RiskSec 2020 Agenda
|Wednesday, September 23, 2020|
|9:00 AM - 9:45 AM||Keynote - Details Coming Soon||Keynotes/Plenary|
|10:40 AM - 11:10 AM||Cyber Hygiene: Wash Your Hands & Assess Your Risk|
In the same way that washing your hands reduces your chance of illness, good cyber hygiene can lower your risk. Indeed, some experts contend that practicing sound cyber hygiene can prevent a majority of current attacks. But, you need to be consistent. From inventorying authorized and unauthorized devices and automating continuous vulnerability assessment and remediation to threat modeling and risk assessment, among various other basics, sound cyber hygiene practices can go a long way to protecting your infrastructures. Adding attack analysis and active defense practices are next steps. For this session, we learn from experts the ins and outs of implementing and maintaining the strategies that underpin strong cyber hygiene for your organizations.
|10:40 AM - 11:10 AM||Election 2020: The Wider Implications of Security Weaknesses & Actions to Take Now|
The integrity of elections is critical to democracy and the various private and public organizations that keep a country and its economy running effectivey. Yet elections are threatened now more than ever by nation-state actors from around the world and other forces keen on influencing results or cashing in through social engineering and disinformation/misinformation campaigns. As well, bad actors seeking access through backend systems that support elections also can lead to wider compromises, including the theft of administrative credentials and wider privileged access. Security gaps in various systems that leave the electorate and myriad organizations vulnerable must be addressed. We explore the causes and effects of these attacks and discuss ways to shore up security controls to help protect not only the integrity of the election process, but countries' critical infrastructure organizations and other entities.
|11:40 AM - 12:10 PM||An Insider’s View of the Cyber Insurance Landscape|
Companies are buying cyber insurance, but some have learned the hard way that their policies fail to cover some of the very problems they were hoping they did. So, how do you and your executive leaders know that the insurance providers you're working with are actually signing you up for what you need? We discuss the state of the cyber insurance marketplace, emerging trends ahead, how regulatory requirements may further impact cyber insurance going forward, and what you can do to ensure that your specific policies are airtight and cover the most critical areas of your business and can help you further strengthen your incident response plans and overall risk management and cybersecurity resiliency strategies.
|2:30 PM - 3:00 PM||Workforce Development: Are We Looking for the Wrong Needle or in the Wrong Haystack?|
Is it time for organizations to also look outside tech for resources and skip worrying about degrees? Many believe general STEM education, personality and aptitude are the real priorities for helping to fill the talent gap. We learn more about the different steps organizations and industry bodies are taking to address the dearth of talent filling the open positions and explore other actions that can be taken to strengthen the workforce and, perhaps, in turn, address still existing challenges of diversity.
|2:30 PM - 3:00 PM||Today's Bug Bounty Ecosystem|
Everybody's doing them -- from the U.S. Pentagon to Uber and even large technology companies, like Google. And, with all these players now in the bug bounty game, we've witnessed some notably large payouts in recent months. But, are these programs helping to detect insider and other threats? As well, we've seen some that have seen their own share of vulnerabilities, so how is this impacting, if at all, the scope and integrity of such programs? What should companies pay attention to and how can they ensure they're addressing their own infrastructure's holes when news of a bug and its bounty hits? We discuss these programs and how they're helping companies with their security programs and, more specifically, their vulnerability management processes and plans.
|4:25 PM - 4:55 PM||Embracing Privacy & Security|
In working across an entire ecosystem preventing, detecting and minimizing the impact of attacks on our data and our clients is crucial. So, too, is addressing the demand by many in the general public for companies collecting their personally identifiable information or PII to act as trusted shepherds of the details that they're sharing. And, of course, with multiple state and global privacy regulations continuing to impact the overarching security landscape, more CISOs are being tasked with integrating privacy into their responsibilities to address customer/client needs. As well, of course, larger organizations have Chief Privacy and Risk Officers in place with whom CISOs must team. We look at this evolving area of security and share how organizations must take steps to secure data while also considering how they use it.
|4:25 PM - 4:55 PM||The Blueprint for Cloud Migrations|
As many organizations take further strides to migrate entire operations to the cloud, what are the major areas of vulnerability to consider? How should they ensure they're keeping costs down as they seek out the overall value from such migrations? What are the tools – even natively offered in these services, that are available to help, for example, and what other security questions come into play, such as access and identity management? Further, how do compliance mandates across the globe impact cloud migrations for organizations with international offices? We discuss the blueprint for cloud migrations of business operations and share models and steps to consider that will help your organization make sound decisions that keep your data and business safe.
|5:10 PM - 6:20 PM||Closing Keynote: How to Avoid Panic During a Pandemic|
As the world contends with the many impacts that the Coronavirus pandemic has introduced to us all, organizational leaders are facing a fast-evolving reality that sees the need for them to implement and likely tweak business continuity plans for their organizations. Alongside this, there is a need to effectively tackle the myriad cybersecurity risks now facing their businesses. Concerns about data security, identity and access management, social engineering and much more abound as whole workforces are now undertaking their duties from home offices. In this interactive session, we explore the major cyber risks wrought by a pandemic and look to our experts to engage with our audience about the right steps they need to take to account for them.