Name: Taking a Risk Based Approach to Your Information Security Budget
Start: 2021-02-12T17:00:00Z
End: 2021-02-12T17:00:35.000Z
Location: BrightTALK
Rating: 5

Webinars, panels, and commentary for cutting-edge CISOs, cybersecurity teams, IT compliance professionals, and risk management experts.

Cybercriminals constantly develop and enhance their tradecraft to maximize the likelihood of success in their operations. At times, this evolution manifests in an expanded target set, while at other times, it includes changing operational outcomes. However, tradecraft evolution mostly involves revising the TTPs that cyber adversaries deploy. Despite several cybercriminals diligently updating their TTPs, many still rely on different implementations of social engineering to obtain initial access to enterprise and personal networks or to steal sensitive information. Specifically, the threat landscape has witnessed a growing number of malvertising and job recruitment scams over the last four years. 

How can enterprises protect their personnel and clients from these attacks? How can cybersecurity practitioners track these campaigns for analysis? Search engine results pages (SERP) are one efficient means to systematically identify and mitigate these threats. 

This talk from STRONGER 2024 highlighted how threat actors of varying sophistication are weaponizing malvertising and job recruitment scams in the wild and targeted attacks. The presentation explored how organizations can leverage SERP data to scope for malvertising activity and suspicious job recruiter impersonation for their enterprise. The presentation also addressed opportunities for automating the use cases and discussed the limitations of said opportunities.

STRONGER 2024: Threat Detection Breakfast: I'll Have Waffles with Extra SERP Please

With critical infrastructure increasingly targeted by cyber threats, the need for resilient security strategies has never been greater. In this session from STRONGER 2024, David Mussington, Executive Assistant Director for Infrastructure Security at CISA, provided insights into the evolving threat landscape and shared best practices for fortifying vital systems. Attendees learned actionable approaches to safeguarding critical infrastructure, enhancing collaboration across sectors, and preparing for future challenges in an era of heightened cyber risk. 

Discover how to build a proactive defense and ensure the continuity of essential services in this pivotal discussion.

STRONGER 2024: Infrastructure Under Siege: Strategies for Robust Security with CISA's David Mussington

This final keynote panel from STRONGER explored the emerging technologies and platforms that security practitioners need to monitor to effectively counter the next generation of cyber threats. The discussion covered advancements in key areas such as artificial intelligence, machine learning, cloud security, IoT security, and zero trust architecture, offering insights into how these innovations can be integrated into security strategies. Additionally, the panel highlighted relevant certifications and educational opportunities that attendees can pursue to stay current with these new technologies. 

The panel brought together industry experts to provide a comprehensive view of the evolving technological landscape in cybersecurity, equipping practitioners with the knowledge and tools needed to stay ahead of emerging threats.

STRONGER 2024: Future-Proofing Security: Next-Gen Threats, Innovations, and Certifications

This STRONGER keynote panel focused on the heightened responsibilities and potential personal liabilities that CISOs face in light of the new SEC cyber risk reporting rules. The discussion centered on understanding materiality, the implications of these regulations on executive roles, and strategies for mitigating and effectively communicating company risk to reduce personal liability. The panel brought together leading experts in cybersecurity, legal compliance, and executive leadership to provide comprehensive insights and practical advice for navigating this complex landscape.

STRONGER 2024: Leadership Challenges in the Age of Cyber Regulations and Accountability

Drawing from their extensive experiences as Board members and cybersecurity leaders, Larry Whiteside and Shamla Naidoo, discussed the Board's pivotal role in shaping and prioritizing cyber risk management. This fireside chat explored real-world challenges and successes in integrating cyber risk into corporate strategy, highlighting how boards can influence a top-down security culture. The speakers discussed their experiences navigating complex regulatory landscapes, driving strategic investments in cybersecurity, and driving practical collaboration between boards and executive teams. 

Gain actionable insights into how board members can lead transformative change in cybersecurity practices, ensuring their organizations are prepared to manage current and future risks.

STRONGER 2024: Cyber Risk Leadership: Insights from the Frontlines of Board Governance

Feeling overwhelmed by the endless cybersecurity tools and jargon? You're not alone. In this session, Ashish Garg, Cybersecurity Executive, and Thought Leader cut through the noise and focused on what truly matters for protecting your information. Learn how to confidently navigate the complexities of cybersecurity by understanding the core principles that make a real difference. Ashish shared practical strategies that you can immediately apply to help you prioritize your efforts, streamline your security approach, and build a strong defense—without getting lost in a sea of options. 

Join us to simplify your cybersecurity journey and equip yourself with the essentials for effective protection.

STRONGER 2024: Strategies for Safeguarding in an Evolving Digital Landscape

2024 and 2025 will be busy years for privacy legislation and regulation. On the regulatory front, numerous state and federal agencies have adopted or plan to adopt expanded notification requirements, many of which have stricter and shorter deadlines than existing state law. Notable federal agencies that recently adopted such rules include the FTC, the SEC, and the Federal Housing Administration. On the state level, the NYDFS and several Attorneys General have stepped up reporting requirements and enforcement around data security incidents. 

This presentation provided an overview of the current state data breach notification laws, pending or newly enacted notification requirements adopted by various federal regulatory agencies, and key developments from state agencies and AGs concerning notification duties. Heather then discussed best practices for implementing an incident response plan focusing on preparing for and complying with this complicated web of breach notification requirements.

STRONGER 2024: Legislative and Regulatory Update: Preparing for New and Stricter Notification Requirements

In an era of escalating cyber threats, the demand for skilled cyber security professionals has never been greater. This session offered a comprehensive exploration of the growing career opportunities in cyber security. Attendees gained valuable insights into cyber security organizations' structure and success metrics, essential skill sets required for various roles, and the industry's evolving landscape. From understanding the implications of high-profile cyber attacks to grasping the importance of protecting data, this presentation equips aspiring professionals with the knowledge to thrive in this critical field.

STRONGER 2024: Emerging Careers in Cyber Security

This presentation from STRONGER discussed practical tips for building predictive risk models using Python and open-source libraries. Professor Huwyler explored how these models can detect unusual activity and threats in real-time, providing valuable insights to enhance cybersecurity measures. The session offered practical tips and recommendations, complete with code examples that you can implement immediately. He'll discuss various use cases to illustrate how these predictive risk models can be applied in real-world scenarios. Professor Huwyler demonstrated how to build these models with Python and published this code on a free-to-use platform, ensuring accessibility for all attendees from this session.

STRONGER 2024: Can AI Outsmart Cybercriminals? Building Predictive AI Risk Models in Python

This session explored the critical lessons learned from safeguarding New York City's vast infrastructure and services against evolving cyber threats. Gain a deep understanding of effective cyber risk management strategies, including risk assessment, incident response, and resilience building, with learnings that apply to security programs of all industries. The session highlighted the importance of public-private partnerships, community engagement, and robust policy frameworks in enhancing cyber defense. Learn how proactive cyber risk management can be applied to your organization to mitigate risks and protect critical assets.

STRONGER 2024: Big City, Big Risk: Lesson Learned from Protecting the City of New York

In the evolving landscape of cybersecurity, integrating AI tools such as Microsoft Copilot and ChatGPT offers promising enhancements for cyber risk management and compliance. This discussion from STRONGER 2024, featuring Dr. Fortune Onwuzuruike, provided an in-depth discussion on the strategic implementation of AI in cybersecurity programs. Attendees gained valuable insights into common pitfalls to avoid alongside actionable best practices to optimize the effectiveness of AI tools. The session covered critical areas, including ethical considerations, vulnerability management, identity isolation, and continuous monitoring, ensuring that AI-driven solutions are leveraged to strengthen cyber resilience and compliance efforts. Explore the intersection of AI and cybersecurity, and learn how to harness the potential of advanced AI technologies while mitigating associated risks.

STRONGER 2024: Leveraging AI Tools in Cyber Risk and Compliance: Pitfalls to Avoid and Best Practices to Embrace

See how Rob Nolan, CISO at Expeditors, built the company's cyber risk management strategy in this session from STRONGER 2024. Rob discussed his challenges and successes while building a comprehensive cyber risk program. He dove into the critical role of quantifying risk and scenario planning, which paved the way for effective risk management and communication with his C-Suite and Board of Directors. Rob highlighted how Expeditors aligns cyber initiatives with business growth goals, and how he used cyber as a competitive advantage to grow the business. Learn from Rob's experience turning cybersecurity from a necessary safeguard into a strategic business enabler at a Fortune 300, with learnings that apply to companies of all stages.

STRONGER 2024: Building an Effective Cyber Risk Program to Drive Business Growth

This keynote panel from STRONGER 2024 delved into the essential components and best practices for building and maintaining a comprehensive cyber risk management program. It explored the critical elements of program development, including risk quantification, integrating automation, and ensuring program maturity. The panel featured insights from industry leaders and experts who have successfully implemented and evolved cyber risk management programs in their organizations. Gain practical advice and actionable strategies to effectively enhance your programs and address emerging threats.

STRONGER 2024: Blueprint for Success: Building a Robust Cyber Risk Management Program

From STRONGER 2024: Join Patrick Wright, Chief Information Security & Privacy Officer for the State of Nebraska, as he dove into the critical elements of designing an effective cyber risk management program at the state level. Patrick shared his journey from establishing a foundational security framework to achieving significant milestones in gaining stakeholder buy-in. 

Learn how he implemented strategies that transitioned Nebraska’s cybersecurity efforts from reactive to proactive, risk-based approaches. This discussion provided valuable insights into the practical challenges and key success factors in building a robust cyber risk management program tailored to the unique needs of state government.

STRONGER: Cyber Risk in the Heartland: Nebraska’s Path to Statewide Resilience

Join Padraic O'Reilly, Founder of CyberSaint, and Mike Donaldson, Senior Director of Cyber Risk Services at CyberSaint, as they explore key findings from the Gartner® Innovation Insight: Cyber GRC Streamlines Governance report.

With 85% of organizations struggling with fragmented GRC systems, Padraic will discuss why this is a persistent issue and how companies can consolidate efforts for a unified view of cyber risk. We’ll dive into the rising importance of cyber risk quantification, spurred by new regulations like the SEC rule, and how continuous control monitoring (CCM) is reshaping compliance strategies.

We’ll conclude by discussing how CyberSaint’s unique platform addresses GRC integration challenges, improves efficiency, and delivers measurable outcomes.

Dive In: Gartner® Innovation Insight: Cyber GRC Streamlines Governance

CyberSaint and IBM watsonx are thrilled to introduce the next phase of generative AI with KnightVision. This new capability is a cutting-edge AI tool within the CyberStrong platform that leverages IBM watsonx. KnightVision addresses the critical challenges CISOs face daily by enabling security leaders to contextualize the latest threat and vulnerability intelligence within their cyber risk management programs.

Join Padraic O’Reilly, Founder of CyberSaint, and Jeff Achtermann, Principal Technical Architect at IBM watsonx, for a deep dive into this exciting new capability, transforming AI into a reliable solution for CISOs and security leaders. See how KnightVision acts as a cyber risk command center and empowers CISOs to gain a holistic view of their cyber risk landscape, leveraging generative AI to identify and correlate risks and provide precise remediation guidance.

During this webinar, you will learn how this solution leverages the advanced AI capabilities of both CyberStrong and watsonx, several use-case benefits, and how it works. 

Discover how KnightVision can: 
- Identify Cyber Risk Patterns
- Analyze Data in Real Time 
- Identify Risk Gaps 
- Recommend Cost-Effective Remediation Plans

In this webinar, learn how KnightVision is a multi-purpose tool for CISOs and other C-level Executives to secure and justify security investment, enhance risk posture visibility, and automate continuous compliance. The speakers will also address key questions regarding customizability, mitigating the risk of hallucination, and data retention policies.

Triaging Cyber Risk Across the Enterprise with CyberSaint and IBM watsonx

Join us for a live demonstration of CyberSaint’s revolutionary top-down approach to cyber risk management. In an era where aligning cybersecurity strategy with business objectives is paramount, traditional methods of risk assessment and quantification fall short of easily delivering actionable financial insights that resonate with the C-suite. This demo will delve into how CyberSaint uniquely bridges the gap between cybersecurity and business by translating complex cyber risks into clear financial terms that CFOs and CEOs understand. Attendees will learn how to seamlessly benchmark their risks versus industry peers, measure residual risk, implement credible cyber risk quantification with models like FAIR and NIST 800-30, and quickly stand up a dynamic risk register to support informed decision-making across the enterprise.

Live Demo: Elevate Your Cyber Risk Program with Actionable Insights & Measurable Results

Live Demo: Quantify Your Cyber Risk Posture & Progress for C-Suite Alignment

As more and more Boards become cyber aware, CISOs and information security leaders are being required to present cyber and IT risk metrics in a clear and transparent fashion. Not only to understand where the organization sits, but also for executive leadership to know where to divert resources and how various initiatives are impacting the organization's risk profile. 

In this talk, we will dive in from both the perspective of the CFO as well as the infosec leader to understand what the CFO needs to hear and understand to make informed decisions as well as how the CISO or infosec leader can present that data in the most compelling way.

Taking a Risk Based Approach to Your Information Security Budget

Information Security

Risk Management

Risk Assessment

Cyber Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

The IT project management community on BrightTALK includes thousands of IT project and portfolio management professionals. Find relevant webinars and videos on agile methodologies, scrum strategy, project management processes and more. Attend live webinars or view on demand content presented by recognized thought leaders in the IT project management industry.

IT Project Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Taking a Risk Based Approach to Your Information Security Budget

Presented by

About this talk

More from this channel