Name: Beyond the Buzz: Data Security Controls for the AI Era
Start: 2025-05-21T15:00:00Z
End: 2025-05-21T15:01:00.000Z
Location: BrightTALK
Rating: 0

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

The rapid adoption of AI is introducing serious new risks and vulnerabilities that will not be caught and/or remedied by traditional risk management approaches. This presentation will highlight a number of those new risk and vulnerability areas, and discuss the prudent ways that we might go about performing a better risk assessment process, so as to develop contingency plans for the inevitable failures and damages sustained as a result of this very rapid adoption process. A sample of recent legal cases related to these new risks and vulnerabilities will be covered, with an emphasis on what can be done, so as to prevent similar problems at the viewer's organization.

Safety Nets for Artificial Intelligence Risk Management Failures

The work never ends. Every year, we onboard more third parties. And every year, our assessment workload gets worse. More resources to help? Not going to happen. Sound familiar? You’re not alone. We have been at this process for years, but it continues to get worse for your team and the people in your company that rely on your third parties.

It doesn't have to be that way. It's time the flip the script and cut back on assessment questionnaires.
Join us for a live webcast on March 26th at 1PM ET and learn how the newest risk exchange models are eliminating 80% of questionnaire requests with data.

Our team of experts will outline how to:
• Instantly perform inherent risk analysis on your entire vendor portfolio
• Incorporate real-time risk  data into your process to reduce  questionnaire requests
• Map your questionnaire and controls to industry-standard  frameworks or threat profiles to get the information you need with fewer questions
• Access  assessment data on large, hard-to-assess third parties that don't respond to you
• Monitor 100% of your portfolio -- not just your critical vendors

TPRM doesn't have to be the most painful process in your company. Join us and start your program's evolution.

Get Off the Assessment Treadmill. Take a Data-First, Questionnaire-Second Approach to TPRM

Existing risk management policies, and the related business processes, which may have been appropriate for the traditional information technology environment, will not be workable in the AI environment. In this presentation, we’ll discuss what’s markedly different between the traditional information technology risk management environment, and the new AI risk management environment. For example, there is a risk of model stealing with publicly facing AI systems, but no such risk is found in traditional publicly facing systems. Likewise, the result provided by a certain query submitted to a Generative Artificial Intelligence (GAI) system may not be the same from day to day, but no such phenomenon is present with traditional information systems. Similarly, the great power of AI systems can be used to overcome traditional privacy-protection mechanisms such as anonymization, and this has not been previously encountered with traditional information systems. Also covered in this presentation will be suggested managerial and technical responses to these differences, such as an AI Acceptable Use Policy and an AI Life Cycle Process. Some recent legal developments in the AI risk management area will also be briefly covered.

Why AI Needs Its Own Risk Management Policies and Processes

GDPR became one of the first forcing functions to get teams to implement baseline engineering policies within their organization(s), but we continue to see organizations paying fines. Validating external claims made by organizations and helping to evolve policies requires a robust cultural shift. In this talk we'll discuss examples of privacy policy converted to engineering verification scenarios to help engineers or privacy champions embed privacy policy verification(s) within product cycles so policies stay current.

Privacy for the People by the People

Kick-off (or refresh) your mentorship journey with the ISSA Mentorship Program, designed for cybersecurity professionals looking to grow and connect in meaningful ways. Pete Schramm will share how an agile approach to mentorship can help you plan your career, build a Personal Board of Advisors (multiple mentors), and strengthen relationships beyond "just work." Learn what it truly means to be an effective mentor or mentee, how to use career mapping to guide your conversations, and how strong connections within your organization can reduce internal threats by fostering trust and collaboration. Invest in your career and community—this is mentorship redefined for cybersecurity professionals!

Creating & Managing an Effective Mentorship Program, Methods & Best Practices to Consider

This presentation will discuss how to ensure your company has AI policies and plans in place based on industry best practices and applicable regulations.  It will take into consideration the developing frameworks and other quickly evolving regulations. We will discuss the prioritization of ethical and legal use in AI software as well as how to work with relevant stakeholders to understand business considerations and risks.  We will also show how AI can present real opportunities for cybersecurity and why you shouldn’t be afraid to implement it.

A CISO Guide to AI and Privacy

Privacy and security are distinct yet equally important disciplines, each addressing unique challenges. This session will provide a brief overview of what privacy is, its key differences from security, and why these teams must work together. Through practical insights, you’ll learn how collaboration can strengthen compliance, reduce risks, and build trust across your organization.

Privacy & Security: Different But Equal and Why They Need to Work Together

According to recent research, a staggering 60% of breaches happen because of vulnerabilities that go unpatched—even when a fix is available. As the volume of vulnerabilities increases, capacity to address them hasn’t kept up, security teams are often overwhelmed and don’t know where to start. To address this gap, we need a better way to evaluate and prioritize vulnerabilities and the risks they pose to our organizations.
In this webinar, Justin Scarpaci, Technical Strategist at Sevco Security, will provide a framework for assessing risk to prioritize the most critical vulnerabilities for the most effective remediation. In this webinar, he’ll discuss:
  ● Why the first step is to understand where your security tools are – and aren’t – deployed
  ● The limitations around existing vulnerability scoring systems like CVSS
  ● How to better assess likelihood of exploit alongside org-specific intelligence like business impact provides a more complete risk assessment
  ● What signals can be used to determine vulnerability likelihood and business impact
Attendees will leave with practical approaches to apply within their organizations.

Close the Vulnerability Gap: Using Better Intelligence for Better Prioritization

Join us for an engaging session hosted by the ISSA International Apprenticeship, Internships, Mentorship (AIM) Comittee, where we dive into the latest insights from our recent infosec professional study. As the cybersecurity landscape intensifies, professionals face mounting challenges, from resource constraints and evolving skill requirements to balancing time and mitigating real threats. Our research highlights the shared pain points and needs of today’s cyber workforce. 

Guided by the AIM Program’s mission, this webinar will also highlight efforts to bolster the cybersecurity talent pipeline, providing access to quality apprenticeship, internship, and mentorship opportunities. Walk away with actionable data, connections, and a fresh perspective on shaping the future of the cybersecurity workforce.

Navigating Workforce Challenges: Perspectives and Insights of Information Security Professionals

In recent years privacy regulation has taken over the globe. Many companies have made changes to their websites and applications in order to comply with these laws, while at the same time neglecting the changing technical infrastructure upon which those systems are built.  In this session Cory will review the slate of changes imposed by browsers and operating systems in recent years which continue to impact existing architectures, and how those changes impact existing business processes.

Privacy is About More Than Just Regulation

Join us for an enlightening webinar as we explore the intricacies of embracing the Zero Trust Model, from theory to practice. Whether you're a novice or seasoned professional, this session will equip you with expert insights and actionable strategies for implementing Zero Trust principles effectively. Dive deep into understanding the Zero Trust Model and discover how it can revolutionize your cybersecurity approach. 
Join the session to learn how to:
• Understand the foundational principles of the Zero Trust Model and dispel common misconceptions.
• Learn strategic approaches to purchasing technology that align with Zero Trust objectives.
• Discover essential steps for crafting and implementing a robust Zero Trust plan.
• Gain insights into achieving major milestones early in your Zero Trust journey.

Unlocking Zero Trust: A Blueprint for Secure Operations

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Power utilities use a variety of Industrial Control Systems (ICS) to manage their operations which are structured into six independent but interconnected zones: Power Generation, High Voltage (HV) Transmission System Operation (TSO), Medium Voltage (MV) Distribution System operation (DSO), MV Distributed Generation, Low Voltage (LV) power delivery and LV Distributed Generation. Each of these zones includes electrical and mechanical assets, process controllers and communications, which perform local control within their zone and communicate with other zones. The power grid structure described here is in line with the deployment of the Smart Grid architecture, which also includes MV and LV distributed generation, and Industrial Internet of Things (IIoT).

Cyber-Secured Power Utility Operation

Sign up for this talk and ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

This session provides a strategic framework for navigating the complex and chaotic landscape of cybersecurity risks, emphasizing the need for resilience in the face of rising cyber threats. 

The presentation outlines key survival strategies, including developing "meta" systems, cultivating domain awareness, promoting risk awareness, and investing in contingencies and controls. It highlights the importance of establishing Risk Level Agreements™ and integrating business operations with security operations. 

The discussion covers essential topics such as governance, vulnerability management, and the concept of "Cyber Entropy™," focusing on how increasing complexity, dependencies, and external threats challenge cybersecurity efforts. The overall message encourages organizations to embrace risk, acknowledge conflict, and strategically plan for resilience through governance, risk management, and continuous system improvement.

Surviving the Sands of Cyber Entropy, Conflict, Risk and Resiliency

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

The CREF Navigator™ was developed as a web based relational tool distilling the complex concepts and relationships from NIST SP 800-160 Volume 2 (Rev 1) into useful cyber resiliency terms, tables, and relationship visualizations enabling architectural and engineering analysis. The tool contains a hover-over, clickable dictionary of cyber resiliency terms; customizable visualization of complex relationships to other frameworks; the ability to balance and prioritize cyber resiliency choices based on nodal analysis; and export and import capabilities from ATT&CK® Navigator for presentation and analysis. The tool also provides an excellent crash course reference and training tool for those uninitiated to cyber resiliency concepts that is available to the masses via the internet for free.

Demonstration of MITRE’s CREF

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Beyond the Basics: What Firefighting Can Teach Us About Cyber Resilience – Unveiling the IDRRA Framework for Dynamic Defense

What it means to be truly resilient—because in the world of cyber, as in firefighting, preparedness & adaptability are everything. When we think of cyber resilience, we often default to the basics: protect, detect, and respond. But true resilience goes beyond these elements. Just as firefighters don't just react to a fire but prepare, anticipate, and adapt their tactics based on an evolving understanding of the situation, organizations must rethink how they approach cyber resilience.

In this session, I will introduce the IDRRA Framework (Investigate, Declare, Respond, Recover, Adapt), a proprietary approach that borrows from the disciplined, dynamic, and proactive strategies of firefighting to better prepare for and respond to cyber threats. This framework challenges the conventional wisdom of cyber security, moving beyond static defense and response to embrace a more agile, adaptive, and holistic approach to cyber resilience.

Just as firefighting is a mix of preparation, swift response, and continuous adaptation, true cyber resilience requires a blend of technical excellence, operational agility, and cultural commitment. It’s time we stop seeing cyber resilience as a checkbox activity and start treating it as an ongoing operation—dynamic, complex, and ever-evolving.

Join me for this thought-provoking session where we will delve into the IDRRA framework, drawing parallels with firefighting to uncover the unspoken elements of CR that many organizations overlook. Let's explore how adopting this framework can transform your approach to security, turning your organization from a passive defender into a proactive, adaptive force in the face of cyber threats.

What Firefighting Can Teach Us About Cyber Resilience – Unveiling the IDRRA Framework for Dynamic Defense

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Resilience is the ability to remain viable amidst adversity and to be better for it. The world has come to realize incidents will happen. The key is to detect faster and to recover quicker. Malicious actors understand our technical defenses are strong, so they exploit the softer dimensions of people, process, and organization.

In this session, we will level-set the guiding principles of resilience while walking through national and international efforts, including legislation, regulations, and standards. After laying the foundation, the session will map out the core steps to achieve resilience while providing lessons learned and street knowledge so you can make informed decisions.

The President’s Council of Advisors on Science and Technology (PCAST) produced “Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World.”

The EU enacted the Network and Information Security Directive (NIS2) to raise the level of resilience across the EU. The EU also passed the Digital Operational Resilience Act (DORA) to further bolster the financial services sector. Other nations like Canada have similar efforts.

The session will suggest tools and techniques to facilitate your journey along with metrics, statistics, and case studies to make informed decisions.

Featuring:
• Alex Sharpe: CEO, Sharpe llc
• Adam Isles: Principal, Chertoff Group
• Mark Orsi: CEO, GRF
• Gentry Lane: CEO, CTO & Founder, Nemesis Global
• Dr. Georgianna "George" Shea: CTO FDD and PCAST Member

Panel Discussion: The Report to the President on Resilience

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

This presentation dives into real-world experiences in responding to cybersecurity crises on a global scale and the critical steps for recovery. Drawing from over two decades in the field, Ashley Fairman will share key lessons learned from handling high-pressure cyber incidents across industries from DoD to Big Tech. 

From initial response to full recovery, this session will guide businesses through the process of managing cyber crises and rebuilding with resilience. Key topics will include incident management frameworks, stakeholder communication, regulatory considerations, and long-term recovery planning.

Cyber Crisis Response and Recovery: Lessons from the Field

AI is transforming how organizations use data—but it’s also reshaping the security landscape, exposing critical gaps in traditional controls. As AI adoption accelerates, security leaders must rethink their approach to data security, privacy, and compliance to stay ahead of emerging threats. 

Join this session to explore the evolving nexus of data security and AI risk. Learn why conventional security strategies fall short and discover the next generation of security controls designed for an AI-driven world. 

Key Takeaways: 
  ●   New Security Demands: Why AI-driven data usage challenges existing security frameworks and what’s needed to adapt. 
  ●   Regulatory & Compliance Pressures: How evolving privacy and security mandates impact AI governance. 
  ●   AI Risk & Data Protection: Best practices for securing sensitive data in AI models and mitigating exposure risks. 
  ●   Next-Gen Security Controls: How to implement AI-aware security measures, including real-time data monitoring and dynamic access controls. 
  ●   Actionable Strategies for Security Leaders: Practical steps to future-proof data security programs in the AI era. 

This isn’t just another AI session. It’s a roadmap for security leaders navigating the complexities of AI-driven data security.

Beyond the Buzz: Data Security Controls for the AI Era

AIOps

cybersecurity

Threat Hunting

Data Security

Compliance

Information Security

Information Risk

Security

Access Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Beyond the Buzz: Data Security Controls for the AI Era

Presented by

About this talk

More from this channel