Cybersecurity Ratings Part 3: The Third Way

Learn how BitSight Security Ratings are used to monitor and manage third-party cyber risk. The third part of this (ISC)² webinar series explores how BitSight Security Ratings help organizations tackle third-party supplier risk management challenges. Bob Lewis (Former Head of External Cyber Assurance and Monitoring, Barclays UK) and Nick Trigg (BitSight Risk Consultant) share real life examples of business challenges within third-party risk and considerations when addressing those challenges.
Watch Now



Solving New Authentication Challenges While Finding Parity Between User Experience and Security


Unfortunately, most businesses are making the fundamental mistake when it comes to authentication and are thinking inside-out, but by thinking outside-in, they would automatically put the Customer first. Until now, strong (and not so strong) authentication to services seems to have been driven by an inside-out way of thinking. The institutions think about what works best for them: what fits into their infrastructure; what is the cheapest yet compliant approach? For customers, this means that they must use what their service provider offers to them. Companies must also be aware of insider risks and by implementing a Zero Trust approach of ‘never trust, always verify’, they can better secure the access to their assets. In this KuppingerCole webinar, we will address the following.
Watch Now

Managing the Insider Threat—Why Visibility Is Critical


Only with full visibility into employee or third-party activity across a company network can even the earliest indicators of an insider threat be detected. By monitoring both user and file activity, security and compliance professionals can be alerted to risky, out-of-policy activities and any unexplained changes in user behavior in real-time; successfully stopping and investigating any activity before it becomes a full-blown breach. Research from The Ponemon Institute shows that Financial Services organizations face the highest penalty costs of any other industry ($12.05 million annually) when they experience an insider-led incident, though they are closely followed by the Energy & Utilities and Retail sector. This cost alone is a very concrete reason to address what otherwise might seem to be an invisible problem.
Watch Now

Enterprise Phishing Attacks & the Need to Defend Mobile Endpoints


The new GigaOm “Phishing Prevention and Detection: A GigaOm Market Landscape Report,” designed to help C(x)Os and security practitioners evaluate phishing prevention solutions, recognizes that mobile endpoints are poised to be the next high-value target for phishing attacks. The majority of mobile endpoints lack protection beyond Mobile Device Management risk assessments; these endpoints are completely exposed to phishing and other attacks.
Watch Now

Your Resolution for 2018: Five Principles For Securing DevOps


Organizations in today’s market must strike a balance between competitive differentiation and meeting evolving compliance standards-particularly related to software security. They need to obtain faster release and deployment cycles, improved collaboration between business stakeholders and application development and operations teams, and automation tools. DevOps, an innovative organizational and cultural way of organizing development and IT operations work, is addressing this challenge – driven by mounting evidence of its benefits to the business. However reaping these gains requires rethinking application security to deliver more secure code at DevOps speed.
Watch Now