Name: Automation and Continuous Monitoring: What it Means and Why it's Critical
Start: 2023-05-10T17:00:00Z
End: 2023-05-10T17:00:59.000Z
Location: BrightTALK
Rating: 4.9

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

The reliance of development teams on open-source components is undeniable. It helps organizations get their software solutions to market sooner and free their engineers to focus on building intellectual property instead of “plumbing”.
Open-source projects are also an attack vector when bad actors compromise the open-source by injecting malware or developers unknowingly include releases with exploitable vulnerabilities.
Join Dave Roche, Director of Software Trust at DigiCert, as he shares the 5 best habits for securing your software supply chain from vulnerable or malicious open-source code. Gain valuable insights into: 
• Novel software supply chain attacks
• Getting visibility of the components in your software
• Spotting and prioritizing vulnerabilities
• Taming code signing without hampering innovation

Open-Source Webinar | 5 Habits to Avoid Security Flaws in Open-Source Software

Copilot for Microsoft 365 can drive productivity (and GenAI adoption), but left unchecked, increases security risk that can lead to data leaks, breaches, and toxic content. Security teams responsible for Copilot need to mitigate risk, enforce controls, and safeguard sensitive data. Join BigID & ISSA for a deep dive into how to reduce risk and secure your data for Microsoft
Copilot.

We’ll cover:
● How to ensure Copilot and AI model training data is safe for use
● Best practices for AI risk mitigation
● Critical capabilities for responsible MSFT Copilot adoption
● And more

Risks & Controls for Microsoft Copilot

With more than a dozen privacy laws in effect or coming into effect, digital advertising is increasingly becoming a regulated industry. While proper notice, fulfillment of opt-out rights, and post-transaction consumer requests (e.g., deletion) have dominated the enforcement and compliance landscape, attention is increasingly being paid to one of the fundamental changes in state privacy laws – their inclusion of requirements around vendor diligence and accountability. 

What does this mean for SSPs, DSPS, and the rest of the digital advertising ecosystem? We will examine how personal data traverses the digital advertising ecosystem, why the privacy diligence and accountability requirements under state privacy laws are paramount in light of those data flows,  changes in business practices needed to achieve compliance, and how technology solutions will need to evolve to meet these requirements.

Privacy Compliance and the Importance of Due Diligence: Redefining Privacy

Platform consolidation — the strategic integration of multiple tools and infrastructure into a single, cohesive platform — is a strategic priority for security and IT leaders, driven by increasing tech stack complexity and budgetary pressure. 
 
Unfortunately, platform consolidation projects often struggle to meet expectations due to gaps between what platforms can do and what it should do. As a result, IT and Security team productivity slows even further, and business initiatives attempting to connect and secure the organization’s technology stack fall short.  
 
IDC analyst and guest speaker Ghassan Abdo has helped dozens of organizations navigate these situations. In this webinar, he’ll discuss: 
• 3-5 common roadblocks in platform consolidation efforts
• Real-world examples of organizations that overcame those challenges
• Actionable strategies you can bring into your own organization

Common roadblocks when simplifying your IT stack

It’s all about the data.  Whether it's Data Subject Request or a Data Breach; the amount of effort, cost and impact on a company's reputation depend on the quantity and the type of personal data involved.  The more personal data, the larger the consequences.  This presentation is a practical approach to privacy and data protection that includes strategies to help you stay compliant with the evolving privacy regulations.  No legalese or technical jargon, just a talk about applicability.

Data Privacy Framework Program

In our presentation, we'll compare the European Union's GDPR with Caribbean data privacy laws, highlighting how both aim to protect personal data but differ in scope, compliance, and enforcement. We'll discuss the unique challenges Caribbean businesses face in meeting GDPR standards, due to different regulatory environments and penalties. The focus will be on how these differences present opportunities for the Caribbean to strengthen its data privacy frameworks, fostering trust and enabling international partnerships in a data-centric world.

Similarities and differences between GDPR and Data Privacy in the Caribbean

As with any piece of enterprise software, choosing and buying a PAM solution is a fraction of the battle. Many installations fail or never get rolled out fully due to deployment complications and competing priorities.
In this webinar, we will discuss common pitfalls, where implementations typically fail, and what you can do to make sure you are fully prepared to deploy and roll out PAM successfully in your organization.
Join this session to:
• Understand why many PAM rollouts fail
• Explore best practices around deployment
• Put a plan for success together
• Learn about new methodologies that can facilitate success

Navigating the Pitfalls of Privileged Access Management Deployment

Is the company talent management process helping your career advancements? How do we combat the assumptions about demographics and life choices; disparity starting from the first landing spot; women leave to start families; women don't aspire to upper management? The purpose of this webinar is to share some personal experiences in applying project management principles to a technical career planning and what you can do to track your own progress over time. Skills in cybersecurity is only the first step, technical proficiency, problem solving capabilities, knowledge in domain and context outside security and privacy as well as other soft skills are just as important for any technology focused career plans for women.

Women in Tech: Delusion or Progress and What you can do about it

We’ll look at current AI technology, legal and ethical issues, why human-machine trust is necessary, and why it’s not easy.

“Trust me – I’m an AI”: Why explainable AI is important

In the dynamic landscape of SaaS, the role of security transcends its traditional defensive function, becoming a powerful differentiator. In this talk, we delve deep into the paradigm shift where security is not just a safeguard but a strategic catalyst. 

Leading with security is more than a buzzword; it's a revenue-driving force. We will explore how proactive security measures can elevate SaaS organizations, foster customer trust, and be pivotal for both internal and external stakeholders - from auditors to customers, from GTM functions to board-level validation.

 You'll learn how this approach allows SaaS companies to not only detect and mitigate risks effectively - but also adapt swiftly to the ever-evolving threat landscape. 

Join us as we explore the transformative power of security in the SaaS industry and discover how it can be harnessed as a formidable force for growth, customer trust, and security by design.

Security By Design: Building Trust through Product Security

It’s all about the data.  Whether it's Data Subject Request or a Data Breach the amount of effort, cost and impact on a company's reputation depend on the quantity and the type of personal data involved.  The more personal data, the larger the consequences.  This presentation is a practical approach to privacy and data protection that includes strategies to help you stay compliant with the evolving privacy regulations.  No legalese or technical jargon, just a talk about applicability.

50 shades of data

In 1911, the first International Women’s Day was celebrated in Austria, Denmark, Switzerland and Germany.  But only in 1977, did the United Nations adopt March 8th for global celebration and advocacy of women’s rights and equality around the world.  We have made headway in the cybersecurity C-Suite level, but more inroads are required, to build out the middle.  We will review ways to accelerate that success and continue to build on accomplishments that matter.  We will share insights on the heavy hitters that will positively impact our individual careers going forward, actions that will help us achieve growth for women in the field overall, and those that can help us bridge the globe.

Celebrating International Women’s Day and the Successes in Cybersecurity

Third-Party Risk Management programs are in constant motion. They are a delicate balance between keeping up with new threats, navigating the evolving regulatory landscape, introducing new technologies and always trying to do more with less. Today, a static program is a failing program. What’s your plan to incrementally improve your processes over time? Join ProcessUnity for a discussion on how forward-thinking TPRM teams are incorporating new relationships, technologies and techniques to mature their risk-reduction capabilities.
Attend this session for trends, tips and techniques to help you:
• Build a strong partnership between procurement and information security to maximize both internal and external risk reduction
• Connect your internal controls to those of your vendors for a true assessment of your organization’s preparedness
• Leverage expert content, enterprise data and industry subject-matter expertise to reduce workloads, streamline assessments and confirm results are acceptable
• Employ artificial risk intelligence to significantly reduce the most time-intensive assessment activities

Beyond the Questionnaire: Tips to Modernize Your TPRM Program

In the last twenty years, privileged access management (PAM) has gone through many evolutions to keep pace with the ever-changing cyberthreat landscape. Still, a vital risk remains front and center: Privileged accounts are crucial for the day-to-day work of admins, but they are usually needed for only short periods of time — the rest of the day, they can be compromised by attackers and misused by insiders.

Old-school PAM solutions reduce this risk only to some extent, while being costly and time-consuming to deploy. But it doesn’t have to be this way! In this session, we’ll explore a modern, easy-to-adopt approach that deals with this core problem head-on.
Join this session to learn how you can:
- Leverage privilege orchestration to remove known attack surfaces when at rest
- Dynamically delegate access according to use case without impeding admin efficiency
- Quickly adopt modern PAM tools to centrally control and audit access

Security Renaissance: Why it's time to break with old-school PAM solutions

A recent report on cybersecurity and generative AI made an extraordinary claim: 75% of the information security professionals surveyed witnessed an increase in cyber-related attacks over the prior 12 months, and 85% attributed that increase to attackers using AI. If this is true, it represents a sea change in the cyber threat landscape and raises some critical questions about how we respond to it. In this presentation, we will review examples of AI-enabled threat vectors, evolving attacks on AI systems, and the different approaches taken to combat them by the United States and the European Union.

 Takeaways include:
 * Attack types that leverage AI as well as unique threats to AI systems
 * Defending against AI-powered attacks and protecting the integrity of AI systems
 * A comparison of the proposed EU AI Act with the White House Executive Order on AI

Cybersecurity considerations for AI: comparing U.S. and EU approaches

The recent new SEC rules around cyber-risk governance, management, and disclosure have reverberated across all echelons of American corporations.  In this webinar, three seasoned cybersecurity executives discuss the implications for today’s information security professionals, their leaders, and what can be done to address the new requirements using an integrated risk management and reporting approach that appeals to all stakeholders. Join us on February 14th at 1pm EST for this ISSA webinar, sponsored by AuditBoard, where we will explore time tested strategies for getting it right the first time.

Cyber Risk IS Business Risk

Renita will talk with us on today’s high risks for cybersecurity focus in the audit world, share insights on the tools to help us manage auditing and risk, identify current opportunities in cybersecurity and auditing, share insights on how we are innovating in audit given the current digital landscape, and present a picture of the current state of Audit.

Audit Leadership in a Cybersecurity World

The current state of cloud security is a dynamic landscape marked by rapid advancements in technology, increasing adoption of cloud services, and evolving cyber threats. This session explores the multifaceted world of cloud security, encompassing its landscape, risks, and the current job market.

Cloud security risks are diverse, ranging from data breaches and compliance challenges to Distributed Denial of Service (DDoS) attacks and vendor lock-in.

Overall, understanding the current state of cloud security is crucial for organizations and individuals seeking to navigate the complex landscape of cloud computing securely and capitalize on the burgeoning job opportunities in this dynamic field.

Current State of Cloud Security:  The Landscape, Risks and Current Job Market

Modern information security requires practitioners to defend environments and surfaces which are highly dynamic. With new security risks arising and constant changes to your system, point-in-time assessments  can’t keep up. That’s why you need to routinely assess your security through automated, continuous monitoring. 
Continuous monitoring and automation are buzzy words in the industry, but what do they really mean?  Monitoring and automation can be applied at various levels and layers in an environment in order to meet a wide variety of security and compliance objectives.
In this webinar, Matt Cooper, Senior Manager of Privacy, Risk, and Compliance at Vanta, and Rob Picard, Senior Manager of Security at Vanta, will detail common use cases for security and compliance monitoring and automation to enhance your security posture.

Automation and Continuous Monitoring: What it Means and Why it's Critical

Cybersecurity

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Automation and Continuous Monitoring: What it Means and Why it's Critical

Presented by

About this talk

More from this channel