Name: The CISO Maturity Model: Building a Cyber Strategy
Start: 2023-07-26T09:58:00Z
End: 2023-07-26T09:58:18.000Z
Location: BrightTALK
Rating: 0

Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
 
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on December 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of November 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, November 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, December 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on November 14, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of October 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, October 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, November 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on October 10, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of September 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, September 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, October 2024

For nearly 20 years, Federal agencies have been attempting to quantify, prioritize and respond to vulnerabilities and misconfigurations using largely the same set of core technologies. These technologies have consistently led to inconsistent FISMA configuration management findings for many Agencies, commonly resulting in deficiencies in timely vulnerability detection and remediation, due to slow scanning architectures and siloed processes.  FISMA M-24-04 introduces additional requirements, beyond traditional IT, to identify and quantify risk associated with IoT and Operational technologies.

The Qualys TruRisk Platform brings a fresh perspective to helping organizations achieve FISMA compliance. By integrating attack surface management, continuous vulnerability discovery, and integrated remediation customers are able to more effectively facilitate compliance with Federal outcomes, and to lay the foundation for Zero Trust.

Join Qualys public sector experts as we discuss Federal directives and mandates, challenges and strategies for achieving compliance outcomes. You’ll learn:
<ul>
<li>How to achieve comprehensive asset visibility across your entire attack surface, including IT, IoT, OT, and external assets.</li>
<li>Strategies for risk-based vulnerability management and prioritizing remediation efforts to protect your High Value Assets (HVAs).</li>
<li>Best practices for implementing continuous monitoring and automation to stay ahead of emerging threats and maintain a robust security posture. </li>
<li>Ways to support Zero Trust Architecture principles and establish granular access controls to minimize the risk of unauthorized access and data breaches.</li>
</ul>
Don't miss this opportunity to gain valuable insights and practical guidance on aligning your cybersecurity program with the latest directives and better securing your organization's attack surface.

Improving FISMA Outcomes with Qualys

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on September 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of August 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, August 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, September 2024

Many requirements for PCI DSS 4.0 went into effect in March 2024, with the balance going into effect by March 2025. Are you audit -ready? There are 64 new requirements, including internal authenticated vulnerability scans, the ability to discover assets such as databases and middleware, file access management, web application vulnerabilities, and agentless network support. These and many other critical capabilities are now required to prevent security breaches, audit failures, and litigation. The expanding PCI requirements increase the complexity of achieving PCI compliance and command a streamlined and centralized platform approach. 

Join guest speakers Elie Abouzeid, AVP Information Security at DentaQuest and PCI Internal Security Assessor (ISA), and Adam Bush from Schellman along with technical experts from Qualys, for an informative webinar event on Tuesday, August 20, 8 AM PT as they discuss industry trends and new attack vectors, as well as why customers are switching to Qualys from other solutions. 

Here’s what you will learn:

• What the latest PCI changes are and how they impact security teams
• What are the challenges many organizations face with the new requirements
• How organizations achieve PCI Compliance without adding too much complexity
• How to effectively discover misconfigurations and middleware
• What the new requirements are for internal versus external vulnerability scanning
• What is required to reduce alert fatigue and streamline IT costs
• The importance of  file reputation and trust status for PCI effectivness
• The role that web applicatation scanning will have in achieving PCI DSS 4.0 Compliance

PCI DSS 4.0: Are You Ready for the New Requirements?

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on August 15, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of July 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, July 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, August 2024

Join us as we share best practices on how organizations of every size can significantly reduce risk.

This session will cover:

Discover the steps needed to improve your communication with IT and ensure that you haven’t deployed one patch too many that resulted in unnecessary downtime
Learn how to automate patch management where it makes sense
Attendees gain actionable insights and practical strategies for aligning IT and security teams, optimizing resilience, and minimizing security risks across your organization.

Proactive Risk Mitigation Through IT and Security Alignment

Understanding and mitigating cybersecurity risks is crucial for patient and organizational security in the healthcare sector. Join Derek Fisher as he explores the concept of exploitability and its impact on healthcare organizations. Learn how to identify and prioritize vulnerabilities by focusing on their actual risk to your organization. This session will cover:

Balancing risk by using exploitability to determine which vulnerabilities need immediate attention.
Building efficient workflows for remediation, ensuring critical vulnerabilities are addressed promptly.
Overcoming challenges in healthcare, such as limited budgets, legacy systems, and low-tech adoption.
Discover how a strategic patch management approach can enhance healthcare security and operational efficiency.

Mitigating Risks in Healthcare: The Role of Exploitability in Patch Management

Learn how this leader in the private aviation space has strengthened its defenses, eliminated 100,000 vulnerabilities, and achieved a 35% reduction in cyber insurance costs while boosting operational efficiency.

Key Takeaways:

Automation in Cybersecurity: Discover how we utilize automation tools for efficient vulnerability detection and management, enhancing overall security processes
Vulnerability Reduction Strategies: Gain insights into the advanced scanning tools, integrated security platforms, and predictive analytics that have significantly decreased our vulnerabilities
Cost Reduction Methods: Understand the correlation between improved security measures and reduced cyber insurance costs through proactive risk management
Register now to explore this proactive cybersecurity approach and learn how to enhance your organization’s security posture in an ever-evolving threat landscape.

Building A Culture of Communication and Resilience

Traditional EPP often fall short as cyber threats evolve. Join industry expert Adam Gray from Novacoast to explore critical cybersecurity challenges modern organizations face and discover how advanced solutions can strengthen your defenses.

The financial impact of cybercrime, comprehensive data collection for threat detection, and browser and endpoint security.
The effectiveness of AV/EDR solutions, supply chain vulnerabilities, and essential data for improving security posture.
Learn how to transform your cybersecurity strategy for robust protection and enhance your organization’s resilience.

Your Tools Are Failing: Navigating the Fine Line Between Success and Vulnerability

Hybrid workplaces are now the norm, presenting new daily cybersecurity challenges. Managing 300,000 endpoints and 20,000 services globally, one organization ensures their data and brand remain secure amid rising malware and ransomware attacks. Join us for a fireside chat between Satish Machaiah, Associate Practice Manager, and Jonathan Trull, CISO & SVP Customer Solutions Strategy at Qualys, to explore how defenses have been fortified, vulnerabilities eliminated, and cyber insurance costs reduced through strategic automation and seamless IT-security collaboration.

Key Takeaways:

Integrated Security Strategies: Gain insights into aligning IT and security teams, fostering a unified approach to reducing vulnerabilities.
Building a Security Culture: Learn how to cultivate a robust security culture, enhancing overall resilience.
Automation in Cybersecurity: Discover how leveraging patch management can remediate 80 to 85% of critical security updates within 4 to 5 days.
Cost Reduction Methods: Understand how proactive risk management and enhanced security measures can significantly reduce cyber insurance costs.
Join us to explore a forward-thinking cybersecurity approach, the journey in building a cohesive security culture, and how your organization can enhance its security posture in an evolving threat landscape.

Scaling Security: Managing 300,000 Endpoints and Remediating 85% of Threats in 5 Days

Patch management is a continually shifting target that requires IT and Security teams to align their priorities—a task easier said than done. Merely conducting scans and passing the information to another department, expecting them to take action, is untenable. Therefore, CISOs and CIOs need an actionable, risk-based approach to reduce the risk of exploitable vulnerabilities and prioritize their most critical assets within their digital environments.

Don't miss this unique opportunity to hear industry experts share their best advice on what IT and security leaders need to know to protect their entire IT environment from growing threats through effective patch management.

Key topics:
• Enhancing Federal Browser Security
• The ROI of Patch Management
• Aligning ITOps & Security Priorities
• When Patching Isn’t Enough

Join us at the next Cyber Risk Series to learn how to protect your entire IT environment from growing threats with effective patch management.

Cyber Risk Series: To Be, or Not To Be? Patch is the Question

Proactive patch management is crucial for balancing threat mitigation and business continuity. Reactive patching exposes organizations to vulnerabilities and disrupts operations.

In this session, Sean will discuss approaches to integrating risk assessment with patch management to achieve:

A comprehensive approach to identifying and prioritizing vulnerabilities
Streamlined communication between IT and security teams
Strategic decision-making on when and when not to patch, minimizing business disruption
Analyze industry data on patching to evaluate its effectiveness and impact
Discover how this risk-based framework ensures sustainable, effective patch management, aligning IT operations and security priorities to stay ahead in a constantly evolving threat landscape.

Balancing Risks, Rewards, and Remediation

Five years ago, Sumedh Thakar revolutionized the industry by merging vulnerability management with patching, enabling organizations to streamline and expedite threat remediation. Now, he’s back to kick off the Cyber Risk Series with groundbreaking new strategies to further reduce risk exposure. Are you wondering what innovative solutions he has in store? Don’t miss this captivating session to find out!

Unlocking New Frontiers in Cyber Risk Elimination

83% of all web traffic today is API traffic due to growing cloud workloads supporting everything from process automation to app development. Furthermore, regulatory and compliance pressures are mounting, with GDPR violations leading to fines of up to 4% of annual global turnover as of 2023. Simply put, AppSec technology has not kept pace with the demands of business today. Not anymore.

On July 25th, Kunal Modasiya, Vice President of Product Management, joins us to unveil how Qualys WAS is modernizing web app and API security with AI-powered scanning, comprehensive asset discovery & inventory, targeted risk-based remediation actions, deep learning-based web malware detection, LLM security and much more. Join this must-see event to learn how we’re doing this with WAS and API security. 

Join this live event to come away with:
1. What advances have been made to Qualys WAS for modern web app & API security 
2. How we’re leveraging AI-powered scanning and deep learning-based web malware detection 
3. New and improved integrations across popular CI/CD tools like Bamboo, Jenkins, Azure 

Register Now!

Breaking the mold: Modern, AI-powered web app & API security with Qualys TruRisk

Qualys proudly announces Container Runtime Security 2.0, an advanced security solution for containerized environments. This release enhances visibility, real-time threat detection, and automated response, ensuring robust protection for dynamic container infrastructures. Key features include:

• Enhanced Visibility: Comprehensive insights into container behavior, including file, process, and network monitoring to detect malware download, malware launch, and malware spread, ensuring proactive threat detection and response.
• Real-Time Threat Detection: Machine learning-based threat identification and response, encompassing EDR-like capabilities customized for cloud-native workloads, with features for malware detection, secret detection, and cloud-native IDS capabilities.
• Automated Response: Immediate actions to mitigate threats, including isolating or shutting down compromised containers, removing malware, blocking malicious traffic, initiating forensic analysis, redeploying clean instances, live patching, and blocking harmful system calls.
• Compliance Assurance: Tools for adherence to industry standards such as GDPR, PCI DSS, HIPAA, NIST, FedRAMP, and SOC 2, ensuring simplified audits.
• Seamless Integration: Smooth integration with DevOps workflows and CI/CD pipelines, including Container Vulnerability Response integration with ServiceNow and Jira for streamlined incident management and issue tracking.

Container Runtime Security 2.0 empowers organizations to innovate securely, safeguarding their digital assets against evolving threats.

Join us July 18th to experience a significant advancement in container security, equipping businesses with essential tools for real-time protection and compliance.

AI-Powered Container Runtime Security: Strategies & Solutions for Modern Threats

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on July 11, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of June 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, June 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, July 2024

Attack Surface Management with an Attacker’s and Defender’s View

Fireside Chat: ASM & the Zero-Trust Connection

Defining the Attack Surface: A CISO’s Perspective

Attack Surface Management Matters

Navigating Risk in an Era of Expanding Attack Surfaces

Cyber Risk Series - Attack Surface Management Edition

Today, CISOs are more central to an organization’s strategy than ever. Attackers have grown more sophisticated, breaches have become more expensive, and the attack surfaces organizations must defend have expanded.

The average Chief Information Security Officer (CISO) now assumes a heightened position, as they are responsible for shaping, validating, and communicating the risk exposure of their entire organization to the senior executives and board of directors. However, considering this expanded role, have the tools accessible to most CISOs adapted to their increased level of responsibility? What are the most critical considerations when building a cyber risk management strategy to meet the demands of an anxious boardroom? Lastly, can success be measured in a way that supports the CISOs’ cyber risk evolution?

Join Mike Orosz, the Global Chief Information and Product Security Officer of Vertiv, as he answers these questions and more. In this 30-minute keynote, Mike will share what methods and metrics have made Vertiv’s cyber risk strategy scale to secure a business with operations in more than 130 countries.

The CISO Maturity Model: Building a Cyber Strategy

CISO Maturity Model

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The CISO Maturity Model: Building a Cyber Strategy

Presented by

About this talk

More from this channel