All too often we focus on how to test/train our staff with security awareness. In many cases we start to see a drift toward no trust of anything that comes in. In this discussion we will go over what it takes to train your staff to be security aware without being security afraid. Sometimes it's more than just slapping hands to get them to behave better.
This session will go over the results of an independently conducted study that explores the relationship between a publicly traded company’s cybersecurity rating, and the performance of its stock price over time. Researchers from the Journal of Cyber Policy monitored security ratings and returns on share prices for companies listed within the S&P 500 index for a period of 52-weeks, and discovered surprising findings. Alex Heid, Chief Research Officer of SecurityScorecard, will discuss the results of the Journal's report, as well as the continously growing interconnected relationship between business risk and cyber risk.
Cyber organizations struggle to retain cyber talent. Why re-hire blue teams, red teams, CIRT and cyber analysts, if we can forge a team that stays? This case study describes how a 230-person cyber team supporting a major U.S. federal agency developed intrinsically rewarding programs that solidified commitment to a shared mission. Session participants receive guides with actions and flow charts needed to establish CyberLeaders 3.0 leadership development programs. Results: through the cohorts presented to date, our team decreased talent flight by 50% and boosted participation by female cyber professionals (>50%) and underrepresented demographics (>30%). We'll We'll include statistical analysis of program process metrics and outcomes. This CyberLeaders case study decreased cost as well as risk because our experts already know our adversaries.
Compliance is a required part of risk management. But are your compliance initiatives helping you bridge compliance and risk? Effective compliance is a catalyst for developing a proactive, risk management program by providing effective controls and tools that assess, manage, and monitor risk. Compliance isn’t about checking the box, it’s about proactively protecting your company and providing assurance so that others trust doing business with you. And, demonstrating trust will be the next market shaper.
● Challenges in Compliance and Risk Programs
● Five Best Practices in starting a Risk Program
● Compliance Considerations that will Improve Your Risk Posture
With the number of attacks on the rise it’s fair to say that ransomware happens, there’s unfortunately no way to avoid it. The trick is to try and prevent the spread of breaches through your network. During this presentation we’ll offer simple approaches for mitigating the damage ransomware and other cyberattacks can have across your hybrid cloud network, data estate and endpoints.
Points we’ll discuss include learning how to:
• Gain the visibility required to quickly identify the most vulnerable applications and workloads
• Block risky ports and non-compliant data flows commonly abused by ransomware and other cyberattacks
• Find deprecated services and see how legacy unpatched systems can be reached
• Reduce internal frictono and forge tighter collaboration across NetOps, SecOps, and DevOps
• Integrate real-time Illumio data into your SIEM/SOAR during SecOps investigation