Name: Manage Risk the ISF Way
Start: 2023-10-06T10:00:00Z
End: 2023-10-06T10:00:50.000Z
Location: BrightTALK
Rating: 4.8

A thought-provoking webinar programme developed from over three decades of collaborating with our Members across global business, government bodies, legislators and cyber security experts.

Feeling the squeeze on security resources? Be the first to confirm your place with ISF's Robert Mills and Tyler Murphy at our next webinar dedicated to our North American ISF audience.

As security teams face ever-increasing resource pressures, they will delve into practical tactics for implementing and maintaining a robust security program; even in challenging circumstances. Reserve your spot now!

Protecting My Business on a Limited Budget - Early Registration

As recent studies have confirmed, adversaries are using artificial intelligence (AI) to improve their tactics to launch targeted cyber attacks on organisations. 

The first half of this session will analyse how adversaries are using AI in their attack methods and what has changed from before, in their operations. The second segment of the session will delve into how security teams can leverage AI to counterattack threat actors and use AI to build and improve their defences.

During this session you will:

- Gain insights into how threat actors use AI to launch cyber attacks
- Determine what needs to be changed and laying the foundation for AI use within organisations to defend themselves
- Demystifying the "How to use AI “ for Security Teams so that they can derive better outcomes


Mani Keerthi Nagothu is a cybersecurity professional with global work experience. Her focus areas include Cybersecurity Strategy, Incident response, and Risk management. She is a Public Speaker at various Cybersecurity Conferences, Webinars, and Podcasts. She is passionate about teaching Cybersecurity; two of her courses, Insider Threat Risk Management and Designing Cybersecurity Controls, are published on LinkedIn Learning.

AI vs AI - How Adversaries and Security Teams use AI

Building on the ISF’s previous research, Lee will assess how artificial intelligence has evolved in recent years and discuss his upcoming AI Insights series of papers. With offensive and defensive AI already on the agenda, he will outline other areas of potential research for Members to consider, including governance, data privacy, ethics, and the need for transparency.


Meet the Speaker:

Lee Munson is a Principal Research Analyst at the Information Security Forum (ISF). Lee has over fifteen years’ experience in and around the information security industry. Since joining the ISF in August 2022, Lee has co-authored Threat Horizon 2025 and authored the Vulnerability Management: Beyond patching and Demystifying Encryption Key Management briefing papers. He is currently working on a new Insights series of papers focusing on AI. Prior to joining the ISF, he set up and ran a security awareness program for one of the world’s largest media groups before moving into threat intelligence, focusing on crimeware and nation state threat actors.

Disclaimer: This is a pre-recorded webinar

AI Insights: Opportunities and Challenges

In an era where cyber threats are rapidly evolving and becoming more sophisticated, building a comprehensive security strategy is more critical than ever.

Join us for an engaging webinar featuring industry leader Steve Durbin, Chief Executive of ISF. In this Studio session, Steve is joined Eran Ashkenazi, Chief Customer Officer, and Jane Wong, SVP of Product Management at SentinelOne who will share their expertise on navigating the ever-changing threat landscape and overcoming the challenges faced by security teams today.

Key Topics:
● Legacy vs. Modern Security Technology: Understanding how to bridge the gap between legacy SOC tools and modern threats
● The Role of AI in Security: Harnessing artificial intelligence to stay ahead of cyber threats.
● Effective Crisis Management: Strategies for responding swiftly and effectively to security incidents.
● Building and Growing Security Teams: Best practices for recruiting, training, and retaining top talent.

What You'll Gain:
● Strategic Insights: Learn how to develop a flexible and effective security strategy that adapts to the constantly shifting threat landscape.
● Maximized ROI: Discover how to optimize your security investments and stay ahead of emerging threats.
● Technological Advancements: Explore the latest innovations in security technology for comprehensive protection across all attack surfaces.

Building an Effective Security Strategy for the Threats of Today and Tomorrow

Security leaders worldwide are grappling with the complexities surrounding the SEC’s recent implementation of the Cybersecurity Disclosure.

Not only do the rules bring critical attention to their own organization’s processes for managing material risks and reporting material breaches, but also create a shared responsibility between an organization and its suppliers in ensuring that strong security measures are in place across their supply chain.

Join us as Nabeel Cheema, Special Counsel at the U.S. Securities and Exchange Commission (SEC), sits down with ISF experts to give practical advice around the concerns keeping security leaders up at night and empower organizations to turn compliance into a strategic advantage.

An essential webinar for security leaders looking to:
- Demystify the SEC Cybersecurity Disclosure by exploring the rationale behind the mandate, what the rules require, and what they don’t.
- Learn what the regulation means for your organization as experts from the ISF and SEC dispel common misconceptions and answer your questions in real-time.
- Ensure compliance by developing strategies to implement and maintain resilient cyber security practices that fit within increasing budget and resource limitations.

Decoding the SEC Cybersecurity Disclosure

Artificial Intelligence (AI) has come roaring to the forefront of today’s technology landscape. It has revolutionised industries and will modernise careers, bringing numerous benefits and advancements to our daily lives. However, it is crucial to recognise that AI also introduces unseen impacts that must be understood and addressed for your employees and your organisation as a whole. Join James McQuiggan, Security Awareness Advocate at KnowBe4, in this thought-provoking presentation where he’ll discuss the unforeseen threats of AI and how to protect your network.

During this presentation, you will:

•        Gain insights into the risks associated with AI and their implications for critical domains
•        Understand the dangers of prompt injection attacks and their impact on data integrity
•        Discover ways to combat the spread of conspiracy theories and misinformation generated by AI
•        Learn how training your users to recognise malicious technology is the best, last line of defense

James McQuiggan is a Security Awareness Advocate for KnowBe4. Prior to joining KnowBe4, McQuiggan worked for Siemens for eighteen years where he was responsible for various roles, including his most recent as Product & Solution Security Officer for Siemens Gamesa Renewable Energy. In this role, he consulted and supported various corporate divisions on cybersecurity standards, information security awareness and securing product networks. In addition to his work at Siemens, McQuiggan is also a part-time faculty professor at Valencia College in the Engineering, Computer Programming & Technology Division.

The Dark Side of AI

What role do we play in our organisation's cyber resilience? What factors influence broader business resilience and what is the relationship with cyber?

In this webinar, ISF Principals Esther Schagen-van Luit and Mark Chaplin explore the business resilience landscape since COVID-19, examine what has changed and highlight the cyber risk consequences for organisations already dealing with uncertainty from multiple directions.

The team will reveal a fine thread that originates at the macro level (political, economic and environmental) and weaves its way through to the micro level (organisational, workforce and the individual). Along the way Esther and Mark will draw upon ISF Research, such as the ISF Threat Horizon, and their work with risk and security leaders in ISF Member organisations. They will present the key factors driving the need for cyber resilience in organisations, and highlight why it remains a #1 priority.

Meet the Speakers:

Mark Chaplin is a Principal at the ISF, and an accomplished risk management professional with over 30 years of experience across various disciplines. His expertise spans risk governance and assurance, business resilience, security standards and oversight, compliance management, and incident management. Mark is dedicated to assisting business leaders in developing and implementing high-performance, assurance-driven information risk management capabilities that showcase tangible business value.

Esther Schagen-van Luit is Principal of Services, Benelux at the ISF, and is responsible bringing ISF research and tools to the Benelux market and helping members make the most of their membership with the ISF. Previously she served as the Chief Information Security Officer (CISO) of Deloitte Netherlands and Deloitte Belgium, after having had a career in cyber security strategy consulting. Esther is an active speaker and writer on information security governance, diversity & inclusion, and talent development in the industry.

Untangling the Cyber Resilience Thread

Artificial intelligence is changing the way we work, and supply chain management is no different. 

With all new technologies it is easy to get carried away with implementation before considering the full consequences. In this session Francesca, ISF Analyst and Supplier Security Product Owner, will be discussing the potential benefits and drawbacks of implementing AI into our third-party relationships.

Meet the Speaker:

Francesca is an analyst in the tools and methodologies team, and is the product owner for the Benchmark and the Supplier Security tool, which are the ISF's security assessment platforms. Francesca led the development of v2 of the Supplier Security tool, which now provides comprehensive coverage of the entire supplier management process. She is passionate about advocating for increased diversity across cyber security, and has been involved in a variety of initiatives to help achieve this, including chairing a panel discussion aimed at addressing barriers of access and encouraging more women to join the industry.

The Influence of AI in Supply Chains

Security, at its core, is a data problem. As data volumes grow exponentially (to the tune of 28% CAGR), organisations struggle to collect, enrich and correlate their security data. 

As a result, today’s data onboarding processes involve countless log formats and ingestion methods, resulting in deployment delays, cost overruns and employee burnout. Gaining complete visibility of your data across your environments, no matter where it lies, is critical for security teams to stay ahead of modern threats.

In this session, Ed Bailey, Principal Technical Evangelist at Cribl, and Arfan Sharif, Director - Technical Marketing of NG-SIEM & XDR at CrowdStrike, will share and explore:

• Mid-year review of 2024 IT and Security key trends and predictions
• The evolution of the SOC to address today’s threat challenges
• Building an enterprise security data strategy – tips and best practices

Building an Enterprise Data Strategy for the Modern SOC

Based on our interviews with more than 4,000 cybersecurity professionals from 13 markets across Europe, our report includes new findings on security preparedness and outcomes, revealing how organizations are coping with rising volumes of cybersecurity incidents, their levels of preparedness and the outcomes experienced.

Key findings:

• 40% of the respondents experienced at least one cybersecurity incident in the past 12 months.
• Only 29% of organizations think they are highly prepared to address a cybersecurity incident.
• Half (50%) of respondents say they are challenged by the number of siloed tools and homegrown solutions for data protection, security, sovereignty, localization, residency, and privacy.

Join John Graham-Cumming, CTO and Trey Guinn, CTO at Cloudflare to learn more about the threat landscape facing security experts in Europe and receive practical guidance and inspiration on how to strengthen your cybersecurity framework.


Meet the Speakers:

Trey Guinn is Field Technology Officer at Cloudflare. In this role he advises key customers on strategies to secure and optimise distributed workforces and computing architectures. Trey has spent over 20 years working with multinationals, national governments, and Fortune 500 enterprises from a range of industries to help them plan, build, and develop robust, agile, and secure computing architectures.

Shielding the Future: Europe's cyber threat landscape report

The ISF recently published a major update to the Standard of Good Practice for Information Security 2024 including all the latest topics in information security - Artificial Intelligence, Cyber resilience, Zero Trust and many more.

In this interactive session, Benoit Heynderickx will be joined by one of our valued ISF Members to explore the new features of SOGP 2024 and how they can be used in multiple ways including:

Input into security policies, standards and procedures
Providing a comprehensive reference library of controls
Supplementing existing control frameworks.

Meet the Speakers:

Benoit Heynderickx is a Principal Analyst at the ISF specialising in supply chain, cloud security and quantitative risk analysis. He is also the project lead for the ISF Standard of Good Practice for Information Security. Passionate about information security and risk management, Benoit has a wealth of knowledge and practical experience implementing large scale information security and risk programmes such as ISMS, SOX IT Compliance, and third-party risk assurance programmes.

Ross Johnston is a customer focused technology leader with over 18 years financial experience delivering architectures and solutions enabling senior level stakeholders to visualise a new and innovative way of meeting and exceeding existing and future customers needs. In his current role at the Bupa, he serves as Group Security Patterns and Architecture Lead

SOGP 2024: All-encompassing Standard of Good Practice for Information Security

The cyber threat landscape has become increasingly challenging, impactful and unpredictable. With remote access and corporate networks changed by the COVID pandemic, and risks compounded by geopolitical incidents, building a security strategy that can handle this dynamic threat landscape without causing operational disruption, has become a business critical solution. 

In this webinar, the ISF will explore why Zero Trust is not all hype. Participants will:

1. Identify the core components of Zero Trust and how it is different to current security strategies
2. Understand how to either embark on a Zero Trust journey, or adapt current approaches to minimise risk
3. Take a deeper-dive on how ISF Members have established a Zero Trust Framework.

Zero Trust Strategy: Why your organisation should adopt it

90% of the code in Apps today comes from Open Source Software. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to compromise organizations. 

With GenAI quickly becoming a popular tool for developers to generate code, a new threat has emerged. AI package hallucinations is one of the more recent attack types within supply chain that is easy to execute and can have devastating effects. During this presentation we will give an over view of Supply Chain Security with some examples of the current threats, discuss AI package hallucinations, and preventative measures.

Meet the Speaker:

Tzachi is the head of supply chain security at Checkmarx, and was the co-founder and CEO at Dustico, a software supply chain security startup that was acquired by Checkmarx in 2020. Prior to Dustico, Tzachi built custom solution for automating malware analysis, SOC automation, securing micro services, and designing network sensors at Palo Alto Networks.

Everything You Need to Know About Software Supply Chain Security

Building on the ISF’s previous research, Lee will assess how artificial intelligence has evolved in recent years and discuss his upcoming AI Insights series of papers. With offensive and defensive AI already on the agenda, he will outline other areas of potential research for Members to consider, including governance, data privacy, ethics, and the need for transparency.


Meet the Speaker:

Lee Munson is a Principal Research Analyst at the Information Security Forum (ISF). Lee has over fifteen years’ experience in and around the information security industry. Since joining the ISF in August 2022, Lee has co-authored Threat Horizon 2025 and authored the Vulnerability Management: Beyond patching and Demystifying Encryption Key Management briefing papers. He is currently working on a new Insights series of papers focusing on AI. Prior to joining the ISF, he set up and ran a security awareness program for one of the world’s largest media groups before moving into threat intelligence, focusing on crimeware and nation state threat actors.

This discussion explores the profound impact of Artificial Intelligence (AI) on information security and data protection, highlighting the dual-edged nature of AI as both a tool for enhancing security measures and a potential threat due to its ability to be used by an attacker.

We’ll delve into:
• The evolving landscape of data privacy, examining how AI's capabilities in data processing and analysis pose new challenges for data protection
• An analysis of recent guidance and legislation aimed at ensuring the safe and ethical use of AI
• A detailed review of international and national regulatory frameworks that address AI's unique risks

Dave Barnett has worked in the cloud security space for over ten years. Previously he was a Director of strategy at another leading organisation where he co-authored PAS555 (the first nationally certified cyber security standard) and collaborated with academia on a number of important research papers. In Dave’s current role he leads the business strategy team for Cloudflare’s EMEA SASE, Zero Trust and email security portfolio.

AI Frontiers in Cybersecurity: Navigating Opportunities and Threats

The cybersecurity landscape is always evolving, and in 2023 Cofense saw the volume of malicious email threats reaching end user inboxes increase by over 300% compared to 2022. 

With the volume and variety of threat campaigns continuing to develop exponentially, join Josh Bartolomie, VP of Global Threat Service, to take a look at some of the latest tactics being adopted in business email compromise (BEC). We’ll explore the overarching trends in BEC, and ways to counter this worrying trend from both a technical and people centric approach. 

Key takeaways will include: 
• How attackers are bypassing traditional email security
• Why finance themed emails are still the most popular tactic
• The costs and impact of BEC attacks for organizations
• Ways to identify your most targeted people
• Risks and concerns with BEC attacks leveraging AI
• Top tips and practical advice that you can implement quickly!

With over 25 years of information technology and cybersecurity experience, Josh has designed, built, and managed security operations centers, incident response teams, and security architecture and compliance groups for large, global organisations such as Exelis, L3Harris, and Cognizant. Throughout his career, Josh has maintained a passion for continuous innovation with a focus on designing solutions that address real world gaps and provide immediate value to cybersecurity defenders and organisations around the world.

This Time it's Personal: The latest trends in business email compromise

Email security risk remains high. From credential harvesting and compromise in the supply chain to data loss and exfiltration, almost every organization has had email security incidents in their Microsoft 365 environments. Egress polled 500 cybersecurity leaders and found that the majority have concerns about the traditional technology they use to protect their organization over email.

Join Jack Chapman, VP of Threat Intelligence at Egress, as he discusses findings from the 2024 Email Risk Report for insight into the threats that organizations face, including:

• How both inbound and outbound threats continue to evade traditional approaches to email security.
• Why traditional technology cannot protect against data loss and exfiltration.
• Threats that secure email gateways (SEGs) fail to detect and why 87% of leaders are considering replacing their SEG or already have.

Email Security in 2024: The Urgent Need to Adapt Your Approach

We all have a role to play in the advancement of women in cyber.

ISF's Esther Schagen-van Luit, Principal of Services; Hui Shan, Senior Analyst; Shreya Tiwari, Zero Trust Product Lead; and Francesca Williamson, Analyst, share their reasons behind their commitment to the field. 

Listen as they reflect on:
Their individual career trajectories 
The role models who have shaped their paths and the invaluable resources that have aided them along the way
The various perspectives on thoughts on technology developments such as AI within the industry.

Why Women Stay in Cyber

Information risk assessments enable organisations to select controls or other treatment options that are commensurate with risk in order to reduce the frequency and impact of information security incidents.

ISF materials, including the SOGP, have been developed to support the risk assessment process of identifying business impacts, assessing key threats and vulnerabilities, in addition to treating information risks. These materials complement organisational approaches to information risk assessment and, when used in conjunction with ISF Risk methodologies such as IRAM2 or QIRA, enables an organisation to keep information risk within acceptable limits.

Join Benoit Heynderickx, Principal Analyst and Hui Shan, Senior Analyst, at the ISF, for our final webinar in the ISF Cyber Security Showcase Week, where they consider all these different materials, and present how they can be combined and used to effectively manage risk.

Manage Risk the ISF Way

Risk Management

Risk Mitigation

Risk Based Security

Risk Framework

Information Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Manage Risk the ISF Way

Presented by

About this talk

More from this channel