Name: Improving your policy framework with the ISF's Standard of Good Practice for Information Security
Start: 2024-10-11T10:00:00Z
End: 2024-10-11T10:01:01.000Z
Location: BrightTALK
Rating: 4.8

A thought-provoking webinar programme developed from over three decades of collaborating with our Members across global business, government bodies, legislators and cyber security experts.

Some consider that cyber attacks are one of the four most important global concerns that society faces, to include Climate Change, Weapons of Mass Destruction and Disease Pandemics. Whether sensational talk or fact, cyber attacks are both increasing in number and scale.

Join Steve Dobson, Operations Director at the ISF, as he kicks-off the ISF Cyber Security Showcase Week to discuss:
- What are cyber attacks?
- What are the reasons behind the growth of cyber attacks?
- Who is most at risk?
- What are the five key steps everyone can do to be better aware - and better protected - from attack?

Disclaimer: This is a pre-recorded webinar

Why Cyber Security is for Everyone

How do we move from separated teams, separated tooling, poor operational efficiencies, to a Cloud SOC that hums and keeps critical cloud infrastructure safe?  

Leveraging popular economist and thinker Nassim Taleb's ideas of Black Swan events and risk management, this session covers how current people, process and technology issues are leading to fragile cloud security operations for many organisations. In this session, we explore the opportunities and ways to rebuild more anti-fragile Cloud SOC.

Join Chris Hosking, Cloud Security Evangelist at SentinelOne, to learn: 

• Key causes of fragile cloud SOC 
• Technology opportunities to build cloud security resiliency

How to build an anti-fragile Cloud SOC

Planning for the next iteration of cyber threats is a difficult task, the ISF have over 15 years’ experience of predicting the next big thing for security teams to worry about. Threat Horizon can be part of your future proofing your security protections, hear from Paul Holland, Head of Research at the ISF, who will explain more about Threat Horizon and how our predictions have a habit of coming true.

Based on ISF research, this webinar will provide insight into the ISF Threat Horizon report and how it can be used for future proofing your cyber security plans:

• Learn about the ISF Threat Horizon report
• See how our threat predictions are made
• Discover how accurate our past and present predictions have been
• Understand how Threat Horizon can help future cyber security planning

Through the Looking Glass: ISF's predictions on past, present and future threats

Cyber security awareness programmes have been running for decades, but are they effective? The human element is still the single most common factor in causing security incidents. Security awareness programmes haven’t changed that or reduced our susceptibility to an acceptable level. It’s time to do more than just raise awareness: we need to change the conversation and talk about behaviour and culture instead.

Based on ISF research, this webinar will provide hints and tips on how organisations can move beyond raising awareness, to embedding security behaviours. It will outline how to:

•understand and address the psychological vulnerabilities we all have, and which attackers exploit
•create a programme for behavioural change across all levels of the organisation
•develop a human-centred security culture
•positively influence security behaviour.

Let’s Stop Talking About Security Awareness and Focus on Culture Instead

As the deadline to meet the NIS 2 directive fast approaches, organisations are realising that satisfying this legislation will be an ongoing activity. 

Resulting from workshops, events and assessments, ISF has identified 7 common challenges of NIS 2. 

Join our in house EU regulatory expert Luka Ivezic, as he outlines these challenges and how organisations can successfully achieve compliance.

NIS 2 Directive: addressing seven common challenges

We’ve identified three challenges posed by today’s uncertain world with the aim of equipping you – security and business leaders and their teams – with insight into why they matter, and how you can keep you and your organization’s future safe within strained budgets and resources.

This event will be part of our Cyber Awareness Month webinar program. Attend this session to:
- Gain perspective on the critical challenges facing organizations worldwide
- Equip yourself with the knowledge required to mitigate these challenges with increasingly limited resources
- Ask yourself the right questions to see where you stand on your cyber journey

Protecting My Business on a Limited Budget

Web applications are central to modern life. For governments, they are an important channel to communicate information to the public and provide essential services. For businesses, they serve as a source of revenue, efficiency, and customer insights.

Take a close look at the most important trends shaping the web application and API threat landscape today, including vulnerability exploitation, DDoS attacks, bot traffic, and third-party supply chain risk.


Join Sheril Nagoormeera, Principal Solutions Architect for a discussion on the latest application and API security threat research sourced from Cloudflare’s global network, including:

• Shifts in blocked web application and API traffic
• The growth and increased complexity of DDoS attacks
• The weaponization of vulnerabilities at breakneck speed
• The growing risk of shadow APIs
• Risks associated with third-party components such as scripts, outbound connections, and cookies

Are you prepared for the next attack? The state of application security in 2024

The cloud has changed everything. Software supply chains, applications, and cloud environments are not only growing more complex, the attack surface has also expanded, with attackers now targeting the entire software supply chain—from source code management and CI/CD systems to developer identities.
The days of treating code, pipelines, and cloud in isolation are over. Security must now be integrated across every stage of development. Comprehensive cloud security is no longer about shifting left. It’s about starting left–and going all the way to the right.

Join Ziad Ghalleb, Product Marketing Manager at Wiz, to learn: 

•why application security can no longer be separated from cloud security.
•how a code-to-cloud approach empowers your developers to move at the speed of the cloud without compromising security

Building with Confidence: Security from Code to Cloud

Hear directly from Alex Jordan, Head of Tools and Methodologies, and Francesca Williamson, ISF Analyst, about the recently updated ISF Tools Suite that is aligned to the 2024 version of the ISF Standard of Good Practice (SOGP).  The ISF Tools Suite offers a holistic approach to security that is centred around industry-leading good practice, and assists security teams with risk management (IRAM2), control assessments (Benchmark), and managing supply chain risk (Supplier Security). 

This webinar will include:
• An introduction to each of the ISF Tools
• An overview of the new topics covered, including Artificial Intelligence and Stakeholder Engagement
• An outline of the standards and frameworks the SOGP is aligned to, including ISO/IEC 27001:2022 and the NIST Cyber Security Framework v2.0.

ISF Tools: A holistic approach to security

Murky and cryptic details of cloud breaches and threats fill all cybersecurity news. Sorting through the limited information provided can often lead to even more confusion around the source and solution to these threats. To build an effective cloud defence strategy, it is important to understand the nature of how you will be attacked. 

In this webinar, Chris Hosking, SentinelOne will provide an in-depth look at the changing cloud threat landscape.

Key takeaways: 

• The main causes of cloud breaches
• Real-world examples of Cloud TTPs and attacks
• Critical defences required to match the evolving cloud threat landscape

Evolution of Cloud Security Breaches: Building Cloud Defence

AI is creating unique opportunities but also raises risks of compromise and irrecoverable data loss. This session looks into advances that generative AI and other forms of machine learning provide to threat actors elevating their existing malicious activities to the new level and opening new attack vector potential. The session will also explore AI driven zero trust architecture and cybersecurity best practices that enable organisations to gain productivity benefits from AI tools while staying secure in the face of emerging threats.

Cyber Security in the AI Era

Over the last 2 years, 98% of organisations globally have had a 3rd party in their ecosystem that has experienced a breach. This coupled with increasingly stringent regulatory mandates such as DORA, NIS2, Cyber Resilience Act and SEC Materiality have made making cyber supply chain risk actionable a must. 

In this webinar, you will have the opportunity to learn what approaches your peers at Shell and Petronas have taken to build a more secure and resilient supply chain.

Using real-world insights, this session will explore best practices for supply chain risk management, including: 

● How to prioritise cyber risk in the supply chain and eliminate alert noise
● How organisations are getting ahead of requirements related to NIS2, DORA, Cyber Resilience Act and SEC Materiality
● How to leverage AI to automate workflows and free up resources
● How far downstream in the supply chain to address risk and the type of solutions leaders in Supply Chain Assurance look for to give them an edge

Our Speakers: 
 
Oleg Stryzhak serves as Shell’s Digital Supply Chain Risk Manager and is instrumental in safeguarding an ever-growing ecosystem of third-party digital services that play a vital role in the energy transition. Since 2017, Oleg has led a global team of risk managers that continually monitor the security posture of third-party service organisations. Learn more about Oleg at olegstryzhak.com

Muhittin Hasancioglu has 35 years of professional Information Technology, Cyber Risk and Security Leadership experience within PETRONAS, Royal Dutch Shell and Goodyear, with a proven track record of delivering significant business outcomes in challenging environments. 

During his time as CISO for PETRONAS and Royal Dutch Shell, Muhittin delivered a multi-year strategic cyber security program that encompassed IT and OT domains to enhance the cyber resilience and protect both groups against cyber threats and risks.

CISO Panel: Best Practices and Emerging Trends in Supply Chain Risk Management

As recent studies have confirmed, adversaries are using artificial intelligence (AI) to improve their tactics to launch targeted cyber attacks on organisations. 

The first half of this session will analyse how adversaries are using AI in their attack methods and what has changed from before, in their operations. The second segment of the session will delve into how security teams can leverage AI to counterattack threat actors and use AI to build and improve their defences.

During this session you will:

- Gain insights into how threat actors use AI to launch cyber attacks
- Determine what needs to be changed and laying the foundation for AI use within organisations to defend themselves
- Demystifying the "How to use AI “ for Security Teams so that they can derive better outcomes


Mani Keerthi Nagothu is a cybersecurity professional with global work experience. Her focus areas include Cybersecurity Strategy, Incident response, and Risk management. She is a Public Speaker at various Cybersecurity Conferences, Webinars, and Podcasts. She is passionate about teaching Cybersecurity; two of her courses, Insider Threat Risk Management and Designing Cybersecurity Controls, are published on LinkedIn Learning.

AI vs AI - How Adversaries and Security Teams use AI

Building on the ISF’s previous research, Lee will assess how artificial intelligence has evolved in recent years and discuss his upcoming AI Insights series of papers. With offensive and defensive AI already on the agenda, he will outline other areas of potential research for Members to consider, including governance, data privacy, ethics, and the need for transparency.


Meet the Speaker:

Lee Munson is a Principal Research Analyst at the Information Security Forum (ISF). Lee has over fifteen years’ experience in and around the information security industry. Since joining the ISF in August 2022, Lee has co-authored Threat Horizon 2025 and authored the Vulnerability Management: Beyond patching and Demystifying Encryption Key Management briefing papers. He is currently working on a new Insights series of papers focusing on AI. Prior to joining the ISF, he set up and ran a security awareness program for one of the world’s largest media groups before moving into threat intelligence, focusing on crimeware and nation state threat actors.

Disclaimer: This is a pre-recorded webinar

AI Insights: Opportunities and Challenges

In an era where cyber threats are rapidly evolving and becoming more sophisticated, building a comprehensive security strategy is more critical than ever.

Join us for an engaging webinar featuring industry leader Steve Durbin, Chief Executive of ISF. In this Studio session, Steve is joined Eran Ashkenazi, Chief Customer Officer, and Jane Wong, SVP of Product Management at SentinelOne who will share their expertise on navigating the ever-changing threat landscape and overcoming the challenges faced by security teams today.

Key Topics:
● Legacy vs. Modern Security Technology: Understanding how to bridge the gap between legacy SOC tools and modern threats
● The Role of AI in Security: Harnessing artificial intelligence to stay ahead of cyber threats.
● Effective Crisis Management: Strategies for responding swiftly and effectively to security incidents.
● Building and Growing Security Teams: Best practices for recruiting, training, and retaining top talent.

What You'll Gain:
● Strategic Insights: Learn how to develop a flexible and effective security strategy that adapts to the constantly shifting threat landscape.
● Maximized ROI: Discover how to optimize your security investments and stay ahead of emerging threats.
● Technological Advancements: Explore the latest innovations in security technology for comprehensive protection across all attack surfaces.

Building an Effective Security Strategy for the Threats of Today and Tomorrow

Security leaders worldwide are grappling with the complexities surrounding the SEC’s recent implementation of the Cybersecurity Disclosure.

Not only do the rules bring critical attention to their own organization’s processes for managing material risks and reporting material breaches, but also create a shared responsibility between an organization and its suppliers in ensuring that strong security measures are in place across their supply chain.

Join us as Nabeel Cheema, Special Counsel at the U.S. Securities and Exchange Commission (SEC), sits down with ISF experts to give practical advice around the concerns keeping security leaders up at night and empower organizations to turn compliance into a strategic advantage.

An essential webinar for security leaders looking to:
- Demystify the SEC Cybersecurity Disclosure by exploring the rationale behind the mandate, what the rules require, and what they don’t.
- Learn what the regulation means for your organization as experts from the ISF and SEC dispel common misconceptions and answer your questions in real-time.
- Ensure compliance by developing strategies to implement and maintain resilient cyber security practices that fit within increasing budget and resource limitations.

Decoding the SEC Cybersecurity Disclosure

Artificial Intelligence (AI) has come roaring to the forefront of today’s technology landscape. It has revolutionised industries and will modernise careers, bringing numerous benefits and advancements to our daily lives. However, it is crucial to recognise that AI also introduces unseen impacts that must be understood and addressed for your employees and your organisation as a whole. Join James McQuiggan, Security Awareness Advocate at KnowBe4, in this thought-provoking presentation where he’ll discuss the unforeseen threats of AI and how to protect your network.

During this presentation, you will:

•        Gain insights into the risks associated with AI and their implications for critical domains
•        Understand the dangers of prompt injection attacks and their impact on data integrity
•        Discover ways to combat the spread of conspiracy theories and misinformation generated by AI
•        Learn how training your users to recognise malicious technology is the best, last line of defense

James McQuiggan is a Security Awareness Advocate for KnowBe4. Prior to joining KnowBe4, McQuiggan worked for Siemens for eighteen years where he was responsible for various roles, including his most recent as Product & Solution Security Officer for Siemens Gamesa Renewable Energy. In this role, he consulted and supported various corporate divisions on cybersecurity standards, information security awareness and securing product networks. In addition to his work at Siemens, McQuiggan is also a part-time faculty professor at Valencia College in the Engineering, Computer Programming & Technology Division.

The Dark Side of AI

ISF Cyber Awareness Showcase Week - Oct 2024

Earlier this year, the ISF introduced the latest edition of its Standard of Good Practice for information security (SOGP).

Organisations can leverage the SOGP to strengthen their policy frameworks and to assure stakeholders that they are aligned with industry-leading standards. 

Join ISF experts Nick Frost, Dan Rycroft and Jean-Michel Chapon as they guide you through:

• The key updates in the 2024 Standard of Good Practice and the rationale behind them

• A comprehensive approach to policy framework development covering stakeholder engagement, alignment with budget cycles, and other key steps

• A case study demonstrating how the ISF supported an organisation in successfully refreshing its policy framework to align with business objectives

Improving your policy framework with the ISF's Standard of Good Practice for Information Security

Cyber Security

Policy Compliance

Information Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Improving your policy framework with the ISF's Standard of Good Practice for Information Security

Presented by

About this talk

More from this channel