Name: Understanding the CISA Maturity Model and DoD's Zero Trust Strategy
Start: 2023-10-13T17:00:00Z
End: 2023-10-13T17:01:03.000Z
Location: BrightTALK
Rating: 5

Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Modern-day compliance has become increasingly complex and dynamic. Scaling a business in a multi-cloud environment while navigating evolving compliance landscapes requires a strategic approach. Join us for a webinar on “GRC in the Cloud at Growing Companies or GRC in the Cloud Unplugged — Becoming Compliance Ready at Scale,” where we’ll discuss effortlessly managing compliance as your cloud environment grows.

This webinar will explore practical strategies to integrate compliance seamlessly into your cloud operations. Our experts will share real-world examples and actionable tips to help you:
• Build Sustainable Compliance Processes: Discover how to automate compliance and address critical challenges in an organization’s multi-cloud ecosystem.
• Implement Risk Controls: Deploy strategies to address different types of risk, including vendor risks, cloud access vulnerabilities, and infrastructure misconfigurations.
• Scale with Confidence: Best practices to meet compliance needs in a growing cloud ecosystem
• Navigate Regulations: Understand how to keep up with evolving regulations and ensure your cloud practices remain up-to-date and effective.

Register now and learn more about building and sustaining a long-term cloud GRC strategy and scaling business in a complex regulatory environment.

GRC in the Cloud: Becoming Compliance Ready at Scale

How do 800 security professionals view and experience Non-Human Identity Security?

Join us for an insightful 30 minutes webinar where we unveil and deep dive into the state of the emerging threat of unmanaged non-human identities (API keys, service accounts, OAuth tokens, secrets etc). 

Some of the key findings include:
• Alarming Incident Rate: Nearly 1 in 5 organizations have experienced a security incident involving NHIs.
• Low Confidence: Only 15% of organizations feel confident in their ability to secure NHIs.
• Top Challenges: Managing service accounts and discovering NHIs are the biggest hurdles.
• Outnumbered: NHIs often outnumber human identities 20 to 1, amplifying security challenges.
• Investment Surge: 1 in 4 organizations are already investing in NHI security, with many more planning to do so within the next 12 months.

And much more..  Don’t miss this chance to gain critical insights and practical steps to secure your NHIs. Register now!

Non-Human Identity Security: Data-Driven Insights

The CSA Annual SaaS Security Survey, commissioned by Adaptive Shield, surveyed over 450 IT and security professionals from large organizations from various industries and locations to better understand the industry’s priorities and plans around SaaS security.

In an era where SaaS platforms power a wide spectrum of industries and the threat of SaaS breaches looms large, SaaS security is on the radar, more than ever.

Join Maor Bin, CEO and Co-founder of Adaptive Shield to delve into the key findings around:
• Budget and resource allocation – during a period of contracting budgets and workforce reductions, organizations increased investment in SaaS security and added dedicated SaaS security team members
• Top pain points in SaaS security – the threats many organizations are struggling to stay ahead of and the tool that’s leveling the playing field
• Solutions in use or in evaluation – increased reliance on SaaS Security Poture Management (SSPM) and Identity Threat Detection & Response (ITDR) to secure the SaaS stack

Securing SaaS: Security’s Newest Top Priority

During this webinar you will hear from senior financial services executives who led a financial sector-wide collaboration to address challenges raised in the US Treasury Cloud Report related to transparency, resource gaps, exposure to operational incidents originating at Cloud Service Providers (CSPs), and contract negotiation dynamics. These executives will review the key outcomes from the Financial Services Sector Coordinating Council’s Cloud Outsourcing Issues and Considerations Workstream which produced a paper with key considerations for developing contractual provisions between financial institutions and CSPs to address risks, regulatory and supervisory compliance expectations when using cloud services.

Key Considerations for FI-CSP Contracts: Managing Risks and Meeting Regulations

The transition to cloud computing has diminished the effectiveness of traditional network security perimeters, rendering identity as the final line of defense against attackers. While enterprises have allocated substantial budgets to identity programs and have made significant progress in safeguarding human identities through the enforcement of multi-factor authentication (MFA) and centralization of control via single sign-on (SSO), the broader attack surface presented by non-human identities remains unaddressed. In this presentation, we will delve into the security of non-human identities, exploring the various methods attackers can employ to exploit them in order to breach cloud-based organizations. We will also discuss effective strategies to efficiently mitigate these risks.

Breaking the Identity Perimeter: An Attacker’s Perspective

Artificial Intelligence (AI) has moved beyond hype and unrealistic expectations. Organizations are increasingly embracing AI yet its adoption is both promising and perilous. To harness its potential while mitigating risks, organizations must cultivate a forward-looking AI risk management strategy. 


In this session, experts from Coalfire, AWS, and CSA will provide practical guidance and best practices to navigate the complexities of responsible AI adoption. From identifying potential risks to implementing safeguards, we’ll discuss how to ensure businesses can embrace AI innovation securely and safely.

Key topics discussed will include:
• The evolution of risk management to address the unique risks AI poses.
• How to develop and implement a program for mitigating risks specific to AI.
• Practical strategies for integrating AI into your existing risk management program.

De-risking AI: Risk Management Essentials

While threat actors are pivoting to target cloud environments and cloud breaches on the rise, the trends and potential lessons to learn are still difficult to find and decipher. This session is dedicated to bringing some clarity to the nature of external cloud threats, and the most pressing people, process and technology challenges internally for organisations as they face cloud security posture and cloud detection & response. 

Join Chris Hosking, SentinelOne's Cloud Security Evangelist, and John Yeoh, Cloud Security Alliance's Global VP of Research, for a real-world examination of recent cloud breaches and an open discussion of the lessons that can be learned, as well as where cloud security priorities should be set.

Challenges From Within and Without: Trends in Cloud Attack & Defense

The age of AI is shining a light on the most vulnerable identities within organizations. At the top of this list: developers. They're one of the most valuable assets for digital enterprises. Attackers know this. Initial access to a developer's credentials, an organization's repository, or secrets management leaves your company exposed. In this webinar, join CyberArk to discuss the changing cloud landscape and how it's created new circumstances and attack methods for developers--and what to do to about it. 

You'll learn:
• Different methods of risk reduction to equip your security team to protect your organization
• How to maintain velocity of deployments without sacrificing security with zero standing privileges
• The T.E.A. on securing your cloud estate.

Securing Developers By Closing Credential Security Gaps

In the ever-evolving landscape of digital transformation, organizations are facing unprecedented challenges in securing and scaling their cryptographic infrastructure. The need for crypto agility has never been more critical as companies grapple with risks posed by advanced technologies such as AI, emerging threats like Post Quantum Cryptography (PQC), and the complex web of compliance mandates, management hurdles, and technology transformations.

Join this discussion to gain actionable strategies as we create a blueprint to:
• Reducing IT resource burdens and costs through centralized certificate management
• Preventing costly business outages and addressing potential security vulnerabilities
• Building private and public trust while eliminating human error

Don't miss this opportunity to learn best practices and elevate your organization's cryptographic resilience. Be part of the conversation that prepares for a quantum-safe future and shapes the future of secure digital landscapes.

Unleashing Crypto-agility: A Blueprint for Post-Quantum Cryptography

Conventional defense mechanisms often fall short with adversaries employing advanced AI methodologies to target cloud assets. This session delves into the use of cutting-edge AI strategies to counter these evolving threats, offering insights into how AI helps defend against sophisticated attacks.

Fighting Fire with Fire - Leveraging AI in Cybersecurity

In an era where cyber threats are increasingly sophisticated and pervasive, how can resource strapped teams stay ahead? 

This webinar explores how GenAI can support cybersecurity teams by enabling rapid security investigations, anomaly detection, and faster insight generation. Tim Chase, Field CISO at Lacework, will break down how you can leverage GenAI to: 
• Augment your security team: Address the cybersecurity skills shortage through rapid onboarding and learning curve flattening for security professionals.
• Detect anomalies: Identify outliers and anomalous behavior in cloud data, a crucial aspect in modern cybersecurity.
• Accelerate insight discovery: Use GenAI to sift through extensive data and enhance operational efficiency.
• Maintain data security and privacy: A crucial cautionary note on the importance of handling sensitive data with care when deploying GenAI tools.

5 Ways Cybersecurity Leaders can leverage GenAI

Over the past year, the proliferation of AI technologies has introduced new challenges and risks for CISOs to contend with. From creating new ways for data to be accessed to reshaping the threat landscape with deepfakes and automated malware, AI has added more complexity and more pressure to existing security programs.

But it’s not all doom and gloom. AI also presents transformational opportunities for CISOs to drive operational efficiencies and deepen trust with customers.

In this conversation, Jadee Hanson, Chief Information Security Officer at Vanta, and Daniele Catteddu, Chief Technology Officer from the Cloud Security Alliance will discuss how security leaders should be engaging with the rest of the organization to support this transformation and do so with the right security and privacy practices in mind. In this conversation, they will cover:
• Top risks when leveraging AI and how to mitigate these risks
• Vendor landscape changes and the expansion of AI in the solutions we use
• Practical ways to identify and address the expansion of AI use within your organizations

How CISOs can Leverage AI: A Fireside Conversation with Vanta and CSA

In cybersecurity it is important to understand all aspects of best practices and controls: what risks and threats are they solving, what regulations and standards are prescribing them, how to apply them, and how to test for them. Currently, this information is scattered across many different standards and publications in a complex and ever-changing security, legal, and regulatory landscape. OpenCRE solves this problem by connecting standards at the level of common requirements. One of the connected standards is CSA's Cloud Control Matrix. In this webinar you'll learn how to use OpenCRE as a gateway to all the available knowledge around your security controls.

OpenCRE: Simplifying Cybersecurity Standards

That’s a wrap! Join Illena Armstrong as she  closes out the busy day with some final thoughts and insights on how to turn the knowledge gained throughout the conference into actionable items to take back to the office.

CSA Research Summit 2023: Final Thoughts

Join us for an informative webinar as we delve into the recent release of the Cloud Control Matrix (CCM) version 4.0 by the Cloud Security Alliance (CSA) and its mapping to the latest iteration of the Payment Card Industry Data Security Standard (PCI DSS) version 4.0. In this session, we will explore the intricacies of these essential industry standards and how their alignment can enhance security and compliance within the cloud environment. 

Our expert panelists will discuss the key changes and updates in both the CCM 4.0 and PCI DSS 4.0 standards, highlighting their significance in today's evolving cybersecurity landscape. Through practical insights and real-world examples, attendees will gain a deep understanding of the intersection between cloud security best practices and payment card data protection.

Whether you are a cloud service provider, a PCI DSS-compliant organization, or a security professional seeking to bolster your knowledge, this webinar offers a valuable opportunity to stay current with industry trends and best practices. Don't miss the chance to explore the synergy between CCM 4.0 and PCI DSS 4.0 and how it can drive your organization's security posture to new heights.

Mapping the Cloud Control Matrix (CCM) 4.0 to PCI DSS 4.0

Confidential computing presents new methods to secure processes as they run, which in turn can isolate code and data from attack, insider threat and exposure to service providers and unauthorized oversight. This is ideal to address complex new problems facing enterprises today spanning intimate collaboration over sensitive code and data even between untrusted entities, and generative AI, which presents completely new challenges where rights management, privacy, and control are essential for success and to avoid common issues such as model poisoning, data leakage, model compromise, and theft.

This session dives into these challenges and illustrate the essential need to protect running code and data, particularly with emerging LLM technology. The session will include demonstrations and use cases covering financial services and healthcare where protecting models, data, and code with a confidential computing-based zero-trust architecture can help organizations meet the pressure of cloud and AI technology with a much-reduced risk profile.

Confidential Computing for AI Risk Mitigation in Cloud Deployments

HSMs and Key Management in the Cloud – Securing your Keys and Safeguarding your Data

HSMs and Key Management in the Cloud

There are many Cybersecurity and Privacy Frameworks to guide in governing IT-based business solutions, but do they address the unique risks and mitigation strategies required for DLT-based solutions? This presentation by the CSA DLT Security and Privacy Governance Team will share some insights into:
What is important when matching risk appetite to DLT solution options?
What are the inherent design risks that are unique to DLT and DLT solutions ?
Demo of an Inherent Risk Profiling Tool and Risk Mitigation Methodology for a sample Trade Finance Use Case
CSA DLT Security and Privacy Governance Team has taken the approach to build on existing frameworks rather than to try and duplicate their work, so our focus will continue to be on the unique characteristics of DLT solutions

DLT Security and Privacy Framework

With CISA’s recent release of the second version of the Zero Trust Maturity Model V2, and the publication of the US Department of Defense's Zero Trust Strategy and roadmap, public and private sector organizations on a Zero Trust journey are curious about the similarities, differences, implications, and future plans for both and the impact on implementations.  

The CSA has assembled a panel of CISA and DoD experts to review their recent publications and provide a summary analysis of the fundamental commonalities and distinct aspects of their respective frameworks and approaches going forward.

Understanding the CISA Maturity Model and DoD's Zero Trust Strategy

Cyber Security

Information Security

Cloud Security

IT Security

Cloud

Security

Cloud Adoption

Cloud Applications

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Understanding the CISA Maturity Model and DoD's Zero Trust Strategy

Presented by

About this talk

More from this channel