Name: 암호화 키가 안전하게 저장되어 있나요? PCI DSS 규제 준수를 위한 제안
Start: 2015-12-07T19:50:00Z
End: 2015-12-07T19:50:39.000Z
Location: BrightTALK
Rating: 0

Today’s enterprises depend on the cloud, data and software in order to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created, shared or stored – from the cloud and data centers to devices and across networks. Our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in devices and services used by millions of consumers every day.

We are the worldwide leader in data protection, providing everything an organization needs to protect and manage its data, identities and intellectual property – through encryption, advanced key management, tokenization, and authentication and access management. Whether it’s the securing the cloud, digital payments, blockchain or the Internet of Things, security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales Cloud Protection & Licensing is part of Thales Group.

Join us for an eye-opening webinar as we go behind the scenes with real-life ransomware stories from a ransomware protection Engineer. Gain unique insights from an expert on the front lines of ransomware defense. Discover the challenges faced, strategies employed, and lessons learned from real-world ransomware incidents. 

Whether you're looking to strengthen your organization's defenses or understand the evolving threat landscape, this webinar promises valuable perspectives and practical takeaways for cybersecurity professionals and decision-makers alike.

Behind the Scenes: Ransomware Stories from a Ransomware Protection Engineer

Join us for a thought-provoking fireside chat, "Unlocking Secrets Management: Streamlining DevOps Security". In this webinar, see how Thales and Akeyless are revolutionizing secrets management security practices in DevOps environments.

Discover how to simplify the lives of DevOps professionals by seamlessly integrating security into their workflows. Our experts will explore key topics such as not hardcoding security updates, automated secrets lifecycle management, and the essential role of secrets management in enhancing overall DevOps security posture.

Whether you are new to secrets management or looking to optimize your current practices, this webinar will provide valuable insights and practical strategies. Join us as we discuss real-world applications, industry best practices, and how to securely accelerate their CI/CD pipelines across diverse cloud and on-premises environments.

Don't miss this opportunity to gain expert perspectives and engage in a lively discussion that aims to elevate your understanding of secrets management within DevOps. Register now and be part of the conversation that shapes the future of secure DevOps practices.

Unlocking Secrets Management: Streamlining DevOps Security

PCI DSS 4.0 was introduced in 2022 to address emerging threats and technologies and enable innovative methods to combat new threats. With the timeline to implement future-dated requirements set for March 2025, now is the perfect time to evaluate and address these new technical standards.

In this webinar, Qualified Security Assessor (QSA), along with Data Security and Application Security Experts from Thales, will share practical considerations as well as recommendations to prepare your organization for the future-dated requirements in v4.0 including:

 
• Challenges in Complying with PCI DSS v4.0: Understand the common obstacles faced by organizations
• Top Considerations for Future-Dated Requirements: Key factors to address new compliance standards
• Risk Reduction and Compliance Strategies: Effective recommendations to minimize risks and achieve compliance

Join this webinar and be compliant today!

Simplify Your Pathway to PCI DSS 4.0 Compliance with QSA Recommendations

Join us for an insightful fireside chat exploring the vital role of centralized secrets management in the realms of DevSecOps and IT Security Infrastructure. Gain valuable perspectives from a customer who successfully implemented a centralized secrets management solution. Learn firsthand about the pivotal factors influencing their decision-making process, including key requirements and alternative solutions considered. 

Throughout the session, we'll delve into the critical importance of centralized secrets management for safeguarding sensitive information like passwords, certificates, and API tokens. Discover how secrets management reinforces security measures to thwart unauthorized access and mitigate potential breaches. 

Furthermore, we'll explore how a secrets management solution seamlessly integrate within DevOps workflows, optimizing processes and ensuring secure access to secrets throughout the software development lifecycle. Don't miss this opportunity to glean actionable insights from a customer’s perspective and fortify your secrets management practices.

Unlocking Secrets Management: Customer's Journey from Decision to Implementation

Organizations need to prepare for a quantum-safe strategy to enhance their cyber security posture by understanding the challenges to become cryptographically agile in the quantum era. 
In this webinar, our experts discuss the following about quantum threats to data in motion and how to prepare for them:
• Discover the risks today from quantum computing such as Harvest Now Decrypt Later 
• Understand the upcoming regulations 
• Building a future-proof quantum strategy and what you can do to get started today 
• Share use cases

Join us now to safeguard your organization for the quantum era.

Start preparing your network for Quantum-safe security now

Legacy Customer Identity & Access Management (CIAM) systems contradict insurance companies' digital goals, hindering user experience with slower, less secure methods. 
These old technologies fragment the user journey and impede operational excellence with high costs, limited scalability, and security risks. 
Insurers must embrace modern CIAM to remain competitive.

Watch this on-demand webinar to discover: 
- Why insurance companies need to modernize their identity systems to remain competitive in the digital age
- The benefits of future-proof CIAM technology for insurance, such as improved user experience and operational efficiency
- The challenges insurers may face when implementing modern CIAM and how to overcome them with confidence                                                                                                                   

Save your spot today!

Break Free from Legacy CIAM to Unlock Your Insurance Company's Digital Potential

In today's digital age, Customer Identity and Access Management (CIAM) has become critical for organizations looking to secure and enhance user interactions. As businesses strive to deliver seamless digital experiences while safeguarding sensitive information, the need for robust, future-proof identity management strategies is more pressing than ever. 

Whether you attended or missed Identiverse on May 28-31, 2024 in Vegas, join us for our insightful discussion where industry leaders and experts will delve into the winning strategies and latest advancements for future-proof identity management. 

Our first panel discussion "Delivering Seamless User Experiences with Optimized Security Measures” explores how organizations can strike the right balance between personalization and security to win customer trust and boost conversion.

Whether you're an IT professional, security expert, or business leader, this discussion provides valuable perspectives and real-life use cases to help you stay ahead in the ever-evolving world of identity management. 

Key Discussion Points
• Enhancing Digital User Experiences 
• Strengthening Security Measures

CIAM Strategies 01: Delivering Seamless User Experiences with Optimized Security

The European Union’s Network and Information Security Directive 2 (NIS 2) is arguably the most important cyber resilience regulation in the world. NIS2 requires operators of critical infrastructure in 19 different industries ranging from healthcare and public services to utilities and manufacturing to implement appropriate security measures and report any incident to the relevant authorities. 
The Directive addresses the security of supply chains, streamlines reporting obligations, and introduces more stringent supervisory measures and strict penalties. By October 17, the European Union’s 27 Member States are expected to transpose the NIS2 Directive into applicable, national laws. 
A critical cybersecurity strategy aimed at complying with NIS 2 and increasing cyber resilience must include the protection of sensitive data, as well as identities, access, applications, and systems essential for its operations. In this webinar we will cover:
- How the NIS 2 expands the scope and security requirements for cyber resilience.
- The impact of NIS 2 on cloud services and their customers.
- How application, data and identity security are key to compliance.
- How to organizations can simplify compliance with NIS 2 and other regulations with Thales.

The Challenges of the NIS 2 Directive and How Thales Can Help

You've likely seen the headlines about ransomware attacks and the monumental challenges they pose for organizations. But what should you do when an attack occurs? Join us for a candid conversation on how to handle various types of ransomware attacks. 

In this webinar, we'll explore multiple scenarios and provide actionable strategies to protect and help you recover as quickly as possible. Don't miss this opportunity to learn from experts and arm yourself with the knowledge to bounce back from a ransomware attack.

Bouncing Back: How to Protect and Recover After a Ransomware Attack

Based on the 2024 Thales Cloud Security Study with analysis by S&P Global Market Intelligence, this webinar draws on research from a survey of 3,000 IT professionals from 18 countries across more than 30 industries. Along with its sister report, the Thales Global Data Threat Report, the 2024 Thales Cloud Security Study looks into aspects of cloud security and revisits the impact of a dynamically expanding and complex attack surface.

Key Findings from the 2024 Thales Cloud Security Study

Did you know that 80% of consumers want brands to offer MFA (Multi-Factor Authentication) as a means for them to establish trust in the brand?* 

While this used to add friction in the past, there are new ways to deliver MFA and passwordless authentication experiences through passkeys. 

In this episode, Pedro Martinez from Thales and Megan Shamas from FIDO Alliance will delve into best practices and real-world examples for implementing passkeys and Strong Customer Authentication (SCA). Join us for insights from industry leaders on enhancing security and user experience.

Key takeaways:
- MFA and friction: The end consumer’s perspective and rising expectations around authentication and how to offer a seamless authentication experience
- Passkeys will replace passwords, the shift is inevitable, momentum is strong – are businesses ready?
- How businesses can implement passkeys, including best practices, for strong authentication

Speakers:
- Pedro Martinez, Business Owner for Digital Banking Authentication at Thales
- Megan Shamas, Chief Marketing Officer at FIDO Alliance

Moderator: Ammar Faheem, Product Marketing Manager CIAM at Thales

*Thales Digital Trust Index 2024 Research

Ensure Secure & Frictionless User Experiences with Passkeys

With cybercrime on the rise and new threats constantly emerging, managing cyber risks can seem difficult or even impossible. ISO/IEC 27001 helps organisations become risk-aware and proactively identify and address weaknesses.

ISO/IEC 27001 is a framework that covers all aspects of information security: people, process and technology, providing an information security management system that significantly contributes to risk management, cyber-resilience and operational excellence.

ISO/IEC 27001 version 2022 was released in October 2022, allowing for a 3-year transition from the previous 2013 version.  As of May 2024, certification bodies are no longer able to offer ISO27001:2013 for certification, therefore it is vital that organisations are prepared for the new certification requirements.  Some of the key changes in the new version cover data privacy requirements, evolving cyber risks, as well as structural changes to the overall framework.

Join us on this webinar to discover:  
- a deep insight into the ISO/IEC 27001: 2022 framework and the new requirements 
- Learn how Thales, a trusted leader in cyber security solutions, helps organisations prepare for certification

Keep up with ISO27001:2022 to strengthen your cyber resilience

Advanced cyber threat actors like NOBELIUM and their attack on Microsoft, dubbed "Midnight Blizzard," are increasingly targeting cloud services, putting sensitive data at risk. No cloud provider is 100% safe. Today’s multi-cloud environment expands the attack surface, increasing enterprise vulnerability. The advent of behavioral analytics and new data protection strategies helps you be better prepared for today’s advanced cyber threats. At Thales, we believe cybersecurity starts with data, and we're committed to protecting data and all paths to it, whether on-premises, multi-cloud, or SaaS.
 
This webinar is crucial for companies handling critical data (financial, healthcare, etc.), security teams, IT professionals, cloud architects, and security leaders seeking to strengthen their multi-cloud posture. Join our expert-led webinar to learn how to proactively identify and mitigate these evolving threats, as outlined in the MITRE framework. 

We'll delve into:
 - A deeper understanding of the evolving threat landscape and the tactics used by advanced threat actors
 - Practical guidance on implementing behavioral analytics to detect sophisticated anomalies and reduce false positives
 - Actionable strategies for data protection, including encryption, access controls, and data loss prevention techniques tailored for multi-cloud environments
 
Register now to secure your spot and empower your organization with the knowledge to protect your multi-cloud environment.

Detecting & Protecting Against Cyber Attacks that Beat Perimeter Security

Explore the dynamic shifts in global legislation and compliance standards shaping the roadmap for data security in 2024 and beyond. 

Regulatory and industry association mandates are not new, but worldwide they seem to change daily. For most organizations, the pressure, cost, and effort required to sustain compliance have never been higher. 

Join our experts, who will discuss best practices that organizations are using to ensure essential compensating controls are in place for when the next audit or mandate deadline comes along. Thales and Imperva have come together to provide you with the information and solutions you need to achieve end-to-end data protection, maintain compliance, and reduce risk.  

Join this session to learn how to: 
- Assess your current compliance standings against global regulations, directives, and frameworks such as NIST CSF 2.0, PCI 4.0, NIS 2, DORA, DPDP, POPI, and others 
- Leverage compliance efforts to prevent data breaches, protect sensitive data, and reduce risks 
- Benefit from operational efficiencies and cost-savings from the combined strengths of Thales CipherTrust + Imperva Data Security Fabric data security solutions.

Evolving Legislative and Compliance Landscape: Your Data Security Roadmap

According to our 2024 Digital Trust Index survey, 87% of consumers expect certain levels of privacy rights from the companies they interact with online. The biggest expectation is the right to be informed that their personal data is being collected (55%), closely followed by the right to have their personal data erased (53%). 

Customers only want to provide information when needed. In this episode, we'll examine how consent & preference management, together with progressive profiling, can be used as a tool for customer empowerment, helping you climb the Digital Trust ladder.

Key takeaways:
- Learn how to seamlessly embed customer consent & preference management and progressive profiling into your CIAM strategy
- Effortlessly maintain and store a track record of customer consent 
- Increase customer intimacy and trust by keeping their preferences at the heart of their experience
- Easily integrate the data privacy conversation into the user journey
- Comply with data privacy regulations (GDPR, CCPA, etc.) with continuous adherence to customer consent and preferences

Data Privacy: Build Trust with Consent & Preference Management

Join us as we venture into the labyrinth of Zero Trust – a term that is so ambiguous that it consistently leads to confusion and slow adoption, often by the companies who could benefit from its application the most.
Is Zero Trust a solution? An architectural framework? An approach? Or perhaps a blend of all three? In this comprehensive webinar, Mithun Singh will explore its implications, examine its ROI potential, and propose applications in the IAM space.

What you’ll learn:
- A whole new perspective on Zero Standing Privilege instead of Least Privilege Principle
- How to navigate the acronym jungle – Zero Trust vs ITDR, vs RBA, vs. FGA, ZSP etc.
- Why even our printers undergo daily identity crises, constantly proving they're not undercover agents plotting a paper jam rebellion
- What Zero Trust means to different user group personas in IAM
- Why dynamic, just-in-time access, with continuous authentication and authorization, can lead to a more secure and efficient future.

Navigating the Zero Trust Maze

Ransomware is becoming a sobering word for any organization. In 2023, a significant portion of ransomware attacks prioritized data exposure over encryption, putting pressure on organizations to respond quickly to avoid public leaks. The recent ransomware attacks like LockBit and Rhysida breach corporate and government networks, spreading laterally and exfiltrate critical data before encrypting files. It then threatens to publicly release the stolen data if the ransom is not paid.

So how can you effectively prevent and defend against zero-day ransomware attacks?

Join this webinar to learn more about ransomware attacks, how to use the power of encryption to prevent them, and what you should consider to protect your organization from such attacks.

Fighting Ransomware - Using the Power of Encryption

In today's rapidly evolving digital landscape, the migration to cloud infrastructure has become pivotal for organizations seeking enhanced resilience and security. However, this shift brings forth new challenges, particularly in safeguarding sensitive data amidst ever-evolving threats like ransomware and generative-AI attacks, alongside stringent compliance regulations such as NIS2 and PCI 4.0.

Enter data-centric security, offering CISOs transformative opportunities to fortify data protection, compliance adherence, and operational efficiency, thereby nurturing deeper trust with customers. Yet, ensuring robust defense mechanisms remains imperative, given the diverse pathways to data, each with its own unique security demands and vulnerabilities.

In our upcoming webinar, "Thales + Imperva: Trusted End-to-end Data Security" Todd Moore, VP of Data Protection at Thales, and Terry Ray, SVP of Data Security and Imperva Fellow for Imperva, a Thales company, will delve into the strategies that empower organizations to unlock maximum value from their data assets amid the complexities of multicloud environments.

Join us as we explore:
• Adopting a data-first approach to simplify data protection and compliance
• Leveraging the combined strength of Thales and Imperva's state-of-the-art data security platforms
• Applying data security across clouds: private, AWS, Azure, GCP, and ensure parity with your on-premises policies
• Harnessing the latest data security innovations for managing sensitive data, detecting threats, and mitigating risks

Thales + Imperva: Trusted End-to-end Data Security

암호화 키가 안전하게 저장되어 있나요?
• 암호화 일반 (암호화 관련 용어 정의)
• 암호화 키 관리 방안
• PCI-DSS 및 각종 규제에서의 키관리 요구 사항
• HSM 일반
• HSM 활용 사례

암호화 키가 안전하게 저장되어 있나요? PCI DSS 규제 준수를 위한 제안

PCI DSS

PCI Compliance

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

암호화 키가 안전하게 저장되어 있나요? PCI DSS 규제 준수를 위한 제안

Presented by

About this talk

More from this channel