Name: Managing Risk and Your Vendor Relationships
Start: 2022-02-28T17:00:00Z
End: 2022-02-28T17:00:59.000Z
Location: BrightTALK
Rating: 4.5

ISC2 Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.

In October 2023, the U.S. Securities and Exchange Commission (SEC) filed a civil complaint against SolarWinds and its CISO, Timothy Brown.  The charges stemmed from the September 2019 intrusion by threat actors into SolarWinds, which affected some 18,000 customers.  This action by the SEC is likely the first time the agency targeted a CISO for alleged cybersecurity failures.  It comes on the heels of the October 2022 criminal conviction of Uber CSO Joe Sullivan for withholding information about a 2016 breach at Uber from federal investigators.  All of this raises an important issue for CISOs: Should they have their own legal counsel to guide them on legal compliance and working with regulatory agencies?  And if so, who should pay – them, or their employers?  In this presentation by cybersecurity attorneys, we’ll take a deep dive into the hard choices that modern CISOs face and some possible ways forward. 

Takeaways include:

·            Evaluating the SolarWinds and Uber cases and the claims against the CISOs
·            Understanding at what point a CISO needs to hire independent legal counsel 
·            Exploring the various types of insurance and why your policy may be the wrong one

Do CISOs Need Their Own Legal Counsel?  Some Lessons from SolarWinds and Uber

Today, artificial intelligence presents both unprecedented opportunities and unique challenges for security teams. Grab your coffee and join our webinar to explore the intersection of AI, compliance, and security. 
On December 19th at 1:00 p.m. Eastern/10:00 a.m. Pacific, RegScale and ISC2 demonstrate how AI-enabled compliance can serve as a powerful tool to strengthen your organization’s security posture. You’ll learn: 
-The symbiotic relationship between good security practices and effective compliance measures
 - Strategies for securing AI systems while meeting stringent compliance requirements 
- How Continuous Controls Monitoring (CCM) automates compliance processes 
- Implementing AI compliance as guardrails to enhance overall security, including the security of AI applications
 Join us for this 30 minute session to learn how to gain an AI edge and make compliance your secret weapon for smarter, more robust security in the age of artificial intelligence.

AI-Enabled Compliance: Your Secret Weapon for Smarter Security

Embark on a foresight journey into the future of cybersecurity, highlighting key trends and innovations that are set to redefine the digital defense landscape in the year ahead. Discover how advancements in artificial intelligence will revolutionize the way security teams reduce cybersecurity risks and improve their abilities to defend against modern threats. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he shares his top five cybersecurity predictions for 2025.

Top Five Cybersecurity Predictions for 2025

Your personal information is continuously harvested and analyzed by countless data brokers eager to sell to the highest bidder. From your name to your online activities, to your employment details and even your real-time location – all are on the market for anyone interested.  

On November 14, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific, KnowBe4 and ISC2 discuss the extensive surveillance enabled by the internet, the risks of your personal data falling into the hands of malicious entities, and methods to protect yourself.  

In this session, you will learn:  

-The various ways you are being surveilled, including through "free" GPS-enabled apps you've downloaded  

- How your digital footprint is commodified and utilized by social engineers  

- Techniques to detect signs of surveillance  

- Effective strategies to protect yourself from malicious tracking and defend against the tactics of social engineering 

 Learn ways to keep your online information safe and protect yourself against malicious scams.

All the Ways the Internet is Surveilling You

Has your organization jumped on the passwordless authentication bandwagon yet? If not, it should. Passwordless authentication embraces possession factors, such as certificates and hardware tokens, and inherence factors, such as fingerprints and face scans, to replace legacy password and single sign-on (SSO) authentication methods. It also strengthens your organization’s security posture while improving the user experience for accessing company applications and data. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews modern passwordless authentication technologies and the benefits organizations have achieved by implementing them.

Passwordless Authentication: A New Reality or a Pipe Dream?

With companies adopting hybrid models—some employees working from home, others in multiple offices—managing data access has become increasingly complex. As AI tools generate large volumes of sensitive content, and the traditional security perimeter blurs, balancing security, compliance, and productivity is more challenging than ever.
In this webinar on November 5, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific Netwrix and ISC2 discuss:
• Creating governance policies for sensitive data to overcome challenges of hybrid teams and AI tools.
• Reducing security risks across hybrid work environments without sacrificing productivity.
• Practical steps to ensure compliance while managing data access in a workplace without clear boundaries.

The Invisible Workplace: Governing Data Access in a Hybrid, AI-Driven World

New to the security industry? Or thinking about transitioning into an information security role? If so, this webinar is for you. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he provides a one-hour ‘crash course’ on the entire security industry, including:

- Size and growth of the security industry
- Useful vocabulary terms and buzz words
- Five types of cyberthreat actors 
- Modern cyberthreats and tactics
- Categories of security defenses
- Common security job roles
- Security industry ecosystem

Security Industry 101: A ‘Crash Course’ For Security Newbies

*No CPE is provided for this webinar*

Join Clinical Health Psychologist, Robyn Pashby, PhD, for an insightful webinar about managing your mental health in anxiety or stress inducing environments!

Managing Your Mental Health in the Cybersecurity Field

CDK. Colonial Pipeline. UnitedHealth Group. What do all these companies have in common? They have all been subject to recent headline-making cyberattacks impacting the global product supply chain. Cyber incidents such as these can wreak havoc – preventing orders/payments, interrupting service, and in some cases cause detriment to human health and safety. 
 
There is no way to ignore that the vast majority of businesses rely on third-party partnerships to maintain their day-to-day operations. From a business perspective, third-party partnerships are seen as ways of reducing costs, creating efficiencies and enhancing access to goods and service. From a cyber perspective, they must be viewed as another threat surface. If your third-party partner is attacked – your data and business may be impacted as well.  
 
Join this panel of experts as they discuss and debate:
·         The underlying causes of most supply chain cybersecurity failures.
·         How to assess how secure your partners are against cyberattacks. 
·         The value of strong business continuity procedures.
·         Success stories/case studies in reducing third party cyber risk exposure.

Ransomware and Third-Party Global Supply Chains: Understanding & Mitigating Risks

Artificial intelligence (AI) has bolstered cybersecurity solutions across the board. Security teams have more ways to detect advanced threats than ever before, and organizations are much better equipped to measure and reduce their attack surfaces. However, AI also benefits cyber adversaries with improved phishing and spear phishing techniques and new methods for tricking unsuspecting victims using deepfake content spawned by generative AI. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he provides a comprehensive analysis of AI's dual role in both fortifying and challenging modern cyber defenses. Discover who's winning the AI arms race in cybersecurity.

Impact of AI on the Cybersecurity Industry: Who's Got the Upper Hand?

Join us for this live webinar where we’ll tell you all about newly enhanced ISC2 Online Self-Paced Systems Security Certified Practitioner (SSCP) Training with AI-driven adaptive learning. Find out how this dynamic experience pinpoints areas that require focus and guides you through every stage of your personalized exam prep. You’ll study smarter, not harder and go into the SSCP exam with confidence.

You’ll learn:
• Why it makes training more efficient busy professionals 
• What makes it a more efficient route to exam readiness
• How artificial intelligence tailors learning to your needs
• And much more!

Wednesday, September 12 at 3pm ET

Save your spot now.

New! AI-Driven Adaptive Learning for Systems Security Certified Practitioner

The accelerated shift to the cloud as well as new PCI DSS 4.0 requirements coming into effect by March 2025, present several challenges for financial institutions, ecommerce merchants, and others subject to its regulations. As IT teams have lost control of their digital environments due to an increased reliance on cloud computing and remote work, the process of solving challenges to meet compliance requirements has become more complex. As a result, it is more essential than ever for organizations to find a way to streamline compliance.
 
Join this conversation to learn about:
- What’s new and what’s driving PCI DSS 4.0
- Challenges of PCI compliance for today's digital world
- Strategies and tools for organizations to address PCI requirements in a scalable and programmable way

A Strategic Approach to Meeting the Newest PCI Requirements in a Cloud-Driven World

Explore the digital footprints of a malicious hacker and uncover their attack path, as we take you for a journey inside the mind of a threat analyst responding to a cybersecurity incident that brought a business to a complete halt. Discover the evidence left behind, uncover the attack path, and understand the techniques used by the attackers. This session will delve into a real-world incident response, showcasing the methods employed by attackers to compromise identities and credentials. 
 
Join ISC2 and Delinea as we guide you through the steps taken by cybercriminals during a damaging identity compromise attack, including: 
• Access Gaining and Patient Zero Identification: Learn how attackers initially infiltrated systems and identified the first compromised system. 
• Establishing Staging, Footholds and Persistence: Understand how attackers set up their presence within the network and maintained access over time. 
• Tools and Commands Used: Discover the specific tools and commands utilized by the attackers, including RDP Brute Force, Mimikatz and Responder. 
• Credential Harvesting and Misuse: See how attackers harvested credentials and used them to escalate privileges and move laterally within the network. 
• Active Directory (AD) Elevation: Learn how attackers achieved AD elevation to gain further access and control over the infrastructure.
 
Gain a comprehensive understanding of the tactics, techniques and procedures (TTPs) used by cyber criminals to compromise identities and credentials. This knowledge will empower you to better defend your organization against such cyberattacks.

Risks of Identity and Credential-Based Cyber Attacks: A Real-World Cybersecurity Incident Walkthrough

Compromising end user computing devices through spear phishing attacks is frequently cited as the initial step of advanced persistent threats, often leading to data breaches. Year after year, IT security professionals cite “low security awareness among employees” as a top inhibitor to IT security’s success in CyberEdge’s annual Cyberthreat Defense Report. So, why aren’t more security teams adequately addressing this challenge? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he details five ways to invest in your company’s human firewalls.

Five Smart Ways to Invest in Your Human Firewalls

Want to know which IT security technologies are hot and which ones are not? Join Steve Piper, Founder & CEO of CyberEdge (and a proud CISSP), as he reviews key purchase insights from the 2024 Cyberthreat Defense Report. Specifically, Steve will examine which security technologies are most widely deployed and most planned for acquisition in 2024 so you can benchmark your company’s current and planned investments against your peers. Steve will review purchase intent across five key security technology categories, including:

- Network security
- Endpoint security
- Application and data security
- Security management and operations
- Emerging security technologies

The ‘Hottest’ IT Security Technologies in 2024

Google and Yahoo announced a new set of requirements for email delivery last October, resulting in a rapid increase of DMARC (Domain-based Message Authentication, Reporting and Conformance) authentication adoption. However, meeting DMARC requirements is just the beginning. Impersonation risk remains — in the form of spoofed emails, brand abuse and threats from fake or compromised suppliers. Hijacked business communications often lead to significant financial losses and reputation damage. So how can your organization further mitigate impersonation risk even after you achieve DMARC compliance?  

Join Proofpoint and ISC2 on July 18, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific as we discuss: 
-Common impersonation tactics and real-world attack examples  
-Challenges and benefits of enforcing email authentication  
-Risks posed by impersonated suppliers  
-How AI is affecting threats like business email compromise (BEC) 
-Critical controls that help reduce impersonation risk

Beyond DMARC: Best Practices for Impersonation  Protection

Denial of service (DoS) attacks more than doubled in 2023 compared with previous years. Attack size, frequency, and sophistication, have all increased which suggests that DDoS is far from being a solved problem.  

Gobal geopolitical tensions rose dramatically during 2023 and, by no coincidence, so too did the quantity and ferocity of DDoS attacks. After a small but steady decline in denial-of-service attacks during 2022 and prior, 2023 saw an explosion of incidents many of which can be directly linked to political events and growing hacktivism. While many DDoS attacks are short lived inconveniences, many organizations and countries face persistent bombardment and increasingly sophisticated attacks. It begs the question: do organizations accurately evaluate the risk posed by DDoS attacks? 

Join F5 and ISC2 July 11, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific as we discuss the findings from F5 Labs' annual DDoS report. Join this threat research driven webinar to ...  

-Understand how and why DDoS attacks have grown, and the tools and techniques used by threat actors 

-Explore the differences between regions and industries to understand how and why some are more targeted that others 

-Learn about effective mitigation strategies and the questions you should be asking of your DDoS protection solution

Escalating Threats: Unveiling the Rise of DDoS Attacks in a Tense Global Climate

Join us for this live webinar where we’ll tell you all about newly enhanced ISC2 Online Self-Paced Certified in Governance, Risk and Compliance (CGRC) Training with AI-driven adaptive learning. Find out how this dynamic experience pinpoints areas that require focus and guides you through every stage of your personalized exam prep. You’ll study smarter, not harder and go into the CGRC exam with confidence. 

You’ll learn: 

- Why it makes training more efficient busy professionals  
- What makes it a more efficient route to exam readiness 
- How artificial intelligence tailors learning to your needs
- And much more

Wednesday July 10 at 1pm ET

Save your spot now!

New AI-Driven Adaptive Learning for Certified in Governance, Risk and Compliance

51% of businesses have experienced a third-party data breach. In other words, there’s a one-in-two chance a vendor will expose your sensitive data. 
 
Practically every company relies on third parties to provide critical services or software to their business. But while you can outsource processes, you can’t outsource the associated risks. Knowing who your vendors are, how they manage their risks and their potential impacts on your company is a crucial piece of your InfoSec program. 
 
However, contracting is often overlooked from a security perspective, and it shouldn’t be. 
 
An effective vendor risk management program can minimize the impact of disruptive events and reduce a company’s overall risk exposure. 
 
In this webinar, Jose Costa, Chief Information Security Officer at Tugboat Logic, and Zach Payne, Senior Corporate Counsel at OneTrust, will deep dive into:
 
- How to build an ideal vendor management framework
- The issue with vendor contracts and how to overcome common pitfalls
- Practical advice to streamline complex client and vendor points of view
- Liability limitations, intellectual property, and confidential information.

Managing Risk and Your Vendor Relationships

(ISC)2

CISSP

Cyber Security

Information Security

ISC(2)

Third-Party Risk Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Managing Risk and Your Vendor Relationships

Presented by

About this talk

More from this channel