Anything you have been wanting to know about data classification and never dared ask: From policies to processes to technology; and across privacy, regulatory requirements and intellectual property protection use cases.
This session gives you an opportunity to ask questions about privileged access management (PAM), successful use cases and requirements needed to make your PAM efforts successful. Attendees should come prepared to ask questions.
Join this session to ask questions about the latest in SIEM and monitoring and hear and learn from your peers' questions on this topic.
DCAP solutions and DLP solutions differ greatly, with the latter solution focused on the prevention of data leakage outside of an organization and the former solution focused on the protection and monitoring of data usage inside of an organization. Yet still, many clients finds themselves lost in the mix. Understanding the relationship between DCAP and DLP capabilities is critical to building an effective data security governance framework. Hence, this "Ask The Analyst" will serve to explain the market differences, compliments and ultimately right solutions for your organization.
Join this session to ask questions about the latest in Endpoint Security and hear and learn from your peers' questions on the same topic.
In this session, attendees MUST bring questions, even when afraid. Although Gartner is not in the business of determining what is compliant and what is not, foundational privacy insights can be shared between participants. Questions will be dealt with like 'what's purposeful processing?,' 'what to mind when outsourcing?,' and 'where is privacy going in the world' are only suggestions. End users only, registration required
The transformation of the world and the evolution of business suggests a different approach than the traditional model for information security. The current need does not allow the simple" NO ", as more and more we are called upon to construct quick and demanding answers. flexibility.
The Localiza case study tells how we demystify some concepts, create new (lighter) processes and become a strategic and business-oriented area, especially in the line of "adaptive security".
Internalizing a SOC operation is a major challenge and demands planning primarily involving the preparation of the teams involved. In this case study, we intend to share the entire journey of rebuilding a cyber defense operation using Cyber Security Framework NIST as a reference
Educating business managers on the value of organizational resilience is a challenge for many organizations. Often, this challenge arises because business managers don't understand or appreciate the value of availability and resilience risk information or their relationship to it, leading to no change in the level of resilience for the organization. This session will introduce how to craft risk-adjusted LPIs that will measure the organization's level of resilience.
Security and risk management leaders must develop strong incident response (IR) capabilities where personal data is compromised. Maturing legislation like EU's GDPR and Brazil's LGPD require organizations to be ready, soon. This workshop will use a scenario that highlights the impact of cross-border data flows and privacy management to help validate IR capabilities.
Organizations are experimenting with artificial intelligence in security. As evaluation procedures mature, the first disillusions happen. This session will review the state of AI and machine learning usage in various security and risk management areas, and give CISOs recommendations to:
1. Navigate towards AI marketing
2. Define evaluation principle for solutions adding new algorithmic approaches to existing security fields
3. Prepare to avoid or minimize the backlash when results are not up to expectations
Most CEOs are excellent problem solvers, but too often CISO’s seek approval rather than enable their CEO’s to participate in the decision making process. This causes disengagement, and is at the root of many of the challenges CISOs and IT leaders face. CISO’s need to use different tools to get their CEO to the table and keep them engaged so that they value the outcome of the decisions we ask for.
As complexity continues to grow and risks, threats and vulnerabilities multiply with no end in sight, how can security and risk management leaders move beyond reacting? Attendees will learn how to think differently about their role in value preservation and value creation, and how finding sweet spots in a human-to-machine continuum can help. This is the security and risk management leaders’ new imperative.
Depois de mais de oito anos de discussão no Brasil, com forte impacto do GDPR e do escândalo Cambridge Analytica, em 14/08/18 a Lei Geral de Proteção de Dados (LGPD) foi sancionada, e passa e ter a sua eficácia plena em 16/08/20. Afinal, a LGPD é boa para o Brasil? O que muda diante das leis setoriais já existentes? Qual será o papel da Autoridade Nacional de Proteção de Dados? Como as empresas estão se adequando e quais os principais riscos faltando praticamente um ano para a sua vigência? Venha conferir essas e outras questões relevantes!
Risk management is to security as dental hygiene is to preventing tooth decay and considered as attractive a topic. As in, it is not attractive at all, yet it is the proven effective way to manage, prevent, and reduce harm. No wonder it is been a struggle for large and small organizations and governments to even get a handle on security basics. It stands to reason that in the 20+ year history of professional cyber security product and service offerings that have spawned a multi-billion dollar security industry, the most engaging solutions have thrived, while the workhorse basics often fail to survive. With a young security industry still developing metrics around what practices and products can actually help prevent breaches, the world continues with a global dependence on technology that we lack the capacity as an industry to secure effectively now, and in the future. Join security industry veteran and pioneer Katie Moussouris, as she corrects some popular misconceptions about the efficacy of one of the most attractive, yet least effective on a grand scale, security trends that she herself helped ignite: bug bounties. We will go on a data-driven journey that spans labor markets, black markets, and bug markets. The arc of Internet history can bend toward sustainable security, if we correct our trajectory calculations soon.
This Meetup will discuss practical methods for increasing end user awareness of cyber threats in your organization. What's worked for you? What tools are you using? What are the most effective ways to increase awareness at the associate level and to communicate at the board level? Meetups are interactive and self-facilitated small group discussions that connect peers who share similar challenges or interests. Please make every effort to attend your selected Meetup
Share best practices and ideas on security operation center (SOC) and security information and event management (SIEM) initiatives. Meetups are interactive and self-facilitated small group discussions that connect peers who share similar challenges or interests. Please make every effort to attend your selected Meetup
Join like-minded security professionals as they share their DevSecOps best practices and ideas. Meetups are interactive and self-facilitated small group discussions that connect peers who share similar challenges or interests. Please make every effort to attend your selected Meetup
As more employees use their consumer mobile devices for work, what are the best practices for protecting the corporate network? Join other security professionals in sharing successful strategies. Meetups are interactive and self-facilitated small group discussions that connect peers who share similar challenges or interests. Please make every effort to attend your selected Meetup
Are you comfortable sharing perspectives and opinions as often as you would like? How do others react to you when you speak up? Are your views given equal weight? Do you feel you have unique challenges in your organization as a woman? Discuss practical strategies that will effect change in your organization. Meetups are interactive and self-facilitated small group discussions that connect peers who share similar challenges or interests. Please make every effort to attend your selected Meetup
A brief orientation to help guide your expereince at the event and ensure you utilize all the available resources from Gartner and the participating sponsors.
Participants should bring their experiences on vulnerability management and the challenges they face to make it an effective security measure. The Roundtable will focus on experiences related to moving vulnerability management programs beyond the basic “scan and patch” first steps, and how deal with the challenges brought by new trends such as cloud and devops.
Identity Governance and Administration (IGA) is frequently the largest investment that organizations will make in their identity and access management (IAM) programs. Join this roundtable for a discussion on typical challenges, strategies and lessons learned that may facilitate the adoption of IGA initiatives.
DevOps methodologies use continuous integration/continuous deployment pipelines to speed up the time from inception to production. When credentials are copied, mishandled or exposed, this creates major security problems. Support for DevOps in PAM tools is emerging to support these agile environments and to secure the DevOps toolchain.
Join this roundtable for a discussion on lessons learned that may facilitate the understanding and implementation of the LGPD (Lei Geral de Proteção de Dados).
Entenda como melhorar a forma de se proteger as ameaças existentes e emergentes.Deixe de agir de forma reativa e passe a agir de forma proativa utilizando inteligência contra as ameaças. Mostraremos o caminho que deve ser seguido para que seja possível aprimorar a abordagem de segurança incluindo uma visão completa do risco digital e metodologias para prever e prevenir contra ataques cibernéticos.
Em uma empresa é critico manter disponibilidade constante de dados que são decisivos nas decisões do negócio. TI e Segurança devem estar preparados para uma visão compreensiva nas respostas a incidentes de segurança e perda de dados. A prevenção não é suficiente para antecipar e proteger contra ataques maliciosos. Sessão com quem há mais de 10 anos investiga ataques de cibercriminosos no Brasil.
Como o Banco Original criou a sua estratégia e os planos operacionais e táticos para enfrentar as ameaças cibernéticas cotidianas de um dos principais bancos digitais do Brasil.
As empresas enfrentam a constante e crescente ameaça de violações de dados a cada ano. Mas o custo de uma violação é diferente para todas as organizações. Descubra nesta palestra os insights do Brasil e do mundo sobre os impactos de um vazamento de dados, que vai além de um desafio técnico, e afeta todo o negócio: da sua relação com os clientes, ao faturamento da companhia.
Ter uma empresa segura e em conformidade exige muitos esforços, sendo primordial a monitoração de incidentes e vulnerabilidades. O monitoramento contínuo de riscos se aplica a casos de uso, como phishing e gerenciamento de vulnerabilidades, conectado às iniciativas de SOAR (Security Orchestration, Automation and Response) e IRM (Integrated Risk Management). Saiba mais e evite riscos cibernéticos.
Há atualmente, um grande problema com relação à proteção de dados e mais fortemente em relação à visibilidade e controle das informações armazenadas e em movimento: No Brasil, 78% das organizações reportam incidentes de segurança causados por práticas imaturas, de acordo com recente pesquisa da Symantec sobre Segurança na Nuvem. Visibilidade é a chave para uma estratégia de proteção de dados, sem a qual, as empresas operam às cegas. Uma estratégia Zero Trust (Confiança Zero), construindo um perímetro definido por software e adotando tecnologias que não dependem de servidores e contêineres, são partes críticas desse processo. As organizações devem desenhar arquiteturas de segurança com atenção especial à escalabilidade, enquanto implementam automação e aplicações na nuvem.
O mundo está mudando muito rápido. Não serão os grandes que vencerão os pequenos, mas sim os mais rápidos que chegarão à frente. A necessidade de agilidade e escala atinge todos os mercados. Saiba como garantir a segurança de dados e do seu negócio nesse novo mundo do DevOps.
Digital investment accelerates business velocity, transforms constituent experiences and spawns new opportunities. But this formidable force for human progress also magnifies risk; it accelerates change and complexity, inviting new threats and devastating impacts. Security leaders are left reframing a new answer to an old question: Why? Managing digital risk is the new why for cybersecurity.
Discussions around AI often fail to move past the speculative. Cyber AI, however, is deployed by thousands of organizations to detect and stop advanced, fast-moving, and stealthy cyber-threats. Those that fail to deploy AI today may find themselves unable to detect the attacks of tomorrow. In this session, learn how enterprises of all sizes and industries leverage AI to regain the advantage.
Nunca confiar e sempre verificar. Esse é o princípio básico do modelo Zero Trust, uma nova forma de enxergar a segurança da informação. Nesta sessão, iremos discutir os desafios que as empresas podem enfrentar, os impactos e as possíveis abordagens durante a jornada de adoção do novo conceito..
Neste painel, líderes da Gerdau e Orizon, relatam suas experiências e debatem a tendência de gestão da identidade como um barramento de serviços. No ambiente em nuvem, que é essencialmente inseguro, a identidade passa a ser o ponto de partida da transformação digital. Como agilizar o acesso aos recursos e aos dados de negócio e assegurar políticas controle de risco e conformidade com a LGPD?
Com a Transformação Digital, os dados corporativos estão em todos os lugares, sendo em dispositivos pessoais ou corporativos. Apps em nuvem geralmente administrados por soluções legadas, quando mal configurados, fornecem aos atacantes pontos de entrada. Venha entender como é possível se defender usando uma única plataforma de segurança em nuvem com nosso convidado especial Victor Detoni.
Blackberry Cylance will highlight how Machine Learning reduces time to detection, containment and remediation within the enterprise. Leveraging multiple real world use cases we will walk attendees through how incidents can be significantly less stressful as a result of the right technology advancements being in place.
Em tempos de LGPD, todos estão preocupados em se adequar e proteger suas informações, enquanto cibercriminosos pensam em mudar seu foco de atuação para aumentar seus ganhos. E, por vezes, o FUD e a guerra de informação permeiam o dia-a-dia dos responsáveis pela segurança das corporações. Nesta palestra serão abordadas percepções e implicações nem sempre tão óbvias em relação a estes novos desafios
Como convidado especial, Caso de Sucesso – Setor Financeiro
With our “Under the Hoodie” report revealing that 96% of penetration testing engagements saw at least one vulnerability exposed to attackers, it’s clear that penetration testing remains an essential component of a holistic vulnerability management strategy. With Rapid7 penetration testing services, you get a real-world view of how attackers could exploit your vulnerabilities, along with guidance on how to stop them.
Ataques cibernéticos evoluem diariamente, por isso os processos de resposta a incidentes, do CyberSecurity Operation Center, necessitam atuar com inteligência, automatizações e orquestrações. Com base neste cenário, demonstraremos uma resposta a um ataque em tempo real, e como nosso CSOC tem sido efetivo para a proteção de dados do INEP, responsável por estudos e pesquisas educacionais do governo.
Seguramente, adotar a transformação digital exige confiança. Essa confiança é constantemente testada à medida que as empresas, cada vez mais dinâmicas, ampliam sua superfície de ataque. Os líderes de cyber segurança devem equilibrar investimentos no mundo digital e benefícios de negócio com níveis aceitáveis de risco.
Interação com o CEO Michael Gamliel: Como uma única ferramenta israelense pode te dar nas mãos tudo o que você precisa sobre auditoria, compliance, análise comportamental e de produtividade, prevenção a ataques, auditoria de vazamento de dados, inventário de ativos, sem sobrecarregar a rede ou nos endpoints e ainda economizar muito, e tudo em tempo real?
O avanço do ciber crime em função do aumento da inteligência coletiva, colaboração e uso de inteligência artificial vem tornando cada vez mais complexo o processo de identificação e mitigação de ataques, aumentando o risco para as empresas e criando uma distancia cada vez maior entre o ideal de proteção necessária e o possível/Viável utilizando os recursos existentes.
Segurança é negligenciada porque impacta as entregas de software, forçando a área de segurança a realizar apenas penetration testing. Tentando agilizar, empresas adotaram ferramentas SAST com a promessa de resolver o problema, o que não torna o processo seguro e aumenta o custo e prazo. Discutiremos a adoção de AppSec integrado aos times de desenvolvimento sem impactar as entregas de software.
As regulamentações de proteção de dados pessoais trouxeram novos papéis e responsabilidades com a criação do DPO (Data Protection Officer) e o DPA. Qual o melhor perfil para o DPO? Onde ele se encaixa no organograma? Ele pode ter o apoio de um chatbot? Essas e outras são algumas das questões a serem abordadas pela Patricia Peck, PhD e Kaspersky no teatro tecnológio no dia 13/08 ás 12:20.
Hospitais e clínicas são ambientes ricos em dados sensíveis. Protocolos de comunicação e tecnologias específicas da área médica podem ser exploradas para causar vazamentos de informações sobre pacientes. Esta palestra tem como objetivo apresentar os resultados de minha pesquisa sobre segurança de equipamentos médicos e soluções frequentemente utilizadas em ambientes hospitalares.
Detalhes adicionais em breve!
In this session, watch how cyber AI stops threats in real time. Faced with a new era of automated attacks and subtle insider threat, the traditional model of protecting against yesterday’s adversary falls short. By learning what is ‘normal’ for every user and device, cyber AI can detect novel threats. It can even autonomously enforce that ‘normal,’ stopping attacks before they can do damage.
Veja nesta sessão como a Trend Micro combate a sobrecarga de alertas e maximiza o impacto das equipes de segurança com visibilidade mais ampla e análise de segurança especializada para uma detecção mais rápida com o XDR.
Quais os tipos de ameaça originados na Dark Web? Conheça alguns dos serviços ofertados num dos ambientes tecnológicos mais hostis que existem e entenda o por que sua empresa deve se preocupar. Traremos também uma sugestão de abordagem para fortalecimento do ambiente tecnológico ressaltando as principais dificuldades que as empresas normalmente possuem quando buscam uma adequação de seus ambiente.
Organizations today have challenges trying to identify critical business functions, translating these to the modern assets they apply to, and attempting to identify the risk associated with each. This session will focus on addressing this challenge. We will discuss how to potentially mitigate risk through data science and machine learning. Do not miss it!
Grande tendência no mercado financeiro, o Open Banking cria discussões sobre o compartilhamento de dados pessoais, já que outros bancos e terceiros terão acesso a informações de conta e pagamento dos clientes. Mostraremos, nesta apresentação, como garantir que a privacidade dos dados e plataformas correlacionadas sejam monitorados por meio de controles de segurança adequados.
Nesta sessão iremos desvendar as soluções de orquestração, evidenciando qual é o tempo real gasto em uma resposta a incidente realizada por um analista de SOC e como uma solução de SOAR trata a mesma resposta de forma automatizada.
A história vem mostrando que mesmo aquelas empresas que investem de forma pesada em segurança - seja com tecnologias avançadas, processos e equipe especializada - não têm conseguido resolver a questão de forma adequada. Mas por que isso acontece? Atitude reativa e pontual é um dos motivos, mas não o único. Nessa sessão falaremos sobre os problemas comuns nos projetos de SI e como se livrar deles.
Usuários usam mais livremente os dispositivos móveis e serviços na nuvem. O problema é que utilizam uma mistura de conteúdo “pessoal” e “comercial” no mesmo dispositivo com responsabilidades compartilhadas entre cliente e provedor de serviço. É mais provável que cliquem em um link malicioso em um dispositivo móvel do que em um laptop. Já avaliou o impacto desses vetores de ataque na sua empresa?
Organizational resilience must evolve with the changing needs of the modern digital world. Gartner offers a three- to five-year outlook and guidelines for security and risk management leaders to advance this discipline and achieve business outcomes. This presentation will discuss how to roll out an organizational resilience program that matches your organizational driving type.
Organizations have embraced agile development methodologies and DevOps practices, and technical professionals must find ways to integrate application security into this world.
1) What are the ways to modernize secure design practices like threat modeling?
2) How can we perform continuous security testing as part of CI/CD?
3) How do you effectively leverage security controls external to code?
The benefits of information/cybersecurity must be translated into business terminology. This presentation describes proven methods for linking the security to business value.
- What are proven strategies for obtaining business support?
- What is a practical model for communicating the value of a security program?
- What techniques can be used for justifying security projects?
Security and risk management leaders need to develop security strategies that treat data as a pervasive asset (and liability). New data privacy laws and the continued growth of data breaches are increasing business risks. Data security governance is an emerging risk-based framework that will help plan and orchestrate policies across data security products that are siloed and do not integrate.
Application security testing is challenged by the pace and complexity of application development. In this session, we will cover how application security testing technologies and offerings might advance in the coming years to meet the demands of digital business.
Data Loss Prevention has a mixed reputation as a resource intensive technology for the level of prevention it provides. Yet, the visibility it provides can be a force in reshaping policy, processes, and data usage behavior and tuning the enterprise towards compliance and risk reduction. This presentation describes key organizational success factors for DLP implementation or rehabilitation.
Security and Risk Management Leaders should implement or improve upon these Top 10 security projects in 2019. Any security project must be supported by technology, address the changing needs of cybersecurity and reduce risk by adopting a CARTA strategic approach with all security projects.
A one-page cybersecurity strategy has been the goal for CISOs forever and the effort always falls short. They are too technical and don't resonate with the business people, or are so "soft," technical staff doesn't know what to do with it.This session will show you how to craft a simple, easy to use one page strategy to propel your program to success.
The Elasticsearch, Logstash and Kibana (ELK) stack has become popular as a cheaper alternative to more complex and expensive solutions for centralized log management or even SIEM. ELK is often used as a first step when organizations decide to "do something about the logs." Is it really a good option for security? Can I replace a SIEM with ELK? What are the best practices for adopting it?
Microsoft Office 365 is becoming the most significant provider of rights management software, while DLP within O365 is growing in significance. As businesses confront their data security gaps and pitfalls, knowledge on a combination of both solutions within O365 is imperative. These solutions will aid businesses in detecting sensitive data, and further applying restricted access to ensure the successful use and transit of business information. This session will discuss innovations, triggers, and pitfalls of the future of rights management and DLP software within Microsoft O365.
Have you ever questioned the following?
- What Security Framework is appropriate for my enterprise?
- Can I just align and implement controls found in ISO27001, CIS CSC, HITRUST or NIST CSF?
- How do I begin to measure my progress in terms of Maturity?
- How do I map all of this back to my business needs? If so, you are not alone.
Security and Risk Management leaders are often faced with the continuous challenge of developing and (re)shaping their cybersecurity program strategy based on changing business needs and risk appetite. To complement this, leaders are often tasked with picking a defensible framework that aligns with an appropriate controls catalog based on repeatable and scalable processes. However, Gartner Research continues to show a cultural disconnect between foundational elements of program management and changing business needs. This presentation will define the basic elements of a security program, describe the differences between each layer, and tie them into an overall strategy planning process that will ensure a defensible security program that facilitates business needs.
Email gateways are the most deployed control against phishing. However, prevention is far from perfect. In this session, we discuss the human role in both phishing detection as well as phishing response.
● How can we best change user behavior?
● What are the best practices for security operations when dealing with phishing?
● Which emerging solutions can support with phishing detection and response?
For years, network and endpoint security solutions have been packaged separately for discrete buying centers. While silos still exist within many enterprises, more security and risk leaders are considering using integrated network and endpoint tools to detect and stop advanced threats, including ransomware. This presentation will provide best practices for implementing integrated network and endpoint advanced threat detection solutions.
Lawmakers have created the EU's GDPR, and now Brazil's LGPD. Is that the only reason to 'get privacy,' or are there more benefits and drivers for change? If so, what then are the core elements of a sustainable privacy management program? This presentation deals with real examples and the key focus points for security and risk management professionals working in Brazil.
Cloud service providers have been busy enhancing and deploying increasingly more capable security services. What workload security services are currently available to cover your most pressing concerns? Workload security begins in development and build – learn how cloud provider’s automation services can help tighten deployments along with necessary run-time capabilities.
This session maps out security features that may be useful to comply with Regulation 4658 in the process of adopting Cloud-Based services.
Most organizations have an incident response plan to cover malware outbreaks, or very specific data loss scenarios. There are three additional scenarios that every incident response plan should include, and this session will cover what you should add to your incident response plan to better cover incidents of compromised credentials, insider threats and ransomware.
How will we defend our networks in 2029? Will the network firewall be a quaint historical oddity as controls are pushed toward the endpoint? Will all security functions be delivered as a service, protecting 100% cloud infrastructures? Will attackers employ artificial intelligence more effectively than defenders can, rendering our industry helpless? Listen to a panel of Gartner experts debate these and other topics, and be prepared to vote on positions you find correct.
LGPD will be required in Brazil as of August 2020 and all companies need to be compliant by then. It is necessary to implement a privacy management program for the project. This session will present the important steps in the process of creating such programs and lessons learned from clients Gartner clients on how to implement LGPD in Brazil.
Buying IAM solutions requires detailed analysis of vendors, solutions and alternatives. Learn to use this five-step approach to structure the evaluation process, derive your shortlist, choose a solution and negotiate the best price.
The increased use of AI in security has not gone unnoticed by attackers. In this session, we explore the attacker’s perspective on machine learning, covering adversarial as well as nefarious ML.
● How attackers may attack security solutions based on ML at training and at prediction stages
● How ML may accelerate innovation in attacker techniques.
As the practice of cloud-native application design gains momentum, technical professionals must secure the underlying workloads and containers that power the resulting applications.
1- What are the relevant threats throughout the container lifecycle?
2 - What controls are effective for securing containers during build phases?
3 - What controls are effective for securing containers in runtime?
IGA deployment initiatives are a potential minefield for many organizations that risk costly delays, difficult integration and lower overall value. Gartner has identified common anti-patterns for IGA adoption that range from the planning phase to the actual deployment and integration. Learn how to identify and avoid these common mistakes and plan for a successful IGA deployment by focusing on value and using Gartner's IGA deployment model.
This session will cover how device management has evolved from separate tools to a new single unified endpoint management (UEM) console. It will examine the challenges faced by newly formed end-user computing groups from issues such as BYOD and the ever exploding diversity of devices in the digital workplace.
Digital society is a fact, taking shape as we continue to develop our organizations and value propositions in communities, contact and collaboration. The changes ahead may be unforeseen, though must be guided and chosen deliberately to maintain universal human rights like privacy and freedom. Ethical dilemmas enable the conversation and provide the choices to be made to achieve the synergy needed between what your customer wants and what your technologies enable.
Many vulnerability management programs fail to properly prioritize vulnerabilities for remediation, overloading the IT teams responsible for patching and testing systems. This sessions covers what organizations must do to properly prioritize vulnerabilities identified by vulnerability assessments. How to go beyond CVSS? How to expand prioritization to incorporate asset and threat context?
Data, data everywhere and not a drop should leak. Your enterprise data wants to travel as broadly as it can — not only within the enterprise but across a panoply of cloud services and an endless proliferation of endpoints.
- Who needs heroic levels of DLP?
- How can you monitor, track and manage something seemingly impossible?
- What are the best product and service options available today?
Digital transformation continues to challenge the conventions of information risk and security management. It requires a coherent digital security program based on a clear vision and strategy. This presentation will:
- Share a compelling vision for security and risk management.
- Identify the key 'digital differences' that must be integrated into the security program.
Cloud Workload Protection Platforms (CWPP), Cloud Access Security Brokers (CASB), and Cloud Security Posture Management (CSPM) tools have features which overlap but don’t fully take on the capabilities of each other’s groupings. Come and hear about these types of cloud tools and learn about the sorts of risks they address and architectural considerations which influence their fit into cloud security deployments.
Modern security operations are evolving. They heavily rely on foundational technologies such as SIEM to accomplish their mission, and also adopt various analytics approaches. They struggle with more automation — of both thinking and acting — that promises to relieve humans from the routine tasks, but sometimes adding more work to the overworked security teams. This session will address these key issues: (1) What defines best-in-class security operations of 2018? (2) What trends are affecting security operations? (3) What will the future bring?
This session provides an overview on the state of risk management planning, decisions, challenges and solutions. This expands on the "State of Risk Management" from previous summits. In 2019, this outlook will converge three parallel risk conversations — digital transformation, information risk, and building and maintaining resilient organizations.
Faltando 1 ano para a Lei Geral de Proteção de Dados entrar em vigor, nesta mesa redonda discutiremos os desafios práticos do dia a dia ao implementar os controles necessários e estar em conformidade com a lei.
Após a fase de identificação de áreas críticas e mapeamento de processos, surge o momento de planejar as implementações tecnológicas necessárias para proteger os dados e garantir o cumprimento da legislação.
Segurança é uma corrida onde atacantes e defensores jogam um jogo de gato e rato constante. Quais as tendências de ameaças atuais? Você está preparado para monitorar, detectar e responder incidentes na sua empresa?
Uma nova variante de um malware focado em usuários brasileiros analisada pelo Morphus Labs emprega técnicas avançadas e criatividade para evadir camadas de segurança e roubar os dados de suas vitimas. Entenda porque a eficácia das politicas de segurança diminui com a criatividade dos criminosos.
Between cloud, IoT, 5G, and global supply chains, the modern enterprise is increasingly complex. While digital transformation projects push businesses’ boundaries, they also expose organizations to novel cyber-threats. In an era of constant change, cyber AI that detects and stops threats in real time enables businesses to keep pace with innovation, while also keeping pace with cyber-attacks.
Você está preparado para discutir novos projetos com as equipes de DevOps? Entenda com Rodrigo Bonfim do Banco Pine utiliza tencologias da Trend Micro aplicadas ao seu ambiente de DevOps. Entenda como você e sua equipe de segurança podem apoiar, integrar e facilitar a vida destes diferentes times (Infra, Dev, Q&A) oferecendo segurança automatizada, integrada e se adequando a estes novos desafios.
A velocidade com que a nuvem pode ser “adotada”, cria vulnerabilidades que podem ser exploradas por grupos de ataque. Um estudo inédito da Symantec aponta que o número de aplicativos de Shadow IT em uso por organização é 4x maior do que o percebido. Alguns dos principais pontos incluem: - O ambiente de TI híbrido - Zero Trust: Adeus às senhas - Como proteger as informações no contexto da LGPD
Bate-papo com Fernando Santos - Head of Enterprise Sales Kaspersky - sobre ameaças, táticas e estratégias avançadas em cybersegurança.
Successful Gartner clients often mention a "use case first" approach to their SIEM deployment, across both internal, co-managed or fully outsourced models. But what is a use case, and how can Security and Risk Management leaders adopt a "use case first" approach? In this session we will take an actionable and pragmatic approach to developing security use cases for your SIEM.
Sustainable disruption brings relentless pressure to change and adapt, while keeping the spirit of a startup mindset. This session will address how emerging tech CEOs can enable organizational mechanisms by empowering disruptive thinkers and leaders without formal authority. This session will include an interactive project where attendees are asked to work together to create an object as a team and discover their own leadership style.
A PIA (privacy impact assessment) can be a documentation burden sometimes. Still, it is imperative that organizations understand how privacy compliance enables business outcomes, and how to improve control over their privacy operation in general. This workshop guides attendees through a quick scan approach, and allows for comparative discussion among peers. Relevant for your ROPAs, outsourcing instructions, DPIA and security requirements.
This workshop will help IAM leaders develop metrics that can help them to communicate more effectively about the state of their IAM programs and, ultimately, manage those programs better.