Name: Fortifying Your Attack Surface: How to Defend Against Third-Party Risks
Start: 2024-04-25T17:00:00Z
End: 2024-04-25T17:01:15.000Z
Location: BrightTALK
Rating: 4.7

The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Earn 1.5 CPE Credits on this webinar.

Most IGA platforms were built for a world that no longer exists — one where access lived inside a single system and compliance meant annual reviews. Today, identity risks span multiple applications, evolve constantly, and require automation at every step.

Modernized IGA delivers what traditional tools can’t: unified visibility, continuous control, and real-time enforcement across SAP, Oracle, Workday, Salesforce, and beyond. This session is designed for two audiences, those already using IGA but struggling with blind spots between systems, and those planning their first deployment who want to start with a modern, automated approach from day one.
 
Here are the five capabilities redefining IGA today:

- Cross-application risk correlation that uncovers hidden SoD conflicts across connected systems
- Continuous, policy-driven access reviews triggered instantly when risk or role changes
- Preventive SoD enforcement built directly into provisioning workflows
- Context-aware access recommendations that accelerate onboarding while reducing over-entitlement
- Unified analytics and audit-ready reporting delivering real-time visibility and compliance assurance

Join this session to discover how modernized IGA replaces manual effort with automation, eliminates governance gaps, and helps organizations stay continuously secure and compliant.

CPE | Modernized IGA: 5 Game-Changing Capabilities You Won’t Find in Legacy Tools

Earn 1.5 CPE Credits on this webinar.

This CPE webinar will explore real-world challenges in implementing the NIST Cybersecurity Framework 2.0 (CSF 2.0), examining their consequences and providing actionable strategies to strengthen cybersecurity resilience. Our panel will unpack the complexities of NIST 2.0, highlighting common pitfalls—from misaligned risk assessments and inadequate governance to weak supply chain risk management and inconsistent framework adoption.

Attendees will gain practical insights to overcome these challenges, enhance their security posture, and align with NIST 2.0’s updated guidance for a more resilient future. Topics include:

- Key updates and enhancements in the NIST Cybersecurity Framework 2.0 and their implications for organizational security.
- Common implementation failures, including gaps in risk management, compliance, and governance.
- The impact of these failures on cybersecurity resilience, illustrated through real-world case studies.
- Actionable strategies to mitigate risks and improve alignment with NIST 2.0 standards

CPE | NIST 2.0: Common Implementation Failures and Their Impact on Cybersecurity Resilience

From malware-laced updates to vulnerable open-source dependencies, attackers are increasingly targeting the vendor software that enterprises rely on to operate their business. According to a recent Gartner survey on Third Party Risk Management, 83% of Cyber risk professionals find risks embedded within vendor applications after deployment. As a result, it is clear that the status quo for defending the enterprise from cyber threats originating in the software supply chain is no longer sufficient. Organizations must adopt new strategies to more effectively manage third party security risk, ensuring vendor software can be safely onboarded, while still maintaining business velocity. 

During this session, our panelists will explore:

- What makes third party software inherently risky
- Actions you can take to identify risks before software is purchased or deployed
- How to work collaboratively with a vendor to address risks
- Protections that can be put in place to mitigate vendor software risks 
- Best practices for continuously monitoring risk throughout the vendor lifecycle

Modern TPRM: Strategies for Securely Onboarding Vendor Software

Despite billions invested, 95% of organizations see limited returns from generative AI. Our new research shows why: without elite risk management, firms cannot deploy this technology confidently or take the strategic risks that unlock true business value.

Join us for the unveiling of the second edition of our flagship report, Generative AI in Risk & Compliance 2025. Drawing on a global survey of senior risk and compliance leaders, analysis of 600+ use cases, and expert contributions from leading RiskTech vendors, this session delivers clarity on how GenAI is reshaping enterprise risk profiles and where it can genuinely deliver value.

Key questions we’ll address include:

- Which GenAI risks are now dominating the enterprise agenda?
- In what ways is GenAI being leveraged to strengthen compliance programs?
- What areas of risk and compliance are most affected by generative AI?
- Which vendors are emerging with differentiated expertise and tools worth watching?

Walk away with a clear view of the ROI paradox, and how risk and compliance leaders, together with the right technology partners, are closing the gap.

Generative AI in Risk and Compliance: Insights from the 2025 Industry Report

Generative AI tools are revolutionizing enterprise productivity, but they also introduce a new set of risks that IT GRC leaders must address head-on. Misclassified data, over-permissioned access, and uncontrolled sharing can cause AI systems to surface sensitive information to the wrong people. Without the right guardrails, the benefits of AI can quickly be overshadowed by data exposure, compliance violations, and governance gaps.

This session will provide IT GRC leaders with a clear blueprint for balancing innovation with security. Attendees will:

• Identify foundational data security risks in generative AI adoption.
• Learn how to discover and classify sensitive data across cloud repositories before it’s exposed to AI.
• Remediate risky permissions to prevent data exposure in M365 and beyond.
• Establish continuous monitoring, anomaly detection, and safe deployment practices.

Attendees will leave not only with clarity on where generative AI introduces risk, but also with the practical know-how to ensure their organizations can confidently embrace AI while protecting sensitive data, maintaining compliance, and maximizing secure business value.

Generative AI Security & 365 Copilot: Preventing AI from Becoming a Data Breach Multiplier

As third-party risk management (TPRM) becomes more complex, AgenticAI is emerging as a powerful force reshaping how organizations identify, assess, and manage vendor risks. This session will examine the innovations AgenticAI brings to TPRM, the risks and challenges it introduces, and the opportunities it creates for building stronger, more resilient programs.

Our expert panel will share real-world perspectives on adoption strategies, governance considerations, and lessons learned from early implementations. Attendees will walk away with practical guidance on:

- Understanding the role of AgenticAI in modern TPRM
- Leveraging AI-driven insights for risk identification and decision-making
- Mitigating the risks and limitations of AgenticAI adoption
- Strengthening resilience through proactive, AI-enhanced risk management

AgenticAI-Driven TPRM: Innovation, Risks, and Opportunities

Active Directory (AD), Windows Server, and the threat landscape have all evolved. Has your approach kept pace?

Since Microsoft updated replication in Windows Server 2003, AD has gained powerful security and management enhancements. Yet many organizations still manage it as if little has changed.

In 2025, as Windows Server 2025 rolls out, relying on outdated AD practices puts your organization at risk. Microsoft is steadily enforcing stricter security defaults, while modern ransomware campaigns continue to target AD as a prime entry point. Falling behind means disruption and exposure.

This webinar will share practical steps you can take immediately to modernize AD management and strengthen your security posture, including:

- Proven approaches for streamlining directory management and reducing complexity
- How to detect and remediate common AD misconfigurations before attackers exploit them
- Practical strategies to harden AD security and monitor for suspicious activity
- Steps to align directory management with compliance and governance requirements

 If you work with AD, this is one session you cannot afford to miss.

Managing Active Directory Like It’s 2003 Leaves You Exposed in 2025

The Business Agility Paradox 
In today's volatile business environment, organizations face an inherent tension between operational agility and regulatory compliance. Standard business processes are governed by established controls, approval workflows, and business policies.  Exceptional circumstances—such as an urgent HR event, supply chain disruption, troubleshooting a system issue, or a procurement crisis  — often require immediate action that need to circumvent traditional safeguards. These transactions, though critical for business continuity, can create significant risks. And if these risks are not managed properly, you can be subjected costly remediation efforts, regulatory penalties, and stakeholder confidence issues.

Join This Strategic Session to Discover: 
How leading organizations are implementing business privileged access management (PAM) solutions that provides guard rails for emergency activities and an immutable audit record of the events that occurred.   

Key Takeaways Include: 
- Understand processes for fire fighting that enables structured exception handling, monitoring and review as part of an existing governance paradigm 
- Business PAM implementation strategies that enable rapid response without compromising audit integrity 
- Technology solutions for maintaining complete visibility and control during urgent business scenarios 

Who Should Attend: 
CFOs, Controllers, Compliance Officers, Internal Auditors, IT Security Leaders, and Risk Management professionals responsible for balancing business agility with regulatory compliance requirements.

The Million Dollar Blindspot - Business Privileged Access Management for Non-Routine Transactions

In today’s increasingly decentralized IT environments, organizations are facing a modern identity crisis—one where traditional perimeter-based security is no longer effective, and identity has become the new attack surface. As cloud adoption, remote work, and third-party access proliferate, the risk of overprivileged users, identity sprawl, and unauthorized access to sensitive data continues to grow.

This webinar explores how Zero Trust principles—rooted in continuous verification and least privilege access—can help organizations regain control. By implementing fine-grained Identity and Access Management (IAM) strategies, security teams can reduce risk, enforce policy consistently across hybrid environments, and protect critical assets from identity-based threats.

In this CPE accredited session, attendees will learn:

- How identity has become the new perimeter—and why that changes everything about data protection
- What defines fine-grained access control and how it supports a Zero Trust architecture
- Strategies for reducing the attack surface by addressing identity sprawl and privilege creep
- How to implement a Zero Trust model that scales across users, devices, and sensitive data environments

Zero Trust, Full Control: Tackling the Modern Identity Crisis in Data Security

As third-party risk management (TPRM) programs mature, successful organizations are increasingly taking a cross-functional approach—aligning stakeholders from procurement, IT, legal, compliance, and risk to build a unified strategy. This CPE-accredited webinar brings together subject matter experts from ProcessUnity and OneTrust to explore best practices for breaking down departmental silos and fostering collaborative governance. 

Attendees will gain insights into creating a streamlined TPRM framework that supports enterprise-wide visibility, accountability, and efficiency.

Learning Objectives:

- Understand the roles and responsibilities of key departments involved in third-party risk management.
- Explore strategies for aligning workflows and centralizing risk data across teams.
- Identify common coordination challenges and how to overcome them.
- Learn how technology and automation can support a unified TPRM program.

Coordinating TPRM Efforts: A Multi-Departmental Approach

This is a pre-recorded session intended for CPE learning. To earn CPE credit, you may complete the associated self-study course. Here is the free access link to the course: https://www.itcpeacademy.org/course/harmonizing-risk-compliance-unifying-infosec-programs-through-automation-1

On this program we will:

• Identify challenges in risk and compliance programs due to innovation and burdens.
• Learn how automation streamlines risk decisions and optimizes high-value resources.
• Understand consolidated risk and compliance workflows for enhanced efficiency.
• Explore OneTrust’s tools for simplified third-party risk management.

Harmonizing risk and compliance:  Unifying InfoSec programs through automation

Most User Access Reviews (UARs), especially in SOX-scope applications and other regulated environments like SAP, Oracle, and Workday, are performed to meet compliance requirements — not because they drive meaningful security outcomes. They’re repetitive, rubber-stamped, and void of risk context.

This session will explore how to bring real value into the UAR process. Instead of treating it like a checkbox exercise, we’ll show how to align reviews with business risk, improve review accuracy, and give reviewers the context they need to make better decisions — all without overloading them.

You’ll learn how to:
- Improve the efficiency of UARs by focusing reviews on high-risk access
- Close the gap between compliance and security with smarter, risk-informed decisions
- Simplify the reviewer experience to reduce friction and avoid rubber-stamping
 
If you’ve ever felt like your user access review process didn't lead to an improved security posture, this session will provide key lessons on meeting that objective.

How to Stop Rubber-Stamping User Access Reviews within Regulated Applications

Managing governance, risk, and compliance (GRC) in a fast-paced world can feel like chasing a moving target, and AI might just be the edge you need to keep up. On this CPE accredited webinar we'll explore how artificial intelligence can streamline processes, sharpen risk insights, and boost adaptability, turning your GRC framework into a dynamic driver of business success. Perfect for GRC professionals, tech innovators, and leaders seeking agility, this webinar will deliver actionable strategies and real-world applications to harness AI for smarter, more responsive operations. Attendees will gain insights on:

- Build a strong culture to enable AI success in GRC
- Start small and automate low-risk, high-impact tasks
- Use AI to make compliance a strategic advantage
- Address AI risks, oversight, and transparency in GRC

Incorporating Al into Your GRC Program for Business Agility

Cybersecurity compliance often feels like an expensive obligation, draining time, budgets, and resources - but what if it could be a catalyst for value instead? On this CPE accredited webinar, our panel of experts will redefine compliance as a strategic asset that bolsters resilience, reputation, and profitability. Tailored for business leaders, IT professionals, and security enthusiasts, this webinar offers practical insights and real-world examples to transform compliance from a burden into a competitive edge. Attendees who meet the CPE requirments will:

- Understand how GRC platforms can reduce compliance burdens and unify risk visibility.
- Identify hidden compliance costs and their impact on innovation and business agility.
- Explore how compliance can drive cybersecurity funding and long-term risk strategy.
- Learn to quantify and communicate the ROI of cybersecurity initiatives to leadership.

The True Cost of Compliance: Demonstrating the Value of Cybersecurity

As cloud adoption accelerates, managing vendor risks is more crucial than ever. Join our panel discussion webinar with Paul McKay, Principal Analyst at Forrester, and subject matter experts as we explore strategies for overseeing vendor relationships in the cloud. This session will provide practical guidance and exclusive research to strengthen your approach.

Attendees will earn CPE credit and can engage directly with the panel by submitting questions, participating in interactive polls, and accessing cutting-edge insights.

Learning Objectives:
1. Understand Key TPRM Process Areas: Identify the critical areas of Third-Party Risk Management (TPRM) needing improvement, such as vendor onboarding, continuous monitoring, risk mitigation, and offboarding, to enhance organizational processes.
2. Evaluate Vendor Risk Indicators: Assess the significance of vendor certifications, transparency in sharing artifacts, and undisclosed integrations (e.g., LLMs) to determine their impact on effective vendor risk assessments.
3. Adopt Continuous Monitoring Practices: Explore the role of continuous monitoring and controls in TPRM to move beyond periodic questionnaires, enabling consistent visibility and risk management across third- and nth-party supply chains.
4. Leverage AI and Automation in TPRM: Examine how AI and automation can reshape TPRM processes, and identify key considerations for integrating these technologies to build adaptive, future-proof programs while avoiding new risks.

Managing Vendor Risks in the Cloud: Insights for Internal Oversight

Managing identity governance effectively is a critical challenge for organizations balancing cybersecurity, regulatory, and operational needs with budget constraints. Traditional identity governance and administration (IGA) projects often face high costs, lengthy deployment timelines, and complex integrations, making it difficult to achieve security and compliance objectives efficiently.

This CPE accredited webinar will explore practical strategies for modernizing identity governance to reduce total cost of ownership (TCO) while improving security and operational efficiency. Our subject matter experts will discuss and demonstrate how organizations can:

- Streamline identity governance processes to accelerate implementation and optimize access controls.
- Reduce business disruptions with adaptable workflows that seamlessly integrate into existing environments.
- Improve security by minimizing excessive permissions and enforcing robust separation of duties (SoD).
- Adopt low-code/no-code solutions to simplify integrations and eliminate costly vendor dependencies.

Join us to gain actionable insights on enhancing identity governance while keeping costs in check, ensuring a more secure and efficient approach to access management.

Identity Governance 101: Reduce Costs & Strengthen Security

Securing the software supply chain has become a mission-critical priority for organizations across industries. With increasing cyber threats targeting risks and threats in software development and delivery, businesses must adopt proactive strategies to safeguard their operations, ensure compliance, and maintain customer trust. Join us for an insightful webinar featuring  Janet Worthington, a renowned Forrester analyst with extensive expertise in cybersecurity and software supply chain resilience.

This CPE accredited session will provide actionable insights and best practices to help you build a secure, resilient, and future-proof software supply chain. Attendees will gain insights on:

- Proactive Risk Mitigation: Learn how to identify and assess malware and vulnerabilities across your software supply chain, from third-party components to internal development processes, and implement strategies to mitigate risks before they escalate.

- Secure Development Practices: Discover the principles of secure coding, code review tools, and DevSecOps integration to ensure security is embedded throughout the software development lifecycle.

- Incident Response and Recovery: Gain insights into developing robust incident response plans to detect, respond to, and recover from supply chain disruptions effectively.

- Automation and Compliance: Explore how automation can enhance supply chain security by enabling continuous monitoring, vulnerability patching, and alignment with industry standards like NIST and FedRAMP.

- Securing Third-Party Commercial Software - Discover how cybersecurity and TPCRM teams can identify risks in the commercial software they use before they purchase or deploy.

Critical Steps for a Secure and Resilient Software Supply Chain

Today’s interconnected organizations face a rapidly evolving risk landscape where enterprise, cyber, operational, and third-party risks are increasingly intertwined. The growing reliance on critical IT systems, both internally managed and outsourced to third and fourth parties, has expanded the attack surface, leaving firms vulnerable to cyber incidents, downtime, and operational disruptions. Studies reveal that 87% of Fortune 1000 companies experienced a significant cyber incident involving a third party in the past year, highlighting the urgent need for a more robust and unified approach to risk management.  
 
This webinar will explore how you can consolidate your view of risk to enhance business resilience, mitigate vulnerabilities, and align with emerging regulatory requirements. You will gain up-to-date insights on: 

- Integrating risk management for better resilience: Learn how consolidating enterprise IT, cyber, operational, and third-party risks into a unified framework enhances risk identification, prioritization, and mitigation. 
- Enhancing threat detection with real-time insights: Discover how real-time monitoring, data analytics, and cross-functional collaboration can improve incident response and reduce vulnerabilities. 
- Aligning with regulatory requirements: Gain insights into key regulations like DORA, NIS2, and CPS 230, and understand how a consolidated risk approach ensures compliance. 
- Strengthening proactive risk management: Explore how leveraging NIST frameworks can help you anticipate, protect against, and respond to risks in a structured, resilient manner.

Consolidating Risk Visibility to Build Business Efficiency & Resilience

Today, most security and IT teams are dealing with an attack surface that is exponentially larger than it used to be, and many organizations lack full visibility into their entire asset landscape. Networks often include hundreds or thousands of networking devices, security products, IoT devices, and connected OT systems; and businesses are relying more and more on third-party code and apps to get their work done.

On this webinar we will explore actionable strategies for reducing your attack surface and defending against third-party risks, and attendees will gain insights on:

- The different types of attack surfaces, including digital, social engineering, and physical. 
- Common attack vectors utilized by threat actors, such as vulnerable web components, phishing emails, weak credentials, malware, and misconfiguration exploits. 
- Innovative approaches to attack surface reduction, including meticulous inventory management, access restriction, network segmentation, and comprehensive employee cybersecurity training.
- Effective strategies to combat threats and mitigate third-party risks.

Fortifying Your Attack Surface: How to Defend Against Third-Party Risks

Attack Surface Management

Attack Vectors

TPRM

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Fortifying Your Attack Surface: How to Defend Against Third-Party Risks

Presented by

About this talk

Executive IT Forums