Name: Escalating Privacy’s Privilege: Using Design Thinking to Identify What Matters
Start: 2023-10-15T18:00:00Z
End: 2023-10-15T18:00:44.000Z
Location: BrightTALK
Rating: 0

Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Compliance in a global context requires harmonization across borders, regulations, and standards. This session will explore the roles of international cooperation and standardization in building a consistent compliance landscape. We’ll discuss the critical role of regulators and the importance of dialogue between industry leaders and regulatory bodies to foster shared understanding and guidelines. Additionally, we’ll examine the areas where standardization is most needed, from data protection to AI ethics, and consider how global standards can streamline compliance processes for multinational organizations. Participants will leave with insights into the future of compliance on the world stage and the collaborative efforts required to achieve it.

International Cooperation and Standardization

Traditional, periodic audits are no longer sufficient to keep pace with today’s cybersecurity threats. This session will delve into Continuous Control Monitoring and Continuous Auditing—two pillars of a proactive approach to compliance and assurance. Additionally, the session will explore how AI and ML technologies will support and enable the achievement of a continuous assurance posture.  Participants will learn about the key components of Continuous Control monitoring, including establishing requirements, defining controls, and setting up metrics for monitoring security, compliance, and governance. The session will clarify what it means to be “continuous” in this context and highlight practical mechanisms for achieving ongoing assurance. Finally, the session will delve into the topic of leveraging AI and ML for real-time control effectiveness assessment. By the end, attendees will understand how to implement a system that offers real-time insights into compliance status, reducing risk and improving response times.

Continuous Control Monitoring and Auditing

Resiliency is an increasingly important global business and compliance priority across different jurisdictions and business sectors, particularly financial services and those considered to be critical infrastructure. This panel discussion will provide practical organizational and architectural guidance for leveraging Zero Trust security strategy principles to achieve operational resiliency and regulatory compliance.  Key global regulatory requirements for resiliency will be examined, along with aspects of operational resilience where Zero Trust principles can be beneficial in achieving both operational and compliance objectives.

Building Resiliency: Strategies for Compliance and Operational Excellence

Struggling with time-consuming vendor assessments and security questionnaires? Discover how AI-powered tools are revolutionizing third-party risk management. Join Nick Sorensen, CEO of Whistic, in this live webinar to explore game-changing features, including automated security documentation analysis, instant compliance checks, and AI-driven questionnaire responses. This exclusive session will provide CSA members with insights into simplifying vendor assessments, securing documentation, and leveraging a Whistic Trust Center to enhance transparency.

Attendees will also gain access to a free 3-month trial of Whistic’s AI-powered assessment tools and lifetime access to the Trust Center. Don’t miss this opportunity to streamline your compliance processes and stay ahead in a rapidly evolving security landscape.

Transform Vendor Assessments and Security Compliance with AI

As organizations seek to meet complex compliance requirements, automation offers promising solutions. In this session, we’ll dive into Compliance as Code, a powerful approach that treats compliance requirements as executable code, enabling teams to automate compliance checks and enforcement. We'll also explore “compliance by design” principles and defaults that make compliance integral to systems and workflows. We’ll examine the convergence of security and compliance automation, focusing on tools and techniques that support governance frameworks and reduce the burden of manual compliance tasks. Finally, we’ll delve into the impact of AI and ML on Compliance Automation. Attendees will gain a practical understanding of how automation can simplify compliance while enhancing organizational resilience.

The Future of Compliance Automation

This opening session will set the stage by exploring the changing landscape of compliance and assurance in cybersecurity. We'll define core concepts like trust and assurance and discuss how these are impacted by evolving legal and regulatory standards, market demands, and disruptive technologies such as artificial intelligence. Through examining market needs from the viewpoints of service providers, customers, auditors, and regulators, this session aims to identify the most pressing compliance challenges. By understanding these foundational issues, participants will be better prepared to engage with the modern solutions covered in later sessions.

The Evolution and Challenges of Modern Compliance

Modern-day compliance has become increasingly complex and dynamic. Scaling a business in a multi-cloud environment while navigating evolving compliance landscapes requires a strategic approach. Join us for a webinar on “GRC in the Cloud at Growing Companies or GRC in the Cloud Unplugged — Becoming Compliance Ready at Scale,” where we’ll discuss effortlessly managing compliance as your cloud environment grows.

This webinar will explore practical strategies to integrate compliance seamlessly into your cloud operations. Our experts will share real-world examples and actionable tips to help you:
• Build Sustainable Compliance Processes: Discover how to automate compliance and address critical challenges in an organization’s multi-cloud ecosystem.
• Implement Risk Controls: Deploy strategies to address different types of risk, including vendor risks, cloud access vulnerabilities, and infrastructure misconfigurations.
• Scale with Confidence: Best practices to meet compliance needs in a growing cloud ecosystem
• Navigate Regulations: Understand how to keep up with evolving regulations and ensure your cloud practices remain up-to-date and effective.

Register now and learn more about building and sustaining a long-term cloud GRC strategy and scaling business in a complex regulatory environment.

GRC in the Cloud: Becoming Compliance Ready at Scale

How do 800 security professionals view and experience Non-Human Identity Security?

Join us for an insightful 30 minutes webinar where we unveil and deep dive into the state of the emerging threat of unmanaged non-human identities (API keys, service accounts, OAuth tokens, secrets etc). 

Some of the key findings include:
• Alarming Incident Rate: Nearly 1 in 5 organizations have experienced a security incident involving NHIs.
• Low Confidence: Only 15% of organizations feel confident in their ability to secure NHIs.
• Top Challenges: Managing service accounts and discovering NHIs are the biggest hurdles.
• Outnumbered: NHIs often outnumber human identities 20 to 1, amplifying security challenges.
• Investment Surge: 1 in 4 organizations are already investing in NHI security, with many more planning to do so within the next 12 months.

And much more..  Don’t miss this chance to gain critical insights and practical steps to secure your NHIs. Register now!

Non-Human Identity Security: Data-Driven Insights

The CSA Annual SaaS Security Survey, commissioned by Adaptive Shield, surveyed over 450 IT and security professionals from large organizations from various industries and locations to better understand the industry’s priorities and plans around SaaS security.

In an era where SaaS platforms power a wide spectrum of industries and the threat of SaaS breaches looms large, SaaS security is on the radar, more than ever.

Join Maor Bin, CEO and Co-founder of Adaptive Shield to delve into the key findings around:
• Budget and resource allocation – during a period of contracting budgets and workforce reductions, organizations increased investment in SaaS security and added dedicated SaaS security team members
• Top pain points in SaaS security – the threats many organizations are struggling to stay ahead of and the tool that’s leveling the playing field
• Solutions in use or in evaluation – increased reliance on SaaS Security Poture Management (SSPM) and Identity Threat Detection & Response (ITDR) to secure the SaaS stack

Securing SaaS: Security’s Newest Top Priority

During this webinar you will hear from senior financial services executives who led a financial sector-wide collaboration to address challenges raised in the US Treasury Cloud Report related to transparency, resource gaps, exposure to operational incidents originating at Cloud Service Providers (CSPs), and contract negotiation dynamics. These executives will review the key outcomes from the Financial Services Sector Coordinating Council’s Cloud Outsourcing Issues and Considerations Workstream which produced a paper with key considerations for developing contractual provisions between financial institutions and CSPs to address risks, regulatory and supervisory compliance expectations when using cloud services.

Key Considerations for FI-CSP Contracts: Managing Risks and Meeting Regulations

The transition to cloud computing has diminished the effectiveness of traditional network security perimeters, rendering identity as the final line of defense against attackers. While enterprises have allocated substantial budgets to identity programs and have made significant progress in safeguarding human identities through the enforcement of multi-factor authentication (MFA) and centralization of control via single sign-on (SSO), the broader attack surface presented by non-human identities remains unaddressed. In this presentation, we will delve into the security of non-human identities, exploring the various methods attackers can employ to exploit them in order to breach cloud-based organizations. We will also discuss effective strategies to efficiently mitigate these risks.

Breaking the Identity Perimeter: An Attacker’s Perspective

Artificial Intelligence (AI) has moved beyond hype and unrealistic expectations. Organizations are increasingly embracing AI yet its adoption is both promising and perilous. To harness its potential while mitigating risks, organizations must cultivate a forward-looking AI risk management strategy. 


In this session, experts from Coalfire, AWS, and CSA will provide practical guidance and best practices to navigate the complexities of responsible AI adoption. From identifying potential risks to implementing safeguards, we’ll discuss how to ensure businesses can embrace AI innovation securely and safely.

Key topics discussed will include:
• The evolution of risk management to address the unique risks AI poses.
• How to develop and implement a program for mitigating risks specific to AI.
• Practical strategies for integrating AI into your existing risk management program.

De-risking AI: Risk Management Essentials

While threat actors are pivoting to target cloud environments and cloud breaches on the rise, the trends and potential lessons to learn are still difficult to find and decipher. This session is dedicated to bringing some clarity to the nature of external cloud threats, and the most pressing people, process and technology challenges internally for organisations as they face cloud security posture and cloud detection & response. 

Join Chris Hosking, SentinelOne's Cloud Security Evangelist, and John Yeoh, Cloud Security Alliance's Global VP of Research, for a real-world examination of recent cloud breaches and an open discussion of the lessons that can be learned, as well as where cloud security priorities should be set.

Challenges From Within and Without: Trends in Cloud Attack & Defense

The age of AI is shining a light on the most vulnerable identities within organizations. At the top of this list: developers. They're one of the most valuable assets for digital enterprises. Attackers know this. Initial access to a developer's credentials, an organization's repository, or secrets management leaves your company exposed. In this webinar, join CyberArk to discuss the changing cloud landscape and how it's created new circumstances and attack methods for developers--and what to do to about it. 

You'll learn:
• Different methods of risk reduction to equip your security team to protect your organization
• How to maintain velocity of deployments without sacrificing security with zero standing privileges
• The T.E.A. on securing your cloud estate.

Securing Developers By Closing Credential Security Gaps

In the ever-evolving landscape of digital transformation, organizations are facing unprecedented challenges in securing and scaling their cryptographic infrastructure. The need for crypto agility has never been more critical as companies grapple with risks posed by advanced technologies such as AI, emerging threats like Post Quantum Cryptography (PQC), and the complex web of compliance mandates, management hurdles, and technology transformations.

Join this discussion to gain actionable strategies as we create a blueprint to:
• Reducing IT resource burdens and costs through centralized certificate management
• Preventing costly business outages and addressing potential security vulnerabilities
• Building private and public trust while eliminating human error

Don't miss this opportunity to learn best practices and elevate your organization's cryptographic resilience. Be part of the conversation that prepares for a quantum-safe future and shapes the future of secure digital landscapes.

Unleashing Crypto-agility: A Blueprint for Post-Quantum Cryptography

Conventional defense mechanisms often fall short with adversaries employing advanced AI methodologies to target cloud assets. This session delves into the use of cutting-edge AI strategies to counter these evolving threats, offering insights into how AI helps defend against sophisticated attacks.

Fighting Fire with Fire - Leveraging AI in Cybersecurity

In an era where cyber threats are increasingly sophisticated and pervasive, how can resource strapped teams stay ahead? 

This webinar explores how GenAI can support cybersecurity teams by enabling rapid security investigations, anomaly detection, and faster insight generation. Tim Chase, Field CISO at Lacework, will break down how you can leverage GenAI to: 
• Augment your security team: Address the cybersecurity skills shortage through rapid onboarding and learning curve flattening for security professionals.
• Detect anomalies: Identify outliers and anomalous behavior in cloud data, a crucial aspect in modern cybersecurity.
• Accelerate insight discovery: Use GenAI to sift through extensive data and enhance operational efficiency.
• Maintain data security and privacy: A crucial cautionary note on the importance of handling sensitive data with care when deploying GenAI tools.

5 Ways Cybersecurity Leaders can leverage GenAI

Over the past year, the proliferation of AI technologies has introduced new challenges and risks for CISOs to contend with. From creating new ways for data to be accessed to reshaping the threat landscape with deepfakes and automated malware, AI has added more complexity and more pressure to existing security programs.

But it’s not all doom and gloom. AI also presents transformational opportunities for CISOs to drive operational efficiencies and deepen trust with customers.

In this conversation, Jadee Hanson, Chief Information Security Officer at Vanta, and Daniele Catteddu, Chief Technology Officer from the Cloud Security Alliance will discuss how security leaders should be engaging with the rest of the organization to support this transformation and do so with the right security and privacy practices in mind. In this conversation, they will cover:
• Top risks when leveraging AI and how to mitigate these risks
• Vendor landscape changes and the expansion of AI in the solutions we use
• Practical ways to identify and address the expansion of AI use within your organizations

How CISOs can Leverage AI: A Fireside Conversation with Vanta and CSA

This panel discussion introduces one of CSA’s newest research initiatives,  Implementing Privacy by Design and Default (PbDD) within DevSecOps. Researchers discuss current findings, including their approach to successfully selling privacy internally. Using Design Thinking (DT) and Human-Centered Design (HCD) based methodologies, researchers discuss how they were able to identify what really matters to stakeholders—as well as key drivers that propelled the PbDD project under study forward.

Situated non-exclusively within the DevSecOps Six Pillars framework, the current research provides additional considerations to existing processes. Of note is the use of real-world Scenario-Based Design (or modeling) to further clarify the problem and solution spaces of implementation contexts, activating essential organizational dynamics where solution-based innovations may emerge.

The scenario? A global company diagnosing infectious diseases using a downloadable AI-assisted Software as a Medical Device (SaMD) with an opportunity—an exclusive government partnership and blank check. The feasibility challenge? Compliance with all global data protection and privacy regulations.

Escalating Privacy’s Privilege: Using Design Thinking to Identify What Matters

Privacy

DevSecOps

Cloud Security

Design Thinking

Data Protection

Regulations

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Escalating Privacy’s Privilege: Using Design Thinking to Identify What Matters

Presented by

About this talk

More from this channel