Name: Achieving NIS2 compliance with the ISF SOGP
Start: 2025-04-16T13:00:00Z
End: 2025-04-16T13:01:00.000Z
Location: BrightTALK
Rating: 0

A thought-provoking webinar programme developed from over three decades of collaborating with our Members across global business, government bodies, legislators and cyber security experts.

Despite Secure Email Gateways (SEGs) embracing AI, phishing still reaches the inboxes of users. Therefore, employees need to be able to identify attacks, a skill they can learn with proper training. 

Join James Hickey, Senior Product Marketing Manager - Cofense, for this session to find out why trusting a technology-only approach to email security can leave you dangerously exposed:

• Discover why technology alone cannot fully detect or prevent phishing.
• Understand why combining technology and human expertise is vital in better threat detection and prevention.
• Learn some of the risk mitigation strategies you should be adopting to prevent a breach.
• Offensive AI vs Defensive AI: What you should know.

Speaker bio: 

As Senior Product Marketing Manager for Cofense, and following 8 years in Sales Engineering for Cofense covering EMEA, James is an expert in helping organisations understand how they can better defend against and mitigate, phishing attacks, drawing on 26 years of experience in IT, in both software Sales & Pre-sales for various software vendors and delivery/implementation within IT Services companies.  James earned a BSc in Information Systems Management from Cranfield University, is a Member of the British Computer Society, a Chartered IT Professional and is recognized by the UK Engineering Council as a Chartered Engineer.

From Phishing to Deepfakes: Staying Ahead in AI-Powered Cybercrime

29% of CEOs and CISOs admit their organisations are unprepared for a rapidly changing threat landscape, highlighting the critical need for a proactive and inclusive approach to cybersecurity.

During this session Javvad Malik, Lead Security Awareness Advocate at KnowBe4, will guide you on how to make security awareness more than just a corporate checkbox. It’s about creating a culture that your team genuinely embraces. Javvad discuss how to turn cybersecurity from a rigid obligation into an engaging, collaborative effort that fosters both security and productivity.

Key takeaways:

- Discover real-world success stories and tools that make security awareness engaging and effective.
- Learn strategies to protect your organisation without overwhelming your team.
- Create an approach that resonates with employees and fosters long-term security habits.


Speaker bio 

Javvad Malik is the Lead Security Awareness Advocate at KnowBe4 and is based in London. Malik is an IT security professional with over 20 years of experience as an IT security administrator, consultant,
industry analyst and security advocate. He is also a multi-award winner and is currently a Guinness World Records holder for the most views of a cybersecurity lesson on YouTube in 24 hours. Malik is passionate about helping people understand the value of cyber security and how every department and individual can play their part. He often educates his audience through blog posts, videos,
podcasts and at public speaking events. Malik holds the SACP and CISSP certification.

Cultivating a Security-Conscious Culture Without Undermining Employee Morale

In this session, we will explore how the ISF Standard of Good Practice for Information Security (SOGP) and its related tools and resources can support organisations on their compliance journey. Since 17th January 2025, organisations operating in financial services in the EU must demonstrate compliance to the Digital Operational Resilience Act (DORA), and we will explain how to best prepare and demonstrate compliance. 

Join ISF experts Benoit Heynderickx and Martin Tully as they guide you through: 

• A comprehensive approach to building a policy framework centred on governance and resilience
• A case study demonstrating how the ISF can support organisations in successfully implementing DORA compliance.

Speaker bios 

Benoit Heynderickx is a Principal Analyst at the ISF and project lead for the ISF Standard of Good Practice for Information Security. With a wealth of information security know-how, he is also regularly involved in specialised topics such as supply chain, cloud security and quantitative risk analysis. 

Martin Tully is a Consultant at the Information Security Forum (ISF) with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance (including the ISF’s Standard of Good Practice) and risk analysis methodologies, such as IRAM2.

Achieving DORA compliance with the ISF SOGP

With supply chain threats rising in complexity, securing vendor ecosystems has become critical to resilience. Join Bitsight Co-Founder and Chief Innovation Officer Stephen Boyer and Christoph Schacher, CISO at Wienerberger AG, for an expert discussion moderated by ISF.

This session will explore actionable strategies for managing supply chain risk and achieving alignment across stakeholders, from executives to vendors. Drawing on real-world insights, innovative approaches, and global data, such as Bitsight's latest research and ENISA’s findings, our panel will highlight how organisations can protect their operations while driving sustainable growth.

Key Takeaways:

• Understand evolving supply chain risk dynamics and trends in cybersecurity investments.
• Discover practical solutions for assessing and mitigating third-party risks.
• Learn how top companies like Wienerberger are achieving cyber resilience in an era of expanded attack surfaces, as stricter regulations like NIS2 are being enforced.

Secure your spot for this timely conversation and participate live for exclusive insights and interactive Q&A with our esteemed speakers.

Securing the Supply Chain: Navigating Risk and Regulatory Demands in an Interconnected World

As we close out 2024, a year marked by unprecedented change and disruption across the world, the question arises: are we set to see more disruption in 2025?

With increasing potential for sophisticated AI cyber-attacks, escalating geopolitical unrest, and the tech industry under intense scrutiny from regulators, organisations must start rethinking their strategies. Security teams will need to stretch their resources further than ever before, prioritising cyber resilience and threat mitigation while maintaining operational stability and addressing staff concerns amidst economic uncertainty.

To prepare security leaders for the challenge ahead and help them align their cyber security strategies with business objectives, Chief Executive of the ISF Steve Durbin returns to the virtual stage to deliver our annual Emerging Threats webinar. Secure your place for early insight into the prominent information security threats to expect in 2025 and crucial guidance on how to prepare.

ISF Annual Threat Update: Emerging threats for 2025

Moving your infrastructure to the cloud is primarily a business decision, or a choice made by IT managers who have decided to rationalise (not necessarily simplify) their infrastructure by moving to the cloud.

Some have chosen to do so by moving all or part of their applications, depending on how business-critical they are, or quite simply to (possibly) reduce operating costs.

During this webinar, Bernard Montel – EMEA Technical Director and Security Strategist at Tenable will cover: 

• The cyber threat context 
• The main risks associated with cloud exposure 
• The evolution from vulnerability management to exposure management (including cloud exposure)


With over 20 years in the security industry, Bernard Montel is Technical Director at Tenable. His expertise includes cryptography, Identity & Access Management, and SOC domains. Bernard has published numerous articles and is regularly invited to speak about cybersecurity providing insight into current cybersecurity threats, cyber risk management, and cyber exposure.  

Before joining Tenable, Bernard held the position of EMEA Field CTO for RSA, where he played a leading role within its Threat Detection & Response department. He has significant experience advising both large and medium size organizations on cybersecurity best practices.  

Bernard holds a Master of Science in Network and Security and a Master 2 degree in Artificial Intelligence.

You moved your infrastructure to the Cloud - Do you know your Cloud Exposure?

AI is being adopted simultaneously into different digital platforms. In this new era of hyper-connectivity and digital transformation, once trusted traditional cyber security paradigms need a zero trust makeover.

Therefore in this era of commoditised AI, there needs to be a rethink of what it now means to be secure and how to deal with both the advantages of AI and the risks to cyber resilience. 

This session will address:
• Signs of the times - the new risks
• Key challenges for CISOs and cyber managers
• How to overcome key challenges
• How to contain a breach
• How to plan for business continuity



Michael has over 20 years’ experience in networking and cybersecurity. He is Director of Systems Engineering where he is responsible for overseeing the EMEA go-to-market systems engineering team.   Michael is an accomplished public speaker, regularly speaking at conferences and webinars. He holds a MSc in Network Systems Engineering and a BSc in physics in addition to several cyber industry certifications.

Good AI Gone Bad - A Zero Trust Story

Some consider that cyber attacks are one of the four most important global concerns that society faces, to include Climate Change, Weapons of Mass Destruction and Disease Pandemics. Whether sensational talk or fact, cyber attacks are both increasing in number and scale.

Join Steve Dobson, Operations Director at the ISF, as he kicks-off the ISF Cyber Security Showcase Week to discuss:
- What are cyber attacks?
- What are the reasons behind the growth of cyber attacks?
- Who is most at risk?
- What are the five key steps everyone can do to be better aware - and better protected - from attack?

Disclaimer: This is a pre-recorded webinar

Why Cyber Security is for Everyone

Earlier this year, the ISF introduced the latest edition of its Standard of Good Practice for information security (SOGP).

Organisations can leverage the SOGP to strengthen their policy frameworks and to assure stakeholders that they are aligned with industry-leading standards. 

Join ISF experts Nick Frost, Dan Rycroft and Jean-Michel Chapon as they guide you through:

• The key updates in the 2024 Standard of Good Practice and the rationale behind them

• A comprehensive approach to policy framework development covering stakeholder engagement, alignment with budget cycles, and other key steps

• A case study demonstrating how the ISF supported an organisation in successfully refreshing its policy framework to align with business objectives

Improving your policy framework with the ISF's Standard of Good Practice for Information Security

How do we move from separated teams, separated tooling, poor operational efficiencies, to a Cloud SOC that hums and keeps critical cloud infrastructure safe?  

Leveraging popular economist and thinker Nassim Taleb's ideas of Black Swan events and risk management, this session covers how current people, process and technology issues are leading to fragile cloud security operations for many organisations. In this session, we explore the opportunities and ways to rebuild more anti-fragile Cloud SOC.

Join Chris Hosking, Cloud Security Evangelist at SentinelOne, to learn: 

• Key causes of fragile cloud SOC 
• Technology opportunities to build cloud security resiliency

How to build an anti-fragile Cloud SOC

Planning for the next iteration of cyber threats is a difficult task, the ISF have over 15 years’ experience of predicting the next big thing for security teams to worry about. Threat Horizon can be part of your future proofing your security protections, hear from Paul Holland, Head of Research at the ISF, who will explain more about Threat Horizon and how our predictions have a habit of coming true.

Based on ISF research, this webinar will provide insight into the ISF Threat Horizon report and how it can be used for future proofing your cyber security plans:

• Learn about the ISF Threat Horizon report
• See how our threat predictions are made
• Discover how accurate our past and present predictions have been
• Understand how Threat Horizon can help future cyber security planning

Through the Looking Glass: ISF's predictions on past, present and future threats

Cyber security awareness programmes have been running for decades, but are they effective? The human element is still the single most common factor in causing security incidents. Security awareness programmes haven’t changed that or reduced our susceptibility to an acceptable level. It’s time to do more than just raise awareness: we need to change the conversation and talk about behaviour and culture instead.

Based on ISF research, this webinar will provide hints and tips on how organisations can move beyond raising awareness, to embedding security behaviours. It will outline how to:

•understand and address the psychological vulnerabilities we all have, and which attackers exploit
•create a programme for behavioural change across all levels of the organisation
•develop a human-centred security culture
•positively influence security behaviour.

Let’s Stop Talking About Security Awareness and Focus on Culture Instead

As the deadline to meet the NIS 2 directive fast approaches, organisations are realising that satisfying this legislation will be an ongoing activity. 

Resulting from workshops, events and assessments, ISF has identified 7 common challenges of NIS 2. 

Join our in house EU regulatory expert Luka Ivezic, as he outlines these challenges and how organisations can successfully achieve compliance.

NIS 2 Directive: addressing seven common challenges

We’ve identified three challenges posed by today’s uncertain world with the aim of equipping you – security and business leaders and their teams – with insight into why they matter, and how you can keep you and your organization’s future safe within strained budgets and resources.

This event will be part of our Cyber Awareness Month webinar program. Attend this session to:
- Gain perspective on the critical challenges facing organizations worldwide
- Equip yourself with the knowledge required to mitigate these challenges with increasingly limited resources
- Ask yourself the right questions to see where you stand on your cyber journey

Protecting My Business on a Limited Budget

Web applications are central to modern life. For governments, they are an important channel to communicate information to the public and provide essential services. For businesses, they serve as a source of revenue, efficiency, and customer insights.

Take a close look at the most important trends shaping the web application and API threat landscape today, including vulnerability exploitation, DDoS attacks, bot traffic, and third-party supply chain risk.


Join Sheril Nagoormeera, Principal Solutions Architect for a discussion on the latest application and API security threat research sourced from Cloudflare’s global network, including:

• Shifts in blocked web application and API traffic
• The growth and increased complexity of DDoS attacks
• The weaponization of vulnerabilities at breakneck speed
• The growing risk of shadow APIs
• Risks associated with third-party components such as scripts, outbound connections, and cookies

Are you prepared for the next attack? The state of application security in 2024

The cloud has changed everything. Software supply chains, applications, and cloud environments are not only growing more complex, the attack surface has also expanded, with attackers now targeting the entire software supply chain—from source code management and CI/CD systems to developer identities.
The days of treating code, pipelines, and cloud in isolation are over. Security must now be integrated across every stage of development. Comprehensive cloud security is no longer about shifting left. It’s about starting left–and going all the way to the right.

Join Ziad Ghalleb, Product Marketing Manager at Wiz, to learn: 

•why application security can no longer be separated from cloud security.
•how a code-to-cloud approach empowers your developers to move at the speed of the cloud without compromising security

Building with Confidence: Security from Code to Cloud

Hear directly from Alex Jordan, Head of Tools and Methodologies, and Francesca Williamson, ISF Analyst, about the recently updated ISF Tools Suite that is aligned to the 2024 version of the ISF Standard of Good Practice (SOGP).  The ISF Tools Suite offers a holistic approach to security that is centred around industry-leading good practice, and assists security teams with risk management (IRAM2), control assessments (Benchmark), and managing supply chain risk (Supplier Security). 

This webinar will include:
• An introduction to each of the ISF Tools
• An overview of the new topics covered, including Artificial Intelligence and Stakeholder Engagement
• An outline of the standards and frameworks the SOGP is aligned to, including ISO/IEC 27001:2022 and the NIST Cyber Security Framework v2.0.

ISF Tools: A holistic approach to security

How prepared is your organisation for the NIS2 regulation?

According to a recent report by Statista, cybercrime ranks among the most prevalent and damaging offenses in Europe, making it crucial for organisations to stay ahead of threats and compliant with new regulation.

The NIS2 Directive emphasises the importance for companies across various sectors in the EU to implement and maintain robust cybersecurity and risk management practices within a unified framework.
In this webinar we will guide through achieving compliance with the ISF Standard of Good Practice for Information Security, ensuring your organisation meets the new NIS2 requirements seamlessly.

What will be covered in this webinar?

• Gain a deep understanding of the fundamental aspects of the NIS2 legislation.
• Explore the unique challenges and harmonisation efforts across various EU countries.
• Learn how a unified approach to cybersecurity and risk management can significantly enhance your organisation’s preparedness and compliance.

This session will feature ISF experts Benoit Heynderickx and Luka Ivezic who will discuss how organisations and regulators are navigating NIS2 compliance and how ISF resources can support successful implementation of the directive’s requirements

Achieving NIS2 compliance with the ISF SOGP

Cyber Security

Regulations

Compliance

Information Security

SOGP

EU Regulation

Cyber Crime

Cyber Resilience

Supply Chain

Risk Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Achieving NIS2 compliance with the ISF SOGP

Presented by

About this talk

More from this channel