Name: Understanding and Addressing the Challenges of CISA's KEV Catalog
Start: 2024-07-18T09:00:00Z
End: 2024-07-18T09:01:30.000Z
Location: BrightTALK
Rating: 0

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.

Bitsight’s universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight’s integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis. 

Bitsight is on a mission to free the global economy from the material impact of cyber incidents. For more information, visit bitsight.com.

Join us for an informative webinar with Bitsight speakers Vanessa Jankowski, SVP of Third Party Risk Management, and Greg Keshian, SVP of Security Performance Management, as they explore key findings from the 2023 KuppingerCole Leadership Compass Report for Attack Surface Management with John Tolbert, Director of Cybersecurity at KuppingerCole Analysts. In today's interconnected digital landscape, managing your exposure strategy for your infrastructure and your supply chain is paramount. We'll discuss strategies to fortify cybersecurity defenses and minimize risks.
Webinar Highlights:
• Expert Insights: John Tolbert, author of the Leadership Compass on Attack Surface Management, will provide valuable insights on the current state of the art in this field.
• Interactive Q&A: Engage with our experts in a live Q&A session to address your questions.
• Practical Takeaways: Leave with actionable steps to enhance your organization's cybersecurity.
By attending, you'll gain a clearer understanding of how to strengthen your cybersecurity defenses. Register now to redefine your organization's attack surface management strategy.

Maximize Attack Surface Management: Insights from KuppingerCole"

In the rapidly evolving landscape of cyber threats and regulatory demands, understanding NIS2 is more crucial than ever for organizations striving to safeguard their digital domains. As this Directive sets new benchmarks for cybersecurity and resilience, it's imperative for businesses to comprehend its requirements and harness them for strategic advantage.
 
This forward-looking webinar is designed specifically for CISOs, Risk, Compliance, and Supply Chain professionals. It aims to demystify the intricacies of NIS2 and illuminate the pathway to compliance. 
 
This session promises actionable insights and strategic advice to enhance your organizational resilience. Join us to transform regulatory compliance into a competitive edge in the digital age.

Key Takeaways:
- Understanding NIS2—Dive deep into the different facets of the NIS2 Directive to gain clarity on its implications for your business.
- Strategic Support — Learn how Bitsight and Moody’s uniquely position your organization to navigate the NIS2 landscape with confidence.
- Actionable Next Steps — Receive tailored guidance on taking proactive steps towards compliance, ensuring your organization's resilience and security in the face of emerging cyber threats.
- Thought Leadership—Benefit from the thought leadership of industry experts, who will provide you with the knowledge to educate your market and stake a leadership position in the digital economy.

Note:
By registering for this webinar, you consent to share the requested information with BitSight Technologies, Inc. ("Bitsight") and Moody’s to receive email and phone communications for sales and marketing purposes. For more information please see Bitsight’s <b><a href="https://www.bitsight.com/privacy-policy" target="_blank">Privacy Policy</a></b> and <b><a href="https://www.moodys.com/Pages/Event-Terms-and-Conditions.aspx" target="_blank">Moody's Terms and Conditions</a></b>. You understand you may unsubscribe at any time.

Empowering Resilience in the Digital Age—Navigating NIS2 with Bitsight & Moody’s

Join experts from Bitsight, Google, and Salesforce for a discussion on the current state of cybersecurity performance and how it impacts third-party risk management and cyber risk in general. 
This conversation comes shortly after Bitsight and Google collaborated to study global organizational performance across the Minimum Viable Secure Product (MVSP) framework, a minimalistic security checklist for B2B software and business process outsourcing suppliers. 
The findings?
• There are critical areas where organizations are falling short across MVSP security controls.
• An industry we expected to be a leader in improvements is actually lagging behind the macro improvements we observed. 
• There’s good news! Every industry in 2023 has a high Pass rate for 10 of the 16 MVSP controls we studied.  

Join us for a discussion between Stephen Boyer, Founder at Bitsight, Chris John Riley, Staff Security Engineer at Google, and Marat Vyshegorodtsev, Lead Security Engineer, Enterprise Security at Salesforce, moderated by Jeff Barnett, Senior Director, Strategic Alliances at Bitsight, as they cover the research, the importance of security frameworks, and discuss how you can empower your organization’s cybersecurity strategy to combat the latest risks.

Cyber Risk in 2024: Combatting Third-Party Risk

In an era of increasingly sophisticated cyber threats, the synergy between regulatory compliance and cutting-edge technology is essential for minimizing risks and ensuring the security and resilience of our digital landscapes.

The NIS2 Directive emerges as a compliance requirement and a pivotal transformation in protecting the digital economy. This webinar invites you to explore the expansive influence of the NIS2 Directive, which extends its safeguarding canopy beyond the confines of individual organizations to encompass the entirety of their supply chains. 

Join us to get actionable insights, strategies, and a fresh viewpoint on leveraging compliance as a foundation for building organizational resilience and achieving success.

The session will cover:
- Leveraging NIS2 and impending regulations for business growth.
- Strategic approaches to secure investment and assemble an effective team.
- Key action steps for navigating the compliance journey successfully.

Using NIS2 and other Regulations to create a Competitive Advantage

Face à l'évolution des cybermenaces, l'intégration de la conformité réglementaire et de la technologie devient cruciale pour atténuer les risques et garantir la sécurité et la résilience.

 

La directive NIS2 n'est pas simplement une case à cocher - elle représente un changement radical dans la manière dont nous protégeons notre économie numérique. Rejoignez-nous pour découvrir sa portée, bien au-delà des frontières de votre organisation, en déployant un bouclier de protection à l'ensemble de votre chaîne d'approvisionnement. Obtenez des informations, des stratégies et une nouvelle perspective sur la façon dont la conformité peut être un tremplin vers la résilience et le succès de l'organisation.
Rejoignez-nous pour en savoir plus:
✅ L'impact de NIS2 sur votre organisation;

✅ Principaux défis et avantages du processus;

✅ S'attaquer plus efficacement à la gestion des risques de la chaîne d'approvisionnement avec le NIS2.

Comprendre et se préparer à la directive NIS2: éléments d'information essentiels

More than 80%  of employees are using software applications that haven’t been approved by IT. 

What else is hiding in your environment?

Businesses today are using an unprecedented number of tools and apps in their day-to-day operations—and the ones you don’t know about could put a significant strain on your cybersecurity efforts. 

Join us on for a live discussion about Shadow IT and other hidden risks that could be lurking within your organization. 

In this session, you’ll learn about:

● Types of hidden risks that can compromise your business
● Ways to discover and monitor unknown vendors that have access to your network 
● Key components of a strong Shadow IT risk management policy
● Practical advice to help leaders take action and respond to these challenges

Hiding in Plain Sight: Combatting Shadow IT

Lack of resources and expertise is holding many Third-Party Risk Management (TPRM) programs back. As more vendors enter your network, you need to scale and manage your growing third-party ecosystem while meeting regulatory requirements—and proving business value.

Join us as we explore how complementing your existing technology stack with managed services can supercharge the efficiency and efficacy of your TPRM initiatives. We will provide insights into process automation and analytics to not only reduce operational burdens, but also expand the depth and breadth of your risk mitigation efforts.

You will learn about:
- Strategic partnerships for managed services that can accelerate risk assessments, continuous monitoring, and reporting.
- How to keep up with regulatory changes with technology-driven solutions and expert advice on compliance.
- Practical insights from real-world case studies and best practices, illustrating successful implementations of technology and managed services in TPRM.

Harnessing Technology and Managed Services for TPRM Success

Join us for an exclusive discussion designed to empower your organization with insights into cybersecurity and risk trends. Bitsight executives will share their expectations for 2024, helping you stay ahead in the evolving landscape.

By attending this webinar, you will uncover:
• Expert predictions on GenAI, supply chain risk, and new attack vectors
• The expanding role of the CISO within the enterprise
• The impact of new cybersecurity regulations in the US and Europe
• New strategies to assure stakeholders
• … And much more!

Prepare your organization for the cybersecurity landscape of tomorrow. Reserve your spot now and be ready to face the future with confidence!

2024 Cybersecurity Predictions

No company is an island anymore, and enterprises typically have hundreds and even thousands of vendors. To complicate the matrix of interconnectivity, most companies are themselves within the supply chain, or at a minimum, clients for businesses, including cyber insurers. Organizations struggle to understand the risks within their supply chain because of a lack of transparency beyond their own organization, and often don’t have a good sense of their own security posture or the effectiveness of their controls.
In this session, join Chris Poulin, Director of Technology and Strategy and Deputy CTO at Bitsight, to learn how to:
• Assess the security program and controls of your vendors using observable data;
• Manage your cybersecurity reputation as a competitive advantage;
• Right-size your insurance limits and premiums.

Glass Doors Make Everyone More Secure

Les attaques via la supply chain étant devenues de plus en plus fréquentes au cours des dernières années, les organisations doivent mettre leurs tiers sous les feux de la rampe afin de prévenir les attaques et d'améliorer leur propre position en matière de cybersécurité. L'augmentation des piratages de tiers montre à quel point il est important d'avoir une visibilité sur l'ensemble de la chaîne d'approvisionnement - y compris les fournisseurs des fournisseurs - et d'en atténuer les risques.

Rejoignez-nous pour une présentation des bonnes pratiques de gestion du risque tiers dans la cyber, y compris :
- Un retour sur quelques scénarios types récents et les leçons que l'on peut en tirer
- La mise en place de workflow automatisé d'évaluation et de questionnaires pour gérer efficacement ce risque à grande échelle.
- Pour aller plus loin : des outils pour aider la réponse à incident sur la supply chain

Bonnes pratiques pour préparer et sécuriser votre supply chain

In today’s economic environment, nearly every department in every organization across the globe is being challenged to do more with less. Meanwhile, digital footprints continue to grow and sprawl and cyber attackers look to take advantage of vulnerable infrastructure. Organizations need to assess how they can be more resourceful as they look to maintain a best-in-class cyber risk program and continue to meet business expectations. 

The first step to managing your cyber risk program is to have full visibility of your organization’s extended attack surface and the risk that comes with it. And, you need the ability to communicate your strategy and program performance to stakeholders like the Board – this is more important than ever with the adoption of new SEC Regulations.

Join Gregory Keshian and Vanessa Jankowski as they dive into:
● How to maximize the value of your organization’s current tools while fending off cyber threats
● How continuously monitoring your extended attack surface can help identify priorities to reduce exposure and secure your infrastructure
● The importance of communicating effectively with the Board and how to speak their language
● Driving accountability both internally and externally, and how recent changes to SEC regulations may have an impact

Optimizing Returns from Your Cyber Risk Program

Upcoming regulations like DORA, PS21/3, and NIS2 are not mere compliance checkboxes—they represent a seismic shift in how we safeguard our digital economy. Join us as we uncover how these directives reach far beyond your organisation's boundaries, extending the protective umbrella over your entire supply chain. You will gain insights, strategies, and a renewed perspective on how compliance can be a stepping stone towards organisational resilience and success.

Join us to learn more about:
- What changes in these regulations;
- What processes does it impact;
- Why should you care;
- How can that benefit you; 
- How can you leverage the regulations to make cyber risk a business conversation?

Is your organisation ready for the new cyber regulations in the EU and the UK?

Changes in the cyber risk landscape have led to an increase in vulnerabilities affecting the digital supply chain and an elevated level of scrutiny from business leaders, regulators, and other influencers.

Zero-days reflect a specific type of vulnerabilities within this broader trend, and one that often comes with high demands on cyber security and third-party risk management teams. The reason is clear – for these vulnerabilities, organizations have had “zero days” to work on a patch or a fix, which leaves them open to exploitation by motivated bad actors.

At Bitsight, our goal is always to provide timely, actionable evidence for customers dealing with zero-day vulnerabilities.

Join us to learn more about: 
- How to detect, manage and mitigate vulnerabilities with speed;
- Exposure management across your portfolio;
- How to scale and improve your response to vulnerabilities across your supply chain.

Improving Vulnerability Detection and Response Across your Supply Chain

Cybersecurity leaders face various challenges in protecting their organization's digital assets from cyber threats. With the rise in cloud infrastructure, internet-connected devices, and third-party vendors, the attack surface has expanded, and the number of vulnerabilities and risks has increased dramatically. This has led to enormous pressure from stakeholders, including executives, board members, customers, business partners, regulators, insurers, and investors, to ensure the organization's protection.

Despite the risks, recent BitSight research revealed that the average vulnerability remediation rate is only 5 percent per month, which is concerning given the criticality of vulnerability management in reducing the likelihood of a cyber incident.

During this session, we'll explore these key issues: 

● The current cybersecurity landscape 
● How cybersecurity leaders can improve awareness of their organization's digital assets and risks 
● How to strengthen vulnerability and exposure management programs 
● Creating trust among critical internal and external stakeholders. 

Join BitSight’s Vice President of Government Affairs, Jacob Olcott, as he shares innovative and comprehensive solutions that can help cybersecurity leaders identify their attack surface, enhance their vulnerability management programs, and communicate their success to stakeholders effectively.
Don't miss this opportunity to gain valuable insights and strategies to reduce organizational risk and foster a culture of trust in an insecure world.

Creating Trust in an Insecure World: Strategies for CISOs

BitSight’s research team works tirelessly to discover vulnerabilities that pose threats to organizations. Most recently, Pedro Umbelino, Principal Security Researcher at BitSight, uncovered thousands of organizations using internet-facing and exposed webcams. His findings? One in 12 BitSight-tracked organizations with internet-facing webcams and/or similar devices are susceptible to video and/or audio compromise. 

An exclusive Tech Talk where Pedro will discuss: 
● Our webcam vulnerability research - his approach and findings 
● Its potential risks and consequences, and 
● How organizations can better protect themselves.

Tech Talk: Decoding the Latest Research with Bitsight

A new set of Regulations is being implemented around Europe and UK, bringing a consistent, harmonised regulatory approach that is affecting specifically (but not only) the Financial industry and the Information and Communications Technology (ICT) entities deemed critical due to their pivotal role in today’s digital economy.

The goal is to reinforce the EU and UK digital economy with operational resilience. However, many companies need help finding themselves lost in translation as they see this new mandatory compliance wave coming their way.

Join us to learn more about:
- How the new regulations build on top of previous ones (that you may already be compliant with);
- What changes with the new regulations;
- What processes are impacted; 
- When will you need to be ready?

A recap on DORA,  PS21/3 Regulations on Cyber Resilience and what to expect next

The Known Exploited Vulnerabilities (KEV) catalog, curated by CISA, is a critical resource for cybersecurity and IT professionals aiming to prioritize risk and drive efficient remediation within their organizations. With vulnerabilities growing by an average of 17 new entries per month, understanding the catalog's structure and leveraging its data is paramount for enhancing cyber defenses. Our upcoming webinar dives into the intricacies of the KEV catalog, its impact on various industries, and the effectiveness of remediation efforts based on recent comprehensive studies.
In this webinar, you will gain:
• Insight into the KEV Catalog’s Growth and Criteria: Learn about the criteria for inclusion in the catalog and the trends observed in its expansion.
• Industry and Geographical Variations in KEV Prevalence: Discover how KEV rates vary across different sectors and regions, revealing critical insights for targeted cybersecurity strategies.
• Challenges and Strategies in KEV Remediation: Understand the real-world challenges organizations face in meeting remediation deadlines and explore strategies that have led to successful compliance.
Staying ahead of cyber threats requires more than just reactive measures—it demands a proactive approach informed by reliable data and robust analysis. Join our webinar to learn to enhance your organization's security posture.

Understanding and Addressing the Challenges of CISA's KEV Catalog

#ExploitedVulnerabilities

#theKEVCatalog’s

#cybersecurity

#remediation

#real-worldchallenges

#cyberthreats

#securityposture

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Understanding and Addressing the Challenges of CISA's KEV Catalog

Presented by

About this talk

More from this channel