Name: Resolve Post-Covid Network Security Issues With NIST CSF v2.0 and the CIS Critical Security Controls v8 Frameworks
Start: 2025-02-25T22:00:00Z
End: 2025-02-25T22:01:00.000Z
Location: BrightTALK
Rating: 0

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

In the ever-evolving landscape of DevOps, the paradigm is now shifting - where security is taking the central stage. With vast surface areas including containers, cloud, repositories and third-party components, cyber threats became more prominent than ever before in DevOps.

This presentation will delve into the evolution from traditional DevOps to the advanced usage of artificial intelligence (AI) technologies to automate and optimize the software development and delivery processes. This includes automating code scanning, testing and deployment processes while eliminating the threats in each possible way in the cycle. 

In this session, join Jyotirmayee Pradeep Kumar (Vice President - Cloud DevOps at a well-known global bank) as she unravels the stages of integration of AI at each phase of DevOps. Topics for discussion include:
- Types of AI used in DevOps. 
- Benefits of using AI in DevOps.
- Implementation of AI in DevOps.
- Best practices for using AI in DevOps.
- Eliminating security threats using AI in DevOps.

Security Risks to Consider with AI Integration: AI in DevOps

Two key factors will increase IT spending in 2025: AI and cybersecurity. This coincides with operational resilience legislation being implemented in the EU in January 2025 and the UK in March 2025, when financial services organizations and third parties, such as cloud providers, outsourcers and contractors.

All of these factors follow a reduction to IT spending in 2024, when resources and capacity were cut by most cloud providers, whilst 80% of customers overshot their budgets, with others reducing their operational spending on cloud services. 

This webinar will explore the changing environment between 2024 and 2025, taking into account C-Suite strategic priorities and focusing on securing the cloud ecosystem, by covering:

1) What is keeping C-Suite up at night, and should they be concerned?
2) What should organizations consider when securing the cloud ecosystem?
3) Why operational resilience may be a real answer for securing the cloud ecosystem?

Tune into this session presented by operational resilience expert Steve Yates, as he shares advice for securing the cloud ecosystem. Yates will explore the “nightmares” currently experienced by C-Suite and take attendees on a journey into a world where they should consider embracing the compliance processes being put in place to manage third parties. 

By the end of the session, viewers will be able to:
- Form an understanding of the challenges facing the C-Suite, and budgetary pressures.
- Consider options for protecting and securing the cloud ecosystem.  
- Be aware of the requirements needed to establish a joint working relationship between your organization and cloud services third providers.

Securing the Cloud Ecosystem: What is Keeping the C-Suite Up At Night?

Search for patterns within images and videos allows identification of many threats including corporate data leaks, ransomware attacks, fake news, and disclosures. Companies are re-envisioning new ways to derive cyber threat signals from effective image and video processing with a focus to detect and stop threats hidden in largely disregarded as sources of threat intelligence.

Key Takeaways
1) Learn how to device threat intelligence from images and videos.
2) Learn about use of AI to find hidden threats in images and videos.
3) Learn how to prevent data leaks within your organization in visual media.

Exploring Visual Threat Intelligence

AI systems are exposed to many new forms of cyberattack, in addition to all the legacy forms of cyberattack.

An understanding of these new forms of cyberattack is essential to being able to protect your AI systems and to identify if an attack has occurred.
A key understanding is that conventional IT security methods are relevant, but insufficient to secure an AI system or to determine if a cyberattack has occurred.
- They may be lacking in both scale and scope, and fail to address unique AI attacks

It is important to understand that a cyberattack may leave the AI system functioning “normally” and be difficult to detect.
- A cyberattack might be engineered by means of the successful planned use of the AI system.
- A cyberattack might alter the scope of “successful” outcomes in such a way to overcome the design goals of the system.

Additionally, a cyberattack might be implemented via an attack on sensors or environmental systems (e.g.: power) used by an AI system.
This presentation from industry thought leader Allan Cytryn reviews the similarities and differences between on attacks on conventional IT systems and those on AI systems and will provide a framework for beginning to understand, dimension and prepare for cyberattacks on AI systems.

Attack on AI Systems: Understanding the Vulnerabilities and Risks

To strengthen our identity and access protection, it’s crucial to understand the current threat landscape and how sophisticated attackers exploit stolen data or intelligence signals. Tune into this session presented by CISO Alex Holden to explore what’s circulating on the dark web and how malicious actors are using this information to target our systems -- and what we can do to defend against them.

Key Takeaways
1) Learn about latest threat actor techniques targeting your personal and corporate identities.
2) Learn more about corporate data on the dark web.
3) Learn how to protect exploited identities.

Price of Our Stolen Identities on the Dark Web

In a world where the vast majority of cyber attacks leverage access-based methods to gain entry to an organization's resources, how can you be sure your organization remains secure?

This session explores best practices for ensuring all employees have the access they need, while ensuring that access is revoked promptly when they no longer need it. It starts with the reality that most enterprises have grown to large to rely on manual efforts, needing a combination of identity access management tools, implemented appropriately, and includes:

- The importance of creating a role-based access provisioning program that follows employees through their entire organizational lifecycle, from onboarding, through job changes, transfers and eventually, separation from the organization
- Automating and integrating the need for privileged access with the organization's change management process 

Be prepared for a primer in how to get started on this journey and make it successful over the long term.

Stay Safe: Managing Employee Access from Cradle to Grave

Privileged access management is a cornerstone of security. Permissive access is just what the cyber criminals are looking to gain and exploit, or what can accidentally be misused and cause significant damage. 

In this session, Peter Crumpton (Information Security Manager at NFU Mutual) shares a case study of an organisation's journey from recognising the exposure and risk associated, to defining a target operating model‘, gaining funding and implementing improvements to move closer to the goal of least privilege and zero trust. As with most companies, there is a mix of on-premise and cloud SAAS, PAAS, IAAS, with new and legacy technology, so the answers are not uniform.

Join the session to discover:
- The journey from recognising a gap in control and understanding the risk it presents to designing the programmes of work to address it.
- Key lessons learned from implementing planning and improvements.
- How to deal with the mixture of technology and legacy products to optimize privileged access security.
- And more...

About the Speaker
Peter is a passionate and dedicated security manager, he strongly believes in the sharing of information and approaches to help each other and the industry progress, to protect ourselves against the common threats we face. He started by implementing an ISMS to comply with ISO27001, and grew into all aspects of information security management over more than 15 years working in various industries such as government, telecoms and finance sectors, implementing risk management and control effective across the organisations. He holds CISSP, CISM and CRISC certifications.

Privileged Access: A Journey From Little to Least

Privileged access management (PAM) is evolving to meet the challenges of modern centralized, decentralized, distributed networks, and endpoints. Cutting-edge solutions now incorporate AI-driven anomaly detection to monitor and flag unusual privileged account behavior, coupled with just-in-time (JIT) privilege escalation for temporary, task-specific access. Unified dashboards enhance visibility and streamline management across hybrid IT environments.

In decentralized networks, blockchain technology ensures tamper-proof identity management, while decentralized authentication leverages cryptographic keys to reduce reliance on central directories. Federated access models facilitate secure privilege sharing across domains without exposing sensitive credentials.

For distributed networks, Zero Trust Architecture (ZTA) enforces continuous verification of users and devices, while edge computing integration secures privileged access directly at network endpoints. Dynamic policy enforcement adapts in real time, responding to contextual factors like user location or device status.

On endpoints, Endpoint Privilege Management (EPM) minimizes attack surfaces by granting least-privilege access. Device-centric identity management ties privileges to specific devices, and behavioral analytics monitor endpoint activities for unauthorized privilege use. These advancements collectively enable robust, scalable, and context-aware PAM strategies across diverse network architectures.
Discover how rigorous inspection, computing science, algebra, and technology combine to combat unauthorized access, protect company assets, and build user trust.

Developments in Privileged Access Management

As organizations grow and evolve, the proliferation of disparate identity and access management (IAM) systems can create significant security vulnerabilities. Centralizing IAM is essential to mitigate these risks, but it presents challenges such as designing seamless interfaces and accommodating the dynamic needs of the business.

In this session, Vincent Amanyi (Founder, Boleam Inc) shares strategies to reduce fragmentation and centralize IAM systems using single sign-on (SSO) and role-based access control (RBAC). He will explore key internal and external considerations for developing comprehensive IAM policies that align with business evolution and industry changes.

Key Takeaways
- Optimize IAM Policies: Gain insights into the dynamic components of your organization's information access and learn how to support robust IAM policies.
- Foundation for Growth: Learn how to establish a strong foundation for managing identity risks in a rapidly evolving business landscape, especially during mergers and acquisitions.
- Risk Management: Understand how to identify gaps and effectively manage IAM sprawl risks to ensure a secure and compliant environment.

Mastering Identity Sprawl: Centralizing IAM for Enhanced Security

The relentless expansion of artificial intelligence is fundamentally transforming how organizations approach identity security. What was once a straightforward infrastructure challenge has become a complex, strategic imperative that touches every aspect of technological risk management.

The escalating complexity of cybersecurity threats demands a sophisticated, proactive approach to identity management. Organizations face unprecedented challenges in protecting digital identities while simultaneously enabling technological agility and business growth.

Join Soumya Banerjee - Associate Partner at McKinsey to explore the evolving identity security ecosystem and discover technological trends, risk mitigation strategies, and innovative approaches to building robust, adaptive security infrastructure.

Key takeaways from the session will include:
- The evolving landscape of identity security threats and controls over the next 3-5 years.
- Strategic roadmap for enhancing identity security programs.
- Practical communication techniques for articulating identity security's value to organizational leadership.
- Innovative approaches to balancing security rigor with technological innovation and operational flexibility.
- And more..

Meet the Speaker
Soumya is a Cybersecurity Expert Associate Partner in McKinsey New York office with nearly 20 years of cybersecurity consulting experience. His core focus serving cybersecurity providers and investors on strategic cyber market areas and helping cybersecurity buyers develop strategy and execution program on technology cyber risk and regulatory implications, and exploring emerging risks and opportunities in cyber.

Navigating Identity Security in the Era of AI

In an era of tightening regulations and increasing AI-driven fraud, securing systems without traditional photo IDs is increasingly difficult. Over a billion people globally lack conventional identification, and many more face barriers in proving their identity. How can organizations ensure robust security without excluding these users?

In this session, Jaye Hackett (CTO, Vouchsafe, they/them) explores how businesses can leverage alternative signals such as social proof, online activity, and trust networks to verify identities effectively. Join them to discover how inclusive identity verification methods can expand user reach, meet compliance requirements, and protect against emerging threats.

Key Takeaways:
- Practical Methods for Identity Verification Without Photo ID: Learn actionable strategies to authenticate users using non-traditional signals.
- Leveraging Trust Networks to Mitigate Fraud: Understand how networks of trust can enhance security and reduce fraudulent activities.
- Designing Scalable, Inclusive Identity Processes: Gain insights into creating identity verification processes that are both accessible and scalable.

About the Speaker
Jaye is a co-founder of Vouchsafe, a tech-for-good company building inclusive identity verification.

As a designer and technologist, they have built large-scale digital trust systems, including key work on the NHS coronavirus contact tracing app, and led transformative public service projects.

Identity Verification in the Age of AI Fraud

Remote and hybrid work remains a mainstay of most work environments post COVID-19 pandemic. Contrary to initial worries, the much-hyped IT security issues that most people dreaded from a remote and hybrid work setting did not adversely impact their organizations. This is due to the robust application of relevant IT governance, risk and compliance or IT GRC frameworks. 

In this presentation, Ralph Villanueva will speak about some of these frameworks, and why weaving them together can act like a protective web around the remote and hybrid IT ecosystem of the organization.

Applying IT GRC Solutions to Remote and Hybrid Work Security Issues

AI tools have been changing the landscape in many fields. The ability to impersonate someone using AI is of concern. Social engineering is a successful method for attackers to gain access to a network, and AI-enhanced social engineering will change the way these types of attacks will be perpetrated and how companies need to defend themselves. 

The presentation from industry thought leader Charles Kolodgy will provide useful insight and information designed to allow you to understand the increasing threat from AI enhanced social engineering and how best to defend against these types of attacks.

Join this discussion to learn:
- A quick understanding of social engineering and why it succeeds.
- Examples of how AI has been used to enhance social engineering attacks.
- What tools and options are available to defense against social engineering, including the use of defensive AI.
- How to evaluate various cybersecurity solutions that can aid in combating AI enhances social engineering.
- The importance of building a strong culture of security to combat social engineering.

Does AI Make Social Engineering Too Easy?

Senior management often has a fundamental question regarding cyberattacks: How would cyberattacks affect our organization?  Business impact analyses (BIA), as they have been performed for decades, are inadequate.  The determination of desired recovery times and recovery points may be meaningless in the face of stolen information and ransomware attacks that reflect what business leaders would like to be done rather than what IT can do.  Moreover, new government rules require analysis and disclosure that necessitate an understanding by executive management of what the impact of a cyberattack would be if an attack were to occur.  This session provides an approach to determining what the impact of a cyberattack would be.

Tune in to this webinar to learn:
- How cyberattacks change the context of BIA.
- What are the potential financial, operational, reputational, regulatory and societal impacts of cyberattacks.
- How to conduct a cyber impact analysis.
- How a cyber impact analysis can drive cyber resilience strategy.

Determining the Impact of Cyberattacks

Ransomware risks has the potency to affect the critical assets of organizations and wreak devastating consequences if left un-checked. This session from consultant and industry thought leader Vincent Amanyi will provide a clear strategy for managing the Ransomware-as-a-Service (RaaS) model effectively to stem better control and establish high entry barrier for cybercriminal.

Key Takeaways
- Understand when to plan and implement ransomware control strategies.
- Definition of process map to incident response plan.
- How to map gap to internal research.

Roadmap to an Iron-Clad Ransomware Defense System

Ransomware continues to be a major source of risk for virtually every industry and vertical in every country. From education, government, and healthcare, to finance, consulting, and manufacturing. For-profit companies are as much a target as not-for-profit. 

The question most CIOs and CISOs are asked by the Board and the Executive Team is, “Are we protected from a ransomware attack?” 

As a security leader, the answer you want to give to that question is, “Yes we are!”

But how do you protect yourself from a ransomware attack? You know you want to do more than have a great 3-2-1 backup strategy. Great backups are table stakes in the ransomware defense playbook. With great backups you can recover quickly from an attack. 

What you really want is to have a way to prevent or at least limit the blast radius if an attack happens. 

A good strategy to reduce the risk of a successful ransomware attack is to implement the family of principals and controls outlined in the NIST Zero Trust Architecture (SP 800-207). 

Remember, the goal of the criminals in a ransomware attack is to steal and encrypt your data. They want to attack the availability leg of our CIA triad, namely the availability of your data. 

In this presentation, industry thought leader John Bruggeman will review the general components of zero trust, review how you can do a readiness assessment that will let you know where you are in your ZT journey, and how a ZT framework reduces your risk of a ransomware attack.

Reinforce Your Data Fortress: How Zero Trust Can Help Reduce Your Risk of a Ransomware Attack

Ransomware attacks are one of the most terrible outcomes of cyber breach. Whether you believe in paying ransom demands or not, you must understand the need for a negotiator in such difficult situation. We will discuss challenges, pitfalls, and factors of success that a ransomware negotiator can bring to crisis.

Key Takeaways:
- Understand components of a ransomware attack.
- Recognize intricacies of ransomware negotiations.
- Avoid mistakes frequently made during ransomware attacks.
- Recognize red flags common during ransomware attacks.

Ransomware Negotiations: Everything You Need to Know

Innovations in Network Security

The switch to remote work during the COVID 19 pandemic caught a lot of companies off guard. Suddenly their security perimeter has vastly expanded, yet they don’t have the right tools, teams and tactics to keep cyber attackers out of their network perimeter. 

In this presentation, Hilton Grand Vacation's Ralph Villanueva will show how the lingering network security issues in the aftermath of COVID-19 can be addressed by applying these two very important yet free cyber security frameworks. Moreover, all network security issues have both a technical and non-technical component, and those frameworks address those. He will also share lessons learned from more than 15 years’ experience in using IT security frameworks such as those in protecting his employers from financial, operational and reputational risk in general, and network security in particular.

Resolve Post-Covid Network Security Issues With NIST CSF v2.0 and the CIS Critical Security Controls v8 Frameworks

Network Security

Cyber Security

Network Performance

Network Infrastructure

COVID-19

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Resolve Post-Covid Network Security Issues With NIST CSF v2.0 and the CIS Critical Security Controls v8 Frameworks

Presented by

About this talk

More from this channel