Day One: September 15
Chairman´s Opening Remarks
Security, Compliance and Productivity – Finding The Right Balance
Ganesh Umapathy, Product Marketing Manager, Duo
Protecting hybrid IT environments can be challenging. Additionally, organizations are now required to accommodate a fully remote workforce - adding a layer of complexity to information security programs. Choosing the right solution will help achieve a balance across security, compliance and productivity.
Attend this webinar to learn how you can:
- Achieve security project goals such as getting started with a zero trust strategy or implementing a strong secure access solution for the remote workers
- Reduce cyber risk by adopting compliance frameworks such as NIST, PCI-DSS, ACSC Essential 8, ARPA – CPS234
Improve productivity by empowering users with self-service and delivering the best user experience
Realtime BCM for GRC
Tom Kartanowicz, CISO Americas, Commerzbank AG
- Realizing that plans have changed completely and understanding the current reality that regulators are interested in the plan
- Divining your short and long term BCM plan
- Understanding the need to now hug the probability tail
- Preparing for the next low probability, high impact events
- Consistently engaging in adjustment for resiliency and knowing that BCM and resiliency are joined at the hip
- Ensuring that everyone from the C-Suite to the front lines are collaborating
Trust or Zero Trust: Privileged Access Management in the Age of a Remote Workforce
Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Thycotic
Attacks frequently start with one "low-value" endpoint or end-user credentials, and now more than ever, attacks on financial services firms are becoming more frequent and dangerous.
Locking down access to privileged accounts with access to sensitive data via a password vault (like the local Administrator and root, service accounts, domain administrators, and even standard user accounts) provides a significant security layer around the accounts most targeted by attackers. As financial services firms adopt IoT solutions, transition to the cloud, and a remote workforce, their systems become increasingly vulnerable to cyber-attacks and must lockdown privileged account access. Protecting privileged access is also an important security control required by most compliance and regulations audits.
The Principle of Least privilege is intended to prevent "over-privileged access" by users, applications, or services to help reduce the risk of exploitation without impacting productivity or involving the IT help desk. The least privilege model can also help curtail costs and increase efficiency.
Join this webinar to understand how to maximize the benefits of least privilege and learn just how much "privileged access" is too much. Join Thycotic's Chief Security Scientist Joseph Carson and learn more about:
- The Principle of Least Privilege
- Realities of the Zero Trust Model
- Best practices to get back in control with a remote workforce
Securing The Cloud: How Financial Services Organizations Can Protect a Disappearing Perimeter
Louis Evans, Product Marketing Manager, Arctic Wolf
Financial services and insurance firms are increasingly adopting cloud services that offer operational benefits like faster deployment and seamless scalability, while being incredibly cost-efficient and user-friendly. Unfortunately, these improvements in productivity and efficiency come with serious security concerns that are often overlooked.
In this webinar, Louis Evans, Product Marketing Manager for Arctic Wolf Networks, will cover how firms can plan to protect new attack surfaces beyond the traditional network perimeter.
Attendees will learn:
- What your responsibilities are in a shared security model, and how to enforce security policies internally and externally.
- Which threat vectors cybercriminals are most likely to exploit, including insecure APIs, security misconfigurations, administrator account compromise, and insider threats.
- How to evaluate cloud partners, including questions to ask during evaluation and procurement to ensure your new SaaS vendor will keep your data secure.
- How to monitor your cloud platforms for trademark behaviors of cybercriminals to proactively mitigate your cloud risk.
Thwarting The Threat Matrix When Transaction Velocity Increases By 40%
Nannette Cutliff, Sr. Vice President/Chief Information Officer/CISO, Pacific Service Credit Union
- Realizing that the US Federal Reserve will in fact go to 24/7
- The real-time payment and settlement service supporting faster payments has been pushed to 2021, but it’s coming
- Steadily ramping up your threat intelligence and detection to ensure your defense is ready for the tsunami of offense on it’s way
- Threading the needle on compliance to ensure a full real-time cyber security toolbox
Day Two: September 16
Chairperson’s Opening Remarks
The Intersection of Crises and Regulation
Cynthia Burke, Program Manager, Capsule8
Sweeping regulation tends to occur in the wake of crises - as the world navigates tremendous financial, political and social upheaval how might this impact ‘business as usual’ when it comes to security and compliance? Schrems II and the invalidation of the EU-US Data Privacy Shield in July of 2020, accelerated migrations to the cloud with a heavily distributed workforce now working on heavily distributed systems, record-setting compliance related fines from a broad cross section of industries - these are all indicators in terms of where we may need to focus attention specifically in regards to security and compliance in the years to come.
In this session we will look at useful areas of focus for those working in security and compliance even amid so many unknown unknowns. We will discuss the increasing importance of data privacy programs, and how those programs intersect directly with your security and operation teams. As we wait on clarifying guidance in the wake of Schrems II, this session will outline some useful approaches and preparations you can begin now - there will undoubtedly be an uptick in security questionnaires, additional scrutiny leveled against your existing audit practices, reports and certifications - repeatable evidence-based outcomes to prove you are both secure and compliant will be paramount. This session will offer high level suggestions on navigating an increasingly complex Global landscape of compliance and security.
FS Endpoint Security Beyond Zero Trust
- Knowing that a lack of knowledge of incident doesn’t mean there has not been an incident
- Realizing your technology stack now lives with your employee’s kids
- Ensuring consistent an continual improved user cyber security awareness
- Scaling up your communications efforts as you ascend the privilege ladder
eCrime from the Front Lines
Josh Burgess, Technical Lead Threat Intelligence Advisor, CrowdStrike (Former Senior Cyber Intelligence Analyst at VISA)
Please join this session as we review the significant events and trends in cyber threat activity observed over the past year. With input from CrowdStrike’s global observations, illustrated with real-world case studies that provide insight into today’s adversaries and their tactics, techniques and procedures (TTPs), we will offer actionable recommendations that can guide your cyber security strategy and help defend against sophisticated attacks in 2020 and beyond.
Topics covered will include:
- The latest lures and attacks revolving around COVID
- An assessment of the most capable criminal threat actors.
- Content on the evolution of ransomware.
- A review of how criminal groups are successfully breaching commercial and government organizations.
Searching For FS SIEM Insights: Lost In The Data Warehouse, Drowning In The Data Lake
- Unpacking your on-prem SIEM protected data to find that you are data rich and insight poor
- Securely recalculating the calculated does not net your financial services organization a competitive advantage
- Identifying how to securely leverage external transaction velocity and buying propensity for your organization
- Gaining an understanding that the data conversation is a risk conversation
Expediting The Transformation To Universal Control Of The Infinite Perimeter
Shaju Bhaskaran, CISO, Ahli Bank QSC
- Continuing the ongoing cloud evolution
- Achieving true identity access management
- Expanding endpoint security
- Begrudgingly attaining a zero trust mindset
- Training the culture to adapt to these changes