ISF Cyber Showcase Week – May 2024

Building on the ISF’s previous research, Lee will assess how artificial intelligence has evolved in recent years and discuss his upcoming AI Insights series of papers. With offensive and defensive AI already on the agenda, he will outline other areas of potential research for Members to consider, including governance, data privacy, ethics, and the need for transparency.

Meet the Speaker:

Lee Munson is a Principal Research Analyst at the Information Security Forum (ISF). Lee has over fifteen years’ experience in and around the information security industry. Since joining the ISF in August 2022, Lee has co-authored Threat Horizon 2025 and authored the Vulnerability Management: Beyond patching and Demystifying Encryption Key Management briefing papers. He is currently working on a new Insights series of papers focusing on AI. Prior to joining the ISF, he set up and ran a security awareness program for one of the world’s largest media groups before moving into threat intelligence, focusing on crimeware and nation state threat actors.

90% of the code in Apps today comes from Open Source Software. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to compromise organizations.

With GenAI quickly becoming a popular tool for developers to generate code, a new threat has emerged. AI package hallucinations is one of the more recent attack types within supply chain that is easy to execute and can have devastating effects. During this presentation we will give an over view of Supply Chain Security with some examples of the current threats, discuss AI package hallucinations, and preventative measures.

Meet the Speaker:

Tzachi is the head of supply chain security at Checkmarx, and was the co-founder and CEO at Dustico, a software supply chain security startup that was acquired by Checkmarx in 2020. Prior to Dustico, Tzachi built custom solution for automating malware analysis, SOC automation, securing micro services, and designing network sensors at Palo Alto Networks.

The cyber threat landscape has become increasingly challenging, impactful and unpredictable. With remote access and corporate networks changed by the COVID pandemic, and risks compounded by geopolitical incidents, building a security strategy that can handle this dynamic threat landscape without causing operational disruption, has become a business critical solution.

In this webinar, the ISF will explore why Zero Trust is not all hype. Participants will:

1. Identify the core components of Zero Trust and how it is different to current security strategies
2. Understand how to either embark on a Zero Trust journey, or adapt current approaches to minimise risk
3. Take a deeper-dive on how ISF Members have established a Zero Trust Framework.

The ISF recently published a major update to the Standard of Good Practice for Information Security 2024 including all the latest topics in information security - Artificial Intelligence, Cyber resilience, Zero Trust and many more.

In this interactive session, Benoit Heynderickx will be joined by one of our valued ISF Members to explore the new features of SOGP 2024 and how they can be used in multiple ways including:

Input into security policies, standards and procedures
Providing a comprehensive reference library of controls
Supplementing existing control frameworks.

Meet the Speakers:

Benoit Heynderickx is a Principal Analyst at the ISF specialising in supply chain, cloud security and quantitative risk analysis. He is also the project lead for the ISF Standard of Good Practice for Information Security. Passionate about information security and risk management, Benoit has a wealth of knowledge and practical experience implementing large scale information security and risk programmes such as ISMS, SOX IT Compliance, and third-party risk assurance programmes.

Ross Johnston is a customer focused technology leader with over 18 years financial experience delivering architectures and solutions enabling senior level stakeholders to visualise a new and innovative way of meeting and exceeding existing and future customers needs. In his current role at the Bupa, he serves as Group Security Patterns and Architecture Lead

Based on our interviews with more than 4,000 cybersecurity professionals from 13 markets across Europe, our report includes new findings on security preparedness and outcomes, revealing how organizations are coping with rising volumes of cybersecurity incidents, their levels of preparedness and the outcomes experienced.

Key findings:

• 40% of the respondents experienced at least one cybersecurity incident in the past 12 months.
• Only 29% of organizations think they are highly prepared to address a cybersecurity incident.
• Half (50%) of respondents say they are challenged by the number of siloed tools and homegrown solutions for data protection, security, sovereignty, localization, residency, and privacy.

Join John Graham-Cumming, CTO and Trey Guinn, CTO at Cloudflare to learn more about the threat landscape facing security experts in Europe and receive practical guidance and inspiration on how to strengthen your cybersecurity framework.

Meet the Speakers:

Trey Guinn is Field Technology Officer at Cloudflare. In this role he advises key customers on strategies to secure and optimise distributed workforces and computing architectures. Trey has spent over 20 years working with multinationals, national governments, and Fortune 500 enterprises from a range of industries to help them plan, build, and develop robust, agile, and secure computing architectures.

Security, at its core, is a data problem. As data volumes grow exponentially (to the tune of 28% CAGR), organisations struggle to collect, enrich and correlate their security data.

As a result, today’s data onboarding processes involve countless log formats and ingestion methods, resulting in deployment delays, cost overruns and employee burnout. Gaining complete visibility of your data across your environments, no matter where it lies, is critical for security teams to stay ahead of modern threats.

In this session, Ed Bailey, Principal Technical Evangelist at Cribl, and Arfan Sharif, Director - Technical Marketing of NG-SIEM & XDR at CrowdStrike, will share and explore:

• Mid-year review of 2024 IT and Security key trends and predictions
• The evolution of the SOC to address today’s threat challenges
• Building an enterprise security data strategy – tips and best practices

Artificial intelligence is changing the way we work, and supply chain management is no different.

With all new technologies it is easy to get carried away with implementation before considering the full consequences. In this session Francesca, ISF Analyst and Supplier Security Product Owner, will be discussing the potential benefits and drawbacks of implementing AI into our third-party relationships.

Meet the Speaker:

Francesca is an analyst in the tools and methodologies team, and is the product owner for the Benchmark and the Supplier Security tool, which are the ISF's security assessment platforms. Francesca led the development of v2 of the Supplier Security tool, which now provides comprehensive coverage of the entire supplier management process. She is passionate about advocating for increased diversity across cyber security, and has been involved in a variety of initiatives to help achieve this, including chairing a panel discussion aimed at addressing barriers of access and encouraging more women to join the industry.

What role do we play in our organisation's cyber resilience? What factors influence broader business resilience and what is the relationship with cyber?

In this webinar, ISF Principals Esther Schagen-van Luit and Mark Chaplin explore the business resilience landscape since COVID-19, examine what has changed and highlight the cyber risk consequences for organisations already dealing with uncertainty from multiple directions.

The team will reveal a fine thread that originates at the macro level (political, economic and environmental) and weaves its way through to the micro level (organisational, workforce and the individual). Along the way Esther and Mark will draw upon ISF Research, such as the ISF Threat Horizon, and their work with risk and security leaders in ISF Member organisations. They will present the key factors driving the need for cyber resilience in organisations, and highlight why it remains a #1 priority.

Meet the Speakers:

Mark Chaplin is a Principal at the ISF, and an accomplished risk management professional with over 30 years of experience across various disciplines. His expertise spans risk governance and assurance, business resilience, security standards and oversight, compliance management, and incident management. Mark is dedicated to assisting business leaders in developing and implementing high-performance, assurance-driven information risk management capabilities that showcase tangible business value.

Esther Schagen-van Luit is Principal of Services, Benelux at the ISF, and is responsible bringing ISF research and tools to the Benelux market and helping members make the most of their membership with the ISF. Previously she served as the Chief Information Security Officer (CISO) of Deloitte Netherlands and Deloitte Belgium, after having had a career in cyber security strategy consulting. Esther is an active speaker and writer on information security governance, diversity & inclusion, and talent development in the industry.