies for continuously updating and refining your cybersecurity framework by leveraging multiple standards to stay ahead of emerging threats and regulatory changes.

Register now to hear from ISF Principal Analyst Benoit Heynderickx and Aviva’s standards and policies specialist Dave Owen to gain practical insights that will empower your organisation to build a unified and resilient cybersecurity framework.

SOGP: the right unifying compliance framework for your organisation

For today’s CISOs, third-party risk management (TPRM) often feels like a time-intensive, check-the-box process that pulls valuable resources away from strategic priorities.

Join this panel discussion featuring David Stapleton, Chief Trust Officer at ProcessUnity, and Marcello Tomasina, Senior Manager at Accenture Security, as they explore how adopting the “ask once, use many” approach through third-party risk exchanges. Thus, simplify due diligence, reduce redundancy, and empower security leaders to focus on mitigating real risks. Gain practical insights and proven strategies to optimise TPRM processes without compromising thoroughness or effectiveness.

Be part of the conversation and explore how to:

- Instantly perform inherent risk analysis on your entire vendor portfolio
- Incorporate real-time risk [CM1] data into your process to reduce [CM2] questionnaire requests
- Access [CM4] assessment data on large, hard-to-assess third parties that don’t respond to you
- Monitor 100% of your portfolio — not just your critical vendors


Speaker bios:

David Stapleton is the Chief Trust Officer at ProcessUnity, the global leader in third party risk management solutions. With over fifteen years of experience building and leading cybersecurity, risk, and compliance programs across both government and private sectors, David has held pivotal roles at the U.S. Food and Drug Administration, Indian Health Service, and was an early contributor to the development of the FedR AMP program. 
 
Marcello Tomasina is a Senior Manager at Accenture Security, specialised in Cyber Strategy with a focus on Risk Management. He is Accenture Global Lead for Supply Chain Security and he is responsible to coordinate project initiatives, research and development as well as strategic planning for Accenture and its Clients on Third Party Risk Management. During the past years, Marcello led major projects in Private Equity, Financial Services and Public Sector.

Ask Once, Use Many: Optimising Third-Party Risk Management Decisions with Risk Exchanges

Join the authors of ISF’s Threat Horizon 2027, Mark Ward and Richard Absalom, to explore how global developments will remake the threat landscape over the coming years and consider how organisations can prepare.

Key takeaways:
• Evaluate key areas of change that impact every business, from geopolitics to technical development.
• Identify emerging threats and trends related to this changing environment.
• Understand the actions required to prepare for these threats and build a resilient organisation.


Speaker bios: 

Richard Absalom is a Principal Analyst with the Research team. His work involves investigating, clarifying and sharing best practice with ISF Member organisations.

Richard has been with the ISF since 2016 and his research has provided insight into topics as varied as measuring security, mergers and acquisitions, supply chain security, artificial intelligence, security assurance, secure Agile development, mobile app security, and identifying future information risks for the flagship Threat Horizon report series. He also now supervises the quality of all Research products, providing an even wider view across many and varied topics around information security.

Mark Ward is a Senior Research Analyst at the ISF who has been lead author on the last two editions of the flagship Threat Horizon report.

Before joining the ISF, Mark worked as a journalist for a variety of mainstream publications including the Daily Telegraph and New Scientist. He spent 20 years at the BBC covering technology news for the corporation’s website. During that stint in the newsroom, he cultivated a strong interest in all aspects of cyber security – its history, practice and its increasingly criminal focus. That knowledge has been augmented with an understanding of how information security is practiced and the gumption and grit required to help organisations prosper spite of the cyber threats ranged against them.

Grasping for Control: The future threat landscape

Learn about ISF Assure, our holistic security platform that identifies and mitigates key risks to your environment at speed. 

Designed for businesses operating during periods of upheaval and uncertainty, ISF Assure supports security teams that need to stretch their resources further than ever before, prioritising cyber resilience and maintaining operational stability at all costs.

In this session, Avnee Dave, ISF Assure Product Owner, and Alex Jordan, Head of ISF Tools and Methodologies, will walk you through the platform, and demonstrate how you can use ISF Assure to:

• Design effective security controls and assess their implementation
• Enhance vendor management and assessment activities
• Assess and decompose risks in a lightweight, repeatable manner.
• Leverage the broader ISF ecosystem to support ongoing security activities.

With ISF Assure, we will also demonstrate how to custom risk treatment plans, unique to your organisation and control set. By drawing upon the ISF Standard of Good Practice, our unique library of peer-assessed research, and our dedicated consultancy teams,  you will learn how ISF Assure can accelerate your business towards risk mitigation at a speed consistent with the ever-changing world we find ourselves in.

ISF Assure: Solving security with less stress

As adoption accelerates, more than half of organisations lack a clear AI security governance framework – leaving them vulnerable to risks and compliance challenges.

In this webinar author Lee Munson, ISF Principal Research Analyst, will be joined by Richard Absalom ISF Principal Research Analyst and Nikhil Stephen, InfoSec Risk Analyst at Arcadis N.V., to reflect on why AI security governance is struggling to keep up and who should be accountable and responsible for it.

They will also consider why the governance of AI should be integrated within existing governance structures to enable organisations to grasp the opportunities presented by AI and to ensure longer-term success while controlling risks.

AI Security Governance: Seizing opportunities and controlling risks

Living off the cloud attacks are on the rise, with attackers using rapid, cloud-native techniques to escalate privileges, move laterally between environments, and access critical assets more effectively than ever.

In this session, Lauren Place, Product Marketing at Wiz, will present a real-world case study of a "living off the cloud" attack, analysing a step-by-step account of the attack as it unfolded from attacker's perspective. 

We will then switch gears and rewind the attack, explaining how effective cloud detection and response (CDR)  methodologies could — and should — have prevented every step of the attack. Defeating these threats requires powerful centralised visibility and control of all cloud environments and resources. 

Our key takeaways will therefore be tailored to leveraging the best methodologies and tools to take back the initiative and stop even the most sophisticated cloud attacks.



Speaker bio:

Lauren leads product marketing for Wiz Defend, helping organization transform their threat detection & response for the cloud. She has previously held GTM and product roles at Snyk and Digital Shadows (acq: Reliaquest), launching and developing products in the application, cloud infrastructure security, and threat intelligence spaces.

Living Off the Cloud: How to move faster than attackers with CDR

Organisations are operating in constantly uncertain times, with instability around every corner. Suppliers are increasingly important to all businesses to help them maintain their operating status. So, building a resilient supply chain is something that cannot be ignored.

In this webinar, Paul Holland, Head of Research at ISF will highlight why a resilient supply chain is important and some steps you can take to move towards resiliency and grasp back some control in uncertain and changing times. The session will be moderated by Niko Kalfigkopoulos, General Manager at Fractis: An ISF Company. 

Topics covered will include:

• Why having a resilient supply chain is important
• Collaborating for a resilient supply chain
• Ways to deal with single points of failure
• How cyber security teams can support a resilient supply chain
• Monitoring your supply chain to maintain effective operations

Navigating Uncertainty: Enhancing supply chain resilience

How can organisations achieve Better Cybersecurity?

Join Steve Dobson, ISF Head of Operations, as he highlights how organisations can improve their cyber resilience, achieve compliance and gain confidence through effective management of their information security activities.

Key takeaways:
•  Discover how a comprehensive framework of information security controls can simplify compliance.
•  Learn how regularly updated reviews of cyber threats allow infosec teams to stay ahead of latest challenges.
•  Understand  the value of a confidential peer network in validating and supporting cyber security plans.
•  Explore how software tools can accelerate the measurement, management and effectiveness of cyber activity.

This session will highlight many of the challenges that information security teams face to deliver business continuity and ensure operational resilience, based upon decades of business collaboration from ISF Members.

Better Cybersecurity with ISF: Pivoting in times of instability

How prepared is your organisation for the NIS2 regulation?

According to a recent report by Statista, cybercrime ranks among the most prevalent and damaging offenses in Europe, making it crucial for organisations to stay ahead of threats and compliant with new regulation.

The NIS2 Directive emphasises the importance for companies across various sectors in the EU to implement and maintain robust cybersecurity and risk management practices within a unified framework.
In this webinar we will guide through achieving compliance with the ISF Standard of Good Practice for Information Security, ensuring your organisation meets the new NIS2 requirements seamlessly.

What will be covered in this webinar?

• Gain a deep understanding of the fundamental aspects of the NIS2 legislation.
• Explore the unique challenges and harmonisation efforts across various EU countries.
• Learn how a unified approach to cybersecurity and risk management can significantly enhance your organisation’s preparedness and compliance.

This session will feature ISF experts Benoit Heynderickx and Luka Ivezic who will discuss how organisations and regulators are navigating NIS2 compliance and how ISF resources can support successful implementation of the directive’s requirements

Achieving NIS2 compliance with the ISF SOGP

Despite Secure Email Gateways (SEGs) embracing AI, phishing still reaches the inboxes of users. Therefore, employees need to be able to identify attacks, a skill they can learn with proper training. 

Join James Hickey, Senior Product Marketing Manager - Cofense, for this session to find out why trusting a technology-only approach to email security can leave you dangerously exposed:

• Discover why technology alone cannot fully detect or prevent phishing.
• Understand why combining technology and human expertise is vital in better threat detection and prevention.
• Learn some of the risk mitigation strategies you should be adopting to prevent a breach.
• Offensive AI vs Defensive AI: What you should know.

Speaker bio: 

As Senior Product Marketing Manager for Cofense, and following 8 years in Sales Engineering for Cofense covering EMEA, James is an expert in helping organisations understand how they can better defend against and mitigate, phishing attacks, drawing on 26 years of experience in IT, in both software Sales & Pre-sales for various software vendors and delivery/implementation within IT Services companies.  James earned a BSc in Information Systems Management from Cranfield University, is a Member of the British Computer Society, a Chartered IT Professional and is recognized by the UK Engineering Council as a Chartered Engineer.

From Phishing to Deepfakes: Staying Ahead in AI-Powered Cybercrime

29% of CEOs and CISOs admit their organisations are unprepared for a rapidly changing threat landscape, highlighting the critical need for a proactive and inclusive approach to cybersecurity.

During this session Javvad Malik, Lead Security Awareness Advocate at KnowBe4, will guide you on how to make security awareness more than just a corporate checkbox. It’s about creating a culture that your team genuinely embraces. Javvad discuss how to turn cybersecurity from a rigid obligation into an engaging, collaborative effort that fosters both security and productivity.

Key takeaways:

- Discover real-world success stories and tools that make security awareness engaging and effective.
- Learn strategies to protect your organisation without overwhelming your team.
- Create an approach that resonates with employees and fosters long-term security habits.


Speaker bio 

Javvad Malik is the Lead Security Awareness Advocate at KnowBe4 and is based in London. Malik is an IT security professional with over 20 years of experience as an IT security administrator, consultant,
industry analyst and security advocate. He is also a multi-award winner and is currently a Guinness World Records holder for the most views of a cybersecurity lesson on YouTube in 24 hours. Malik is passionate about helping people understand the value of cyber security and how every department and individual can play their part. He often educates his audience through blog posts, videos,
podcasts and at public speaking events. Malik holds the SACP and CISSP certification.

Cultivating a Security-Conscious Culture Without Undermining Employee Morale

In this session, we will explore how the ISF Standard of Good Practice for Information Security (SOGP) and its related tools and resources can support organisations on their compliance journey. Since 17th January 2025, organisations operating in financial services in the EU must demonstrate compliance to the Digital Operational Resilience Act (DORA), and we will explain how to best prepare and demonstrate compliance. 

Join ISF experts Benoit Heynderickx and Martin Tully as they guide you through: 

• A comprehensive approach to building a policy framework centred on governance and resilience
• A case study demonstrating how the ISF can support organisations in successfully implementing DORA compliance.

Speaker bios 

Benoit Heynderickx is a Principal Analyst at the ISF and project lead for the ISF Standard of Good Practice for Information Security. With a wealth of information security know-how, he is also regularly involved in specialised topics such as supply chain, cloud security and quantitative risk analysis. 

Martin Tully is a Consultant at the Information Security Forum (ISF) with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance (including the ISF’s Standard of Good Practice) and risk analysis methodologies, such as IRAM2.

Achieving DORA compliance with the ISF SOGP

With supply chain threats rising in complexity, securing vendor ecosystems has become critical to resilience. Join Bitsight Co-Founder and Chief Innovation Officer Stephen Boyer and Christoph Schacher, CISO at Wienerberger AG, for an expert discussion moderated by ISF.

This session will explore actionable strategies for managing supply chain risk and achieving alignment across stakeholders, from executives to vendors. Drawing on real-world insights, innovative approaches, and global data, such as Bitsight's latest research and ENISA’s findings, our panel will highlight how organisations can protect their operations while driving sustainable growth.

Key Takeaways:

• Understand evolving supply chain risk dynamics and trends in cybersecurity investments.
• Discover practical solutions for assessing and mitigating third-party risks.
• Learn how top companies like Wienerberger are achieving cyber resilience in an era of expanded attack surfaces, as stricter regulations like NIS2 are being enforced.

Secure your spot for this timely conversation and participate live for exclusive insights and interactive Q&A with our esteemed speakers.

Securing the Supply Chain: Navigating Risk and Regulatory Demands in an Interconnected World

As we close out 2024, a year marked by unprecedented change and disruption across the world, the question arises: are we set to see more disruption in 2025?

With increasing potential for sophisticated AI cyber-attacks, escalating geopolitical unrest, and the tech industry under intense scrutiny from regulators, organisations must start rethinking their strategies. Security teams will need to stretch their resources further than ever before, prioritising cyber resilience and threat mitigation while maintaining operational stability and addressing staff concerns amidst economic uncertainty.

To prepare security leaders for the challenge ahead and help them align their cyber security strategies with business objectives, Chief Executive of the ISF Steve Durbin returns to the virtual stage to deliver our annual Emerging Threats webinar. Secure your place for early insight into the prominent information security threats to expect in 2025 and crucial guidance on how to prepare.

ISF Annual Threat Update: Emerging threats for 2025

Moving your infrastructure to the cloud is primarily a business decision, or a choice made by IT managers who have decided to rationalise (not necessarily simplify) their infrastructure by moving to the cloud.

Some have chosen to do so by moving all or part of their applications, depending on how business-critical they are, or quite simply to (possibly) reduce operating costs.

During this webinar, Bernard Montel – EMEA Technical Director and Security Strategist at Tenable will cover: 

• The cyber threat context 
• The main risks associated with cloud exposure 
• The evolution from vulnerability management to exposure management (including cloud exposure)


With over 20 years in the security industry, Bernard Montel is Technical Director at Tenable. His expertise includes cryptography, Identity & Access Management, and SOC domains. Bernard has published numerous articles and is regularly invited to speak about cybersecurity providing insight into current cybersecurity threats, cyber risk management, and cyber exposure.  

Before joining Tenable, Bernard held the position of EMEA Field CTO for RSA, where he played a leading role within its Threat Detection & Response department. He has significant experience advising both large and medium size organizations on cybersecurity best practices.  

Bernard holds a Master of Science in Network and Security and a Master 2 degree in Artificial Intelligence.

You moved your infrastructure to the Cloud - Do you know your Cloud Exposure?

AI is being adopted simultaneously into different digital platforms. In this new era of hyper-connectivity and digital transformation, once trusted traditional cyber security paradigms need a zero trust makeover.

Therefore in this era of commoditised AI, there needs to be a rethink of what it now means to be secure and how to deal with both the advantages of AI and the risks to cyber resilience. 

This session will address:
• Signs of the times - the new risks
• Key challenges for CISOs and cyber managers
• How to overcome key challenges
• How to contain a breach
• How to plan for business continuity



Michael has over 20 years’ experience in networking and cybersecurity. He is Director of Systems Engineering where he is responsible for overseeing the EMEA go-to-market systems engineering team.   Michael is an accomplished public speaker, regularly speaking at conferences and webinars. He holds a MSc in Network Systems Engineering and a BSc in physics in addition to several cyber industry certifications.

Good AI Gone Bad - A Zero Trust Story

ISF Cyber Security Showcase Week - May 2025

The EU Cyber Resilience Act (CRA) is here — and it’s going to change how we build, sell, and maintain digital products in Europe. With new rules around product cybersecurity, vulnerability reporting, and compliance documentation, companies now have a clear deadline: get ready by 2027. 

This session will cut through the noise and give you a practical look at what the CRA actually requires, what’s changed over the past year, and where the biggest challenges (and a few headaches) are likely to show up. If you make, import, or sell connected products, software, or hardware in the EU, this session is for you. 


Speaker bio: 

Luka Ivezic is an Advisory Services Lead for Cybersecurity Regulations & Emerging Technologies at the Information Security Forum (ISF). With a deep background in cybersecurity strategy, critical infrastructure protection, and regulatory compliance, Luka helps organisations navigate the complex intersection of technology, business, and regulation.

In his role at ISF and through years advising both public and private sector clients, Luka has been closely involved in tracking and interpreting the EU Cyber Resilience Act (CRA) from its early drafts through its finalization. His practical, real-world approach helps companies understand not just what the CRA demands, but how to realistically prepare for compliance amid shifting standards and technical challenges. Luka brings a mix of regulatory insight, cybersecurity expertise, and business pragmatism to every conversation about product security in the digital age.

Preparing for the EU Cyber Resilience Act: A new era for product cyber security

Cyber Attacks

Compliance

Regulations

EU Regulation

Risk Management

Information Security

Information Governance

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Preparing for the EU Cyber Resilience Act: A new era for product cyber security

Presented by

About this talk

More from this channel