Name: Being Proactive with Security: Deep Dive into Security Testing
Start: 2023-04-26T16:00:00Z
End: 2023-04-26T16:01:01.000Z
Location: BrightTALK
Rating: 4.4

A global leader in cybersecurity ratings, SecurityScorecard's mission is to make the world a safer place by transforming the way organizations understand, mitigate, and communicate cybersecurity risk to their boards, employees, and vendors. Here, you'll find content filled with experts chatting through the evolving cybersecurity threat landscape, how to monitor (and remediate) your cybersecurity posture (and that of your vendors), potential regulation around cyber risk mitigation, and more!

Thousands of organizations leverage our patented rating technology for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting. But we don’t stop there. Through a customer-centric, solution-based commitment to our partners, SecurityScorecard is transforming the digital landscape by building a path toward cyber resilience. 

You can monitor your organization's risk with a free account here: https://securityscorecard.com/free-account-trial/

Únete a nosotros en este webinar para aprender cómo medir y reportar adecuadamente los riesgos cibernéticos al negocio. Descubre cómo alinear los esfuerzos de los equipos que protegen y operan el negocio con los que toman decisiones estratégicas. Gestionar riesgos es una tarea de equipo, donde el CEO actúa como capitán. Este capitán necesita la mejor información disponible para llevar el negocio en un mundo cada vez más desafiante, con recursos limitados y ataques sofisticados.

Cómo comunicar el Riesgo Cibernético al Board en tiempos de tormentas

Il Digital Operational Resilience Act (DORA) dell'Unione Europea è un importante atto legislativo volto a rafforzare la resilienza digitale del settore finanziario.  Le entità finanziarie di tutti i tipi saranno sottoposte a nuovi controlli per garantire la resilienza operativa informatica, la gestione della catena di approvvigionamento e il monitoraggio continuo.  Le sanzioni finanziarie e di reputazione saranno significative. Unitevi a SecurityScorecard per scoprire come mappare e misurare il rischio della catena di fornitura per facilitare la conformità.

Conformità DORA e NIS2 - Gestire la sicurezza della catena di fornitura

Com a crescente digitalização do setor de saúde, os hospitais estão cada vez mais expostos a ameaças cibernéticas, colocando em risco não só a segurança dos dados dos pacientes, mas também a segurança dos próprios pacientes. Para os profissionais de saúde, um vazamento de dados não só mina a confiança do paciente, mas também expõe a instituição a consequências legais e financeiras severas. A violação da privacidade pode culminar em litígios, prejudicando a reputação do estabelecimento e levando à perda de pacientes. 

O que você vai aprender:
- Identificação de Ameaças Comuns: Conheça as ameaças cibernéticas mais frequentes no setor de saúde, incluindo malware, ransomware e ataques de phishing;
- Práticas de Segurança de Dados: Descubra as melhores práticas para proteger os dados dos pacientes e assegurar a privacidade;
- Políticas de Segurança: Entenda a importância de políticas robustas de segurança cibernética e como implementá-las eficazmente;
- Tecnologias de Proteção: Explore as tecnologias mais recentes em cibersegurança que podem ajudar a proteger os sistemas hospitalares;
- Resposta a Incidentes: Aprenda a desenvolver um plano de resposta a incidentes para minimizar o impacto de um ataque cibernético;
- Compliance e Regulações: Saiba mais sobre as regulações e normativas que afetam a segurança de dados no setor de saúde e como garantir a conformidade;

Palestrantes:
- Dani Pereira - Field Sales Director, Brazil, SecurityScorecard
-  Leandro Ribeiro - Gerente de Segurança da Informação, Hospital Sírio-Libanês

Benefícios da Participação:
Workshop com a SecurityScorecard: Com este webinar, tenha um desconto de 100% num workshop com a SecurityScorecard! O nosso workshop tem um custo de 6000 USD, mas se for umas das cinco (5) primeiras empresas a inscrever-se, durante o live do nosso webinar, terá acesso ao desconto! Não perca a oportunidade de revisar trinta (30) empresas, à sua escolha, que podem impactar a saúde cibernética da sua empresa!

Protegendo o Setor de Saúde Contra Ameaças Cibernéticas

DARPA. Expanse (Qadium). Escape Dynamics. Stanford and Caltech. Google Ventures and Sequoia. From entrepreneurship to academia to VC, there’s a lot to unpack.

Join Shaun Maguire (General Partner, Sequoia Capital) and Aleksandr Yampolskiy (CEO & CO-Founder SecurityScorecard) as they discuss:
- Key things to note within the investment landscape
- How to build and scale businesses that are category creators
- Lessons learned in making and/or taking mentors and opportunities

Save your seat today!

The Investor-Operator’s Take: Irrational Motivation to Build & Scale Businesses

Supply chains are prime targets for cyberattacks. Join this webinar to delve into the world of supply chain cyber risk managed services and discover what they are and how they can safeguard your entire supply chain.  

Some of the topics our experts will cover include: 

-  Understanding the Threat: What is a supply chain cyber risk managed service and why is it crucial for your business?
-  Building a Secure Foundation: Explore the key components of a comprehensive supply chain cyber risk managed service.
-  Implementation Roadmap: Learn a practical approach to implementing a managed service, ensuring a smooth and successful integration.
-  Best Practices & Real-World Insights: Gain valuable knowledge from industry experts through "tales from the trenches," including best practices and potential pitfalls to avoid.

Best Practices for Implementing a Cyber Risk Managed Service

Are your vendors putting your organization at risk? You may not be aware of various supply chain cyber risks lurking within your network, most of which are difficult to detect, manage, and mitigate. 

Introducing Supply Chain Cyber Risk Managed Services: a powerful solution that can revolutionize your approach to TPRM. Learn how managed services can:

-  Automate Third-Party Risk Assessments: Streamline the process and free up resources.
-  Gain Continuous Monitoring: Stay informed about evolving threats within your supply chain.
-  Prioritize Critical Risks: Leverage expert insights and data to focus on the biggest threats.
-  Improve Communication & Collaboration: Enhance communication with your vendors for better security.

Don't let limited resources or expertise hold you back. Register today to learn how to achieve a more secure and resilient supply chain!

Third-Party Risk Management: Understanding & Mitigating Supply Chain Cyber Risks

Almost every day now, there’s news of another data breach (e.g. AT&T) or cyber attack (e.g. Change Healthcare) and/or consequences that arise from the lot. This means cybersecurity has more eyes on it than ever, making the CISO’s job feel more and more like a battlefield.

Join Mark Dunkerley (CISO, Coca-Cola Bottlers’ Sales & Services), Steve Cobb (CISO, SecurityScorecard), and Maya Kano (Senior Solutions Architect, SecurityScorecard) in this discussion, where they chat about:

- How to make the most of limited resources to manage cyber risk
- Best practices for board reporting and working with senior leadership
- Processes and solutions to deal with the CISO’s new normal

Save your seat today!

Conquering CISO Challenges: Balancing Between Risk, Resource Constraints, & More

Join Dr. Jared Smith for this talk on boosting SecOps and TPRM with Signals Intelligence. In this webinar, he’ll cover:

- the basics of signals intelligence (a quick introduction and history)
- technology application (including a dive into active scanning vs. passive collections)
- tracking adversaries using SIGINT techniques (Volt Typhoon)

Save your seat today!

Elevating Cyber Defenses: Boost SecOps & TPRM with Signals Intelligence

In order to safeguard sensitive data, maintain customer trust, and avoid costly penalties, cybersecurity leaders must continue to adapt to more than just the latest threat actor TTPs. 

Next up in our “Crafting Your Compliance Blueprint” series: Future-proofing your organization's cybersecurity compliance program.

Join Christopher Strand (Global Risk Officer) and Devaney Devoe (Senior Product Marketing Manager) as they discuss:
- Key differences and similarities between emerging frameworks, regulations, and mandates
- Overview of recent cybersecurity themes and real-world examples (DORA, SEC, NIST CSF 2.0, etc)
- Actionable recommendations to accelerate collection of security controls and posture 
- Best practices for risk assessment and compliance to effectively communicate risk to the board and future-proof your organization

Save your seat today!

Future-proof Your Organization’s Compliance Program

Cybersecurity is increasingly a team sport; you aren’t going to boost your cyber resilience without engaged executives and secure suppliers.

To that end, join SecurityScorecard’s Aleksandr Yampolskiy and the Cyber Rescue Alliance’s Kevin Duffey for this discussion on:
- Benefits of a more collaborative cybersecurity community
- Building on highly predictive cyber risk scores to improve security posture 
- Best practices to engage your executives, employees, and vendor ecosystem to move the dial on managing (and reducing!) cyber supply chain risk 

Save your seat today!

Engage Executives & Support Suppliers to Boost Cyber Resilience

It wouldn’t be a webinar in 2024 if we didn’t talk about AI. 

But we’re going beyond the hype and taking a more practical approach. Join Aleksandr Yampolskiy (CEO and Co-Founder, SecurityScorecard) and Michael Schrage (Visiting fellow, Imperial College Business School; Research fellow, MIT Sloan Initiative on the Digital Economy) for this discussion on how AI-powered:
- Selvesware and recommendation engines will shape the future of self-improvement
- KPIs can continuously learn and improve an organization’s growth
- Data-curation can drive both insights and security in the future

Save your seat today!

Selvesware, Enhanced Metrics, and The Future of Advice

As regulatory mandates and frameworks continue to emerge, cybersecurity leaders must continue to adapt to more than just the latest threat actor TTPs. 

Next up in our “Crafting Your Compliance Blueprint” series: complying with PCI DSS v4.0. 

Implementing the new PCI DSS v4.0 assessment and reporting requirements can be challenging, but are in place to empower cybersecurity leaders to proactively address evolving threats to card data and payment systems while ensuring proper scrutiny on the organization's critical controls, assets, operations, and security posture.

Join Christopher Strand (Global Risk Officer) and Brian Contos (Chief Strategy Officer, Sevco Security) as they discuss:
- How PCI DSS v4.0 assessment themes differ from its predecessor’s (3.2.1) and what to prioritize in the lead up to March 2025 when new requirements become mandatory
- Best practices for analyzing your attack surface, prioritizing the gaps you find, and conducting risk assessments as a process
- Actionable recommendations to help enforce and prove controls within PCI DSS v4.0 assessments to enable better and accelerated collection and communication of compliance and security policy

Save your seat today!

Prepare for PCI DSS v4.0 with Confidence

As notable cyber security breaches – including zero-days – feel like they’re only increasing in frequency, Purple Teaming emerges as a strategic approach that surpasses the traditional Red Teaming paradigm. 

Join SecurityScorecard’s David Mound as he chats through the benefits of Purple Teaming. Learn how to
- Foster a more collaborative environment (with Red and Blue teams working in tandem)
- Fortify the cybersecurity posture of the organization (with a combination of offensive and defensive strategies)
- Facilitate deeper insights into adversary tactics and strengthen incident response capabilities (with more structured, tailored campaigns that ensure ongoing refinement of defense mechanisms)

Save your seat today!

Elevate Your Cyber Defense: The Power of Purple Teaming

When start-ups scale-up, their cybersecurity -- or lack thereof -- is increasingly viewed as the backdoor into the larger organizations they serve.

Join Aleksandr Yampolskiy (CEO and Co-Founder of SecurityScorecard) and Harry Moseley (former CIO at Zoom, KPMG, and more) for a conversation on the:
- evolution of the C-Suite's interest in cybersecurity and data within an organization
- strategies to emulate (and avoid) in scaling up the security architecture of a growing organization
- key things to think about in scaling the security of organizations in an era where third-party breaches are on the rise

Save your seat today!

Cybersecurity In An Era of Scaling Start-Ups & Data Breaches

Saiba como podemos entender os desafios que envolvem a gestão de riscos de terceiros, que acabam por afetar  e impactar a saúde cibernética de uma organização, atuar sobre estes desafios com inteligência e automatização, criando um processo vivo, inteligente e colaborativo com os terceiros.

Com esta sessão aprenda como:
- criar processos inteligentes de gestão de riscos de terceiros;
- usar uma solução de TPRM para dar visibilidade ao compliance;
- a automatização é a regra do sucesso;
- otimizar seus recurso de tempo, de equipes e financeiros.

Os desafios da gestão de riscos de terceiros

Notre dernière analyse révèle que les 100 plus grandes entreprises françaises ont toutes été exposées à une faille de sécurité au cours des douze derniers mois. En cause, leur chaîne d’approvisionnement.

Pour parer à ces menaces, découvrez comment optimiser et automatiser la gestion des risques cyber pour l’ensemble de votre écosystème (fournisseurs, filiales, partenaires, M&A...) :
- Analyse complète de la surface d’attaque de votre supply chain
- Surveillance en continu de vos tiers
- Détection automatique des nouveaux fournisseurs
- Identification et correction des vulnérabilités
- Réponse aux nouvelles réglementations (NIS2, DORA)

Nos experts seront à disposition pour répondre à toutes vos questions en direct à la fin de la session.

Cybersécurité des tiers: Automatiser la gestion des risques

Change. Ascension. It hasn’t exactly been a great year to date for healthcare cybersecurity.

In this 20-minute talk, SecurityScorecard’s Matthew Ancellin highlights the healthcare findings from our report on Global Third-Party Cybersecurity Breaches (an in-depth analysis of the most significant third-party cyber risks and incidents in 2023) released earlier in the year. 

Questions we’ll address:
- What are 3rd party breaches?
- Who are the prime perpetrators of 3rd party breaches? 
- Why does healthcare get more than their fair share of third party breaches?
- What is the nature of B2B relationships involved in supply chain breaches?
- How can the healthcare industry make their supply chains more resilient?

2023 Supply Chain Breach Analysis in Healthcare

現代企業面對來自全球的數位供應商，供應鏈千絲萬縷。
可是未知、不安全、不斷變化的供應鏈攻擊面讓 CISO 夜不能寐。

根據估計，超過 70% 的漏洞都是供應鏈攻擊造成的： MOVEit 和 SolarWinds 就是很好的例子。
有些公司的資安團隊不具備評估和保護供應鏈的工具和專業知識，不足夠應付日新月異的供應鏈
攻擊。又或是 TPRM 團隊使用過時的基於問卷的解決方案，同樣，他們不具備安全專業知識。
現實情況是，大多數公司甚至不知道誰是他們的供應鏈供應商：供應鏈供應商的違規行為總是出
乎意料。我們看到，出現漏洞的公司會向客戶解釋，真正被入侵的其實是供應商。不幸地，他們
的聲譽已經受損了。

供應鏈安全領域需要徹底的模式轉變!

是次線上講座，我們將分享SecurityScorecard MAX解決方案如何:
● 識別並修復可能使您暴露的網路關鍵漏洞
● 解決網路安全人才缺口問題，使您能夠將團隊投入到其他關鍵專案中去
● 做到客戶供應商監控的同時, 讓我們負責供應商管理和溝通，節省時間和金錢
● 利用易於理解的即時報告，讓您的安全領導者能夠交流成功經驗

請立即登記參加

新世代供應鏈網路風險管理

With the average cost of a data breach now at $4.35 million, it’s time for organizations to take proactive measures to protect themselves against cyber threats. By conducting thorough security testing, organizations can gain a deeper understanding of their security posture and make informed decisions about where to allocate their resources to improve their overall cybersecurity readiness.

Join SecurityScorecard's David Mound, Senior Penetration Tester, and Megann Freston, Senior Product Marketing Manager, for a deep dive into security testing. 

In this webinar, you will learn about:
- Different types of security testing (within the testing lifecycle)
- Common methodologies 
- Tools that are used for security testing, and 
- Best practices for a comprehensive security testing program

Being Proactive with Security: Deep Dive into Security Testing

Cyber Security

Security Testing

Vulnerability Scanning

Penetration Testing

Cloud Security

Red Teaming

Physical Red Team

Assumed Breach

Source Code Review

Cyber Resilience

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Being Proactive with Security: Deep Dive into Security Testing

Presented by

About this talk

More from this channel