All episodes
-
State of Cloud Security for Financial Services
Troy Leach, Chief Strategy Officer, CSA, John DiMaria, STAR Program Director, CSA, and Aly Farooqui, CRO, IBM Cloud
In this webinar, Cloud Security Alliance will discuss the growth of cloud services for banking, fintech, crypto exchanges and other organizations managing financial data. Additionally, we’ll discuss CSA’s current efforts to work with industry on pilot programs and other projects to improve cloud migration, reduce regulatory redundancy, and improve security of third-party providers. This will also include a forecast of future opportunities to collaborate within CSA for financial services best practices going forward.
-
Governance in the Cloud - Managing Data Regulation
John DiMaria, CSA; Claudia Rast, Butzel Long; and David Harris, Object Management Group (OMG)
Whether you noticed it or not, data governance is very much back on the agenda globally, from the European General Data Protection Regulation (GDPR), to California's personal data and privacy law and everything in between. When doing business globally, the data chain of custody and associated responsibility, including data retention, is an increasingly important consideration as we move towards cloud-based data management services and big data analytics.
During this session, we will take you through the major changes around the world, delve into data governance issues and how they may impact the financial industry, and provide some predictions of upcoming trends. We will also discuss the current landscape and why the adequacy of the current regulations is still being debated. -
Best Practices for Effective Third-Party Management
Troy Leach, CSO, CSA; Brian Soby, CTO, AppOmni; Tom McAndrew, CEO, Coalfire; Vinay Patel, CISO, Finastra
Billions of financial transactions are routed digitally all over the world each day, requiring many third-party service providers to protect not only the confidentiality and integrity of the information but also be able to clearly demonstrate to their cloud customers adherence to regulatory expectations.
This session will explore the Top 5 risks for third-party cloud services and recommend risk-management best practices for successfully protecting financial data.
-
CSP Perspective Working with Financial Services
John DiMaria, STAR Program Director, Cloud Security Alliance and Ronald Tse, Founder and CEO, Ribose
Cloud Service Providers (CSPs) are often the first line of defense regarding new technology. CSPs support various financial services companies, including banks, insurance firms, asset managers, and investment funds. The role of a CSP is to provide the tools and infrastructure required to support these organizations' operations, whether it be a data center, disaster recovery site or any other IT requirements.
Our panel of CSP representatives will discuss how cloud providers support the financial services industry and what the industry needs from the cloud, and how using STAR as due diligence facilitates implementing good security posture for high-risk sectors.
This is an excellent opportunity for anyone who works in the financial services industry or wants to learn more about what it means for their business moving forward!
-
Empowering Cloud Security Professionals in Financial Services
Troy Leach, Cloud Security Alliance, John McDonald, Barclays and Jimmy Barber, Global Payments
As more of Financial Services migrates to cloud operations, managers must plan for ways to train up their technology workforce, supplement with industry expertise where necessary and develop new strategies to adequately address a complex world of IT operations, security and regulated data. John McDonald, Chief Cloud Controls Officer at Barclays and Jimmy Barber, VP Cloud Security at Global Payments join this session of FinCloud Fridays to share their experience and recommendations to empower cloud security staff to keep pace with industry change to protect critical assets and demonstrate assurance to corporate expectations.
-
ON2IT Zero Trust Implementation for Financial Institutions
John Kindervag, Senior Vice President of Cybersecurity Strategy, ON2IT and Erik Johnson Senior Research Analyst CSA
Join John Kindervag, Senior Vice President of Cybersecurity Strategy at ON2IT Group and esteemed Fellow and Founder of Zero Trust, as he delivers an insightful webinar exclusively for the CSA Financial Services community.
In this session, John will delve into the On2IT managed service Zero Trust implementation methodology and its practical application within a fictional financial institution. Zero Trust, a comprehensive enterprise security strategy, addresses the unique challenges of modern, cloud-centric, and remote work environments. It encompasses various aspects such as cloud and multi-cloud environments, internal and external user endpoints (including organizational and BYOD devices), on-premises and hybrid systems, as well as considerations for both operational technology (OT) and the Internet of Things (IoT).
Don't miss this opportunity to gain valuable insights into implementing Zero Trust within the financial services industry. Register now for this informative webinar.
-
Securing Robotic Process Automation in Finance: Safe & Efficient Automation
Larry Whiteside Jr., Co-Founder and President, Cyversity and John DiMaria, CSA STAR Program Director
The finance industry is constantly evolving, driven by the need for increased operational efficiency, reduced costs, and improved accuracy. In this context, Robotic Process Automation (RPA) has emerged as a transformative technology that enables organizations to automate repetitive and rule-based tasks, freeing up human resources for more strategic and value-added activities. But with taking tasks out of the hands of humans comes potential security vulnerabilities.
This presentation explores the implementation of Robotic Process Automation (RPA) initiatives in the finance industry while addressing the crucial aspect of security concerns. It begins by introducing RPA's role in automating repetitive tasks and its benefits to the finance industry, such as improved accuracy and reduced costs. However, the session will acknowledge the potential security vulnerabilities associated with RPA and emphasize the need for proactive measures to mitigate risks. We will delve into specific security challenges, including unauthorized access to sensitive financial data and inadequate control over robot activities, while also highlighting compliance requirements and regulation best practices, such as the importance of continuous monitoring, auditing, and incident response mechanisms to detect and address security breaches is also discussed.
Overall, this presentation provides participants with a comprehensive understanding of RPA initiatives in the finance industry and the necessary steps to address security concerns. It equips attendees with practical strategies and best practices to deploy RPA while ensuring a safe and secure operational environment.
-
Bon Appetite: Determining Cyber Risk Appetite Pertinent to Cloud Computing
Matthew Tolbert, Senior Risk Specialist, Federal Reserve & Troy Leach, Chief Strategy Officer, Cloud Security Alliance
A well-defined cyber risk appetite is foundational to building any firm's information security program in alignment with a firm’s business objectives and values. Yet guidance on what makes a cyber risk appetite effective--especially for firms that will significantly rely on cloud platforms--is arguably lacking, including standards for establishing risk appetite compliance thresholds from KPIs, KRIs, and KCIs. This talk will share current and forthcoming guidance and practices for developing a cyber risk appetite pertinent for firms that will rely on secure critical cloud-based operations.
-
Mapping the Cloud Control Matrix (CCM) 4.0 to PCI DSS 4.0
Kerry Steele, Coalfire; Dan Stocker, Coalfire; Adam (Sully) Perella, Schellman; & Troy Leach CSA
Join us for an informative webinar as we delve into the recent release of the Cloud Control Matrix (CCM) version 4.0 by the Cloud Security Alliance (CSA) and its mapping to the latest iteration of the Payment Card Industry Data Security Standard (PCI DSS) version 4.0. In this session, we will explore the intricacies of these essential industry standards and how their alignment can enhance security and compliance within the cloud environment.
Our expert panelists will discuss the key changes and updates in both the CCM 4.0 and PCI DSS 4.0 standards, highlighting their significance in today's evolving cybersecurity landscape. Through practical insights and real-world examples, attendees will gain a deep understanding of the intersection between cloud security best practices and payment card data protection.
Whether you are a cloud service provider, a PCI DSS-compliant organization, or a security professional seeking to bolster your knowledge, this webinar offers a valuable opportunity to stay current with industry trends and best practices. Don't miss the chance to explore the synergy between CCM 4.0 and PCI DSS 4.0 and how it can drive your organization's security posture to new heights.