How to Make Sense of Cybersecurity Frameworks
Frank Kim, Senior Instructor, SANS Institute Security is complex. Explaining it to others is difficult. Frameworks are supposed to help make this easier. But they too are often complex. Learn a model for organizing the vast array of frameworks so that you can simplify the complex world of security and build a more effective program. Hear from Frank Kim, security leader and CISO, as he shares his experiences implementing common frameworks.Learning Objectives:1: Understand how to organize the different types of security frameworks.2: Learn how to use different security frameworks together.3: Discover how to communicate results and drive program execution. Pre-Requisites:Experience building and leading security programs and making decisions on how to structure cybersecurity teams.

How to Build a Cybersecurity Program based on the NIST Cybersecurity Framework
https://www.nhls.com - The NIST Cybersecurity Framework (CSF) provides a prioritized, flexible, repeatable, performance-based, and cost-effective approach to managing cybersecurity risk at all levels in an organization. It is applicable to organizations of all sizes and sectors. This webinar addresses using the NIST Cybersecurity Framework and the following topic areas: (a) Today’s cybersecurity landscape and cyber risks; (b) Considerations for building a cybersecurity program (engineering, technology and business); (c) Adopting the NIST Cybersecurity Framework; (d) Cyber-Risk Assessments, executive scorecards, and roadmaps to remediate control gaps; and (e) Resources.

The Cybersecurity Framework
Learn more about why organizations of all sizes and types should be using NIST’s voluntary Cybersecurity Framework, which is based on existing standards, guidelines, and best practices. Created through collaboration between industry, academia and government, the flexible Framework helps organizations manage their cybersecurity-related risk.

How to Plan for and Implement a Cybersecurity Strategy
Planning and implementing a security strategy to protect a hybrid of on-premises and cloud assets against advanced cybersecurity threats is one of the greatest challenges facing information security organizations today. Join Lex Thomas as he welcomes back Mark Simos to the show as they discuss how Microsoft has built a robust set of strategies and integrated capabilities to help you solve these challenges so that you can build a better understanding how to build an identity security perimeter around your assets. What does a Cybersecurity architecture guide look like? What does the Cybersecurity landscape look like? What does the evolution of IT and Microsoft Security look like? What does a platform security approach look like? Can you describe the benefits of an Integrated Security Experience? How do you measure security success?

Cybersecurity Roadmap: Global Healthcare Security Architecture
Nick H. Yoo, Chief Security Architect, Global Healthcare IT Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed global security architecture outlining foundational and differentiated controls for their most sensitive applications.

ISMS [ ISO 27001 ] | INFORMATION SECURITY POLICY - How to Write
ISMS [ ISO 27001 ] - How to write Information Security Policy

DEVNET 1158 - Cognitive Threat Analytics - Behavioral Breach Detection via TAXII/STIX API
Speaker: Petr Cernohorsky. Introducing Cognitive Threat Analytics (CTA), Cisco's automated breach detection technology based on statistical modeling and machine learning of network traffic behaviors, whose goal is to identify end-user devices within the monitored network that from network perspective do not represent a communication of a legitimate human user behind their web browser, but actually represent a malware-infected (breached) device establishing its command & control communication to an external malicious infrastructure. The CTA technology produces actionable security intelligence for security operations and threat research to act on. The STIX/TAXII API standards are being used for the security intelligence interchange. An integration is available with the leading SIEM vendors and other STIX/TAXII compliant clients. For all the DevNet Zone 2015 San Diego

DEFCON 19 (2017) We (the government) are Here to Help: How FIPS 140 Helps (and Hurts) Security
Speaker: Joey esca Many standards, especially those provided by the government, are often viewed as more trouble the actual help. The goal of this talk is to shed a new light onto onesuch. Speaker: Muhaimin Dzulfakar Security Consultant, security-assessment.com This talk focuses on how MySQL SQL injection vulnerabilities can be used to gain rem. DEFCON 19 (2017) -

Trusted Internet Connections (TIC) 3 Webinar
In this webinar, Jim Russo of GSA's Office of Information Technology Category and Sean Connelly of the Cybersecurity And Infrastructure Security Agency break down the Office of Management and Budget's Trusted Internet Connections (TIC) 3.0 guidance. Learn how agencies can adopt popular cloud models while still meeting security standards. Visit https://www.cisa.gov/trusted-internet... to learn more. www.gsa.gov

ACT-IAC Networks and Telecommunications COI: Trusted Internet Connection 3.0
ACT-IAC Networks and Telecommunications COI on July 30, 2020 Featured Topic: Trusted Internet Connections 3.0 Presenters: Sean Connelly, Cybersecurity and Infrastructure Security Agency Jim Russo, General Services Administration Joseph Drummond, Cybersecurity and Infrastructure Security Agency

What is Zero Trust Security?
Zero Trust security is no longer just a concept. It has become an essential security strategy that helps organizations protect their valuable data in a “perimeter-everywhere” world. Get the Ultimate Zero Trust Guide: https://bit.ly/2ObCwrS Zero Trust Networks is about having the ability to “Divide and Rule” your network in order to reduce the risk of lateral movement so, in the event of a breach, the threat is easily contained and isolated. Learn more and visit, https://bit.ly/2QFx1U9 for your guide to Absolute Zero Trust security

Implementing a zero trust security model at Microsoft | BRK2240
The traditional perimeter-based network defense is obsolete. Perimeter-based networks operate on the assumption that all systems within a network can be trusted. However, today’s increasingly mobile workforce, the migration towards public cloud services, and the adoption of Bring Your Own Device (BYOD) model make perimeter security controls irrelevant. Networks that fail to evolve from traditional defenses are vulnerable to breaches: an attacker can compromise a single endpoint within the trusted boundary and then quickly expand foothold across the entire network. In addition digital transformation will require the security approach change from placing trust in devices attached to corporate networks to an approach where trust is verified with identity and device health validation regardless of connectivity location. In this session, learn how we’re implementing a zero trust model at Microsoft for 150,000 users and 600,000 end points across 120 countries. Learn for Microsoft 365 -- https://aka.ms/GetstartedM365

Zero Trust Architecture: It's All About Identity
The premise of Zero Trust is "don't trust, verify." This approach applies to users, devices, and connectivity sessions and is extremely well suited to supporting remote workforces securely. Zero Trust architecture has been around for many years and embodies this change, yet many organizations have not shifted from the old security models of the past. This has resulted in data loss, credential leak, millions in financial losses and countless hours of lost productivity. In this webinar recording, OCG Principal Architects Frank Urena and Mark Riley discuss: - Defining Zero Trust, Selecting the components of Zero Trust that make the most sense for your organization, Applying Zero Trust in a Microsoft hybrid cloud environment, Where do you begin your journey?

The Fallacy of the "Zero-Trust Network"
Paul Simmonds, CISO / CEO, Global Identity Foundation In an industry that loves it marketing buzzwords, “zero trust” is the latest in a long line of buzzwords that have a liberal coating of marketing BS. This session will separate fact from fantasy, marketing hype from practical reality, and explain why although a zero-trust network may be an oxymoron, and zero-trust architectural mindset should be where we all need to end up.Learning Objectives:1: Understand what zero trust actually means.2: Understand the benefits of a correctly implemented zero-trust architecture.3: Understand the business benefits from such an architecture. Pre-Requisites:Networks and security architecture.