www.scmagazine.com
Open in
urlscan Pro
2606:4700:20::ac43:44ea
Public Scan
Submitted URL: https://go.scmagazine.com/MTg4LVVOWi02NjAAAAGJasaAQ1RjSjWppxW8n4Vq6NuD7bEKbIuqJwUioKhn9JqzFVNYJ89ETmaVv0i3EFRLq4o4l80=
Effective URL: https://www.scmagazine.com/esummit/partner-or-problem-securing-third-party-relations-in-the-age-of-supply-chain-attacks?utm...
Submission: On January 19 via manual from US — Scanned from DE
Effective URL: https://www.scmagazine.com/esummit/partner-or-problem-securing-third-party-relations-in-the-age-of-supply-chain-attacks?utm...
Submission: On January 19 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="w-100" scmag-registration="set">
<div class="my-2 font-sans"><label class="visually-hidden form-label" for="email">Business Email</label><input placeholder="Business Email*" required="" type="email" id="email" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="my-2 font-sans"><label class="visually-hidden form-label" for="password">Password</label><input placeholder="Password*" required="" type="password" id="password" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="my-2 font-sans"><label class="visually-hidden form-label" for="firstName">First Name</label><input placeholder="First Name*" required="" type="text" id="firstName" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="my-2 font-sans"><label class="visually-hidden form-label" for="lastName">Last Name</label><input placeholder="Last Name*" required="" type="text" id="lastName" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="my-2 font-sans"><label class="visually-hidden form-label" for="companyName">Company Name</label><input placeholder="Company Name*" required="" type="text" id="companyName" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="my-2 font-sans"><label class="visually-hidden form-label" for="jobTitle">Job Title</label><input placeholder="Job Title*" required="" type="text" id="jobTitle" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="my-2 font-sans"><label class="visually-hidden form-label" for="phone">Phone</label><input placeholder="Phone*" required="" type="text" id="phone" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="mb-4">
<div>
<div class="Registration_checkbox__qddY6 form-check"><input type="checkbox" id="ssoEditorialNewsletters" class="form-check-input"><label title="" for="ssoEditorialNewsletters" class="form-check-label">Yes, I would like to receive industry news
alerts, the Daily Scan, and editorial updates from SC Media.</label></div>
</div>
<div>
<div class="Registration_checkbox__qddY6 form-check"><input type="checkbox" id="ssoLearningNewsletters" class="form-check-input"><label title="" for="ssoLearningNewsletters" class="form-check-label">Yes, I would like to receive information
about upcoming SC Media events, webcasts, and conferences.</label></div>
</div>
</div>
<div class="fs-9 my-4">
<p>By clicking the Create Account button below, you agree to SC Media <a class="text-underline" href="/terms-and-conditions" data-feathr-click-track="true" data-feathr-link-aids="[null]">Terms and Conditions</a><span> and
</span><a class="text-underline" href="/privacy-policy" data-feathr-click-track="true" data-feathr-link-aids="[null]">Privacy Policy</a>.</p>
</div><button type="submit" class="btn btn-primary">Create Account</button>
</form>Text Content
Log inRegister Topics Industry Events Podcasts Research Recognition Leadership eSummit PARTNER OR PROBLEM? SECURING THIRD-PARTY RELATIONS IN THE AGE OF SUPPLY CHAIN ATTACKS Live Broadcast | Tuesday, Jan 24, 2023, 10:45 AM ET - Wednesday, Jan 25, 2023, 4:00 PM ET Earn up to 6.5 CPE credits by attending this virtual event. Regardless of how securely your data resides within your internal organization, you are left exposed by your third-party business relationships. Upstream supply chain partners, cloud-based service providers, third-party programming code – these are all sources of risk. This eSummit will demonstrate solutions, policies and strategies that companies can implement to ensure that third parties act as true partners, and not problems. Topics will include: * The latest exclusive research on third-party risk from the CyberRisk Alliance * Ensuring security and compliance through all stages of the third-party partner lifecycle * Lessons learned from the latest supply-chain attacks, including the growing importance of SBOMs * Reducing the risks associated with third-party code -------------------------------------------------------------------------------- TUESDAY, JANUARY 24TH OPENING KEYNOTE | 11:00 AM | Ensuring your data is safe after ending a third-party relationship Gregory Rasner: Senior Vice President, Cybersecurity Third Party Risk, Truist The same way you need to disable the credentials of workers who are no longer employed by your organization, you must also ensure that you do not incur any risk from former third-party partner companies who no longer conduct business with you. This session will look at the important steps companies should take to shield their data and assets from leaks and breaches once a third-party business relationship has reached its conclusion. -------------------------------------------------------------------------------- 11:30 AM Aligning internal cybersecurity practices with external third-party risk management Brad McAdams: Senior Solution Consultant, Process Unity What does it mean to prioritize cybersecurity throughout the extended enterprise in the modern threat landscape? Today’s organizations are protecting their high-value assets and sensitive data from increased cyber-attacks by addressing cybersecurity internally and externally. By aligning cybersecurity and third-party risk management, organizations identify the vulnerabilities present throughout the extended enterprise. This insight is crucial for organizations to develop a robust cybersecurity strategy that helps bolster their weakest links. Attendees will learn how to: • Identify compliance risks, operational risks and information security risks within your organization and vendor population. • Develop a defined process for prioritizing, mapping and evaluating third-party cyber risk. • Gain a clear sense of control performance internally and externally to prioritize remediation projects. • Create dynamic reports on control effectiveness internally and externally to track issues over time and stay ahead of future incidents. -------------------------------------------------------------------------------- 12:00 PM Up-leveling security: From kill chains to supply chains J. Wolfgang Goerlich: Advisory CISO, Cisco Secure Organizations have long struggled to manage access, assets, threats, and vulnerabilities. The starting point of most security guidance begins with what we can see and what we own. While it’s been a decade since Wolfgang Goerlich declared “ownership is not a control,” the industry has made little progress shifting to a shared responsibility model. Today businesses compete as ecosystems, and recent years have further shifted away from ownership towards the supply chains. But how do we secure our suppliers? Ask questions on vendor RFPs? Rely on attestations like SOC2 or ISO 27001? Possibly, however, the world is full of anecdotes and data points where suppliers misunderstood or misrepresent their security posture. Further, security organizations must create processes to make use of that data in business and security risk decisions. In this session, we’ll look backwards at where we’ve come, then look forwards at where we might be headed with supply chain security. We’ll conclude with a review of techniques for supply chain risk management and tactics for defending what we do not own and cannot see. -------------------------------------------------------------------------------- 12:30 PM Break -------------------------------------------------------------------------------- 1:30 PM Going beyond zero trust and achieve zero friction Joseph Carson: Chief Security Scientist & Advisory CISO: Delinea Regulatory bodies, government agencies, and CIOs are mandating Zero Trust as a cyber security framework. What does Zero Trust mean for your security strategy? This session will describe where Zero Trust started, how it has evolved over the years, what it really means for your organization today and what you can do to realize the benefits. -------------------------------------------------------------------------------- 2:00 PM Taking a strategic approach to your third-party risk management program Richard Marcus, VP, Information Security, AuditBoard John Volles, Director, Information Security Compliance, AuditBoard Who has access to your company’s data and what risks do they pose to your organization? While these questions seem basic, most organizations cannot confidently answer them, despite an accelerating trend of third-party threats and incidents. Building a robust third-party risk program is complex and takes time. Building a program that allows information security teams to be strategic in managing third-party risks is even more challenging. During this session, AuditBoard’s Information Security team will guide you through how they successfully transitioned to a strategic and technology-enabled third-party risk program to manage this emerging source of risk. -------------------------------------------------------------------------------- CLOSING KEYNOTE | 2:30 PM | Automation’s role in third-party risk management Dustin Sachs: Senior Manager, Information Security Risk Management, World Fuel Services It can be tough deciding how much automation you want to introduce into a particular IT security function. While automation does bring speed and efficiency, companies sometimes like to rely on human judgment for important security decisions. This debate is certainly true for third-party risk management, as companies debate if they want to use automation to reduce the inefficiencies and cognitive bias that can come with overly manual risk assessments. In this session, we will examine the pros and cons of incorporating automation into the various elements of third-party risk management, and how such automation can be effectively applied. -------------------------------------------------------------------------------- WEDNESDAY, JANUARY 25TH OPENING KEYNOTE | 11:00 AM | SBOMs & the private sector: Breaking the barriers to entry Cassie Crossley: VP, Deputy Product Security Officer, Product & Systems Security Office, Schneider Electric The road to secure software and SBOM-generation runs through a massive network of private-sector vendors and manufacturers, but these entities face a number of daunting challenges to get there. For example, the coordination necessary to achieve even early or intermediate steps building out SBOMs for large product sets – such as asset inventory – are extremely challenging and resource-intensive for many organizations. Other obstacles like budget constraints, shadow IT, proprietary concerns and lack of viable tooling also loom over a small set of evangelists who are attempting to breathe life into the concept. In this session, SC Media will speak with Cassie Crossley, VP, Deputy Product Security Officer at Schneider Electric, who has spent years thinking through the SBOM question and how to get from here to a safer, more secure software ecosystem. -------------------------------------------------------------------------------- 11:30 AM Build vs buy: Is managing customer identity slowing your time to market? Jeremie Berthiaume: Group Product Marketing Manager, Okta Peter Fernandez: Staff Solutions Architect, Okta Every team building a web or mobile app faces the same dilemma with every new piece of functionality: build in-house or use out-of-the-box services to make the job easier and faster. And, more often than not, it starts with the fundamental choice of how to provide for authenticated user access. “Our developers can handle customer identity.” It’s a login box. How hard could it be? But customer identity is so much more than just the login box. As businesses grow and add features, maintaining a homegrown solution is a major drain on resources. Developer time spent on DIY identity, security and privacy compliance is time taken away from core business innovation. In this webinar we will discuss how dev teams can: Lower the total cost of ownership (TCO) of application development Reduce the risk of a security and compliance breach Keep developers motivated and improve engineering efficiency -------------------------------------------------------------------------------- 12:00 PM Software supply chain security risks and the need for modern AppSec Mic McCully: Field CTO, Snyk By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains (Gartner) which are only becoming increasingly complex due to the changes in how modern software is built. These trends, together with new federal regulations, require organizations to take action to ensure the security and integrity of their software. But this is easier said than done. In this session, we’ll explore the software supply chain as an attack vector – by identifying risks and mitigation strategies throughout the software development processes and environment. We’ll also explore how AppSec programs must evolve and adapt to the modern software development process to accommodate software supply chain risks. Join us to learn how you can meet new requirements and protect your software from these attacks. -------------------------------------------------------------------------------- 12:30 PM Break -------------------------------------------------------------------------------- THOUGHT LEADERSHIP PANEL | 12:45 PM | Are your third-party partners putting you in crosshairs of compliance regulators? Carter Schoenberg: Vice President, Cybersecurity & Chief Cybersecurity Officer, SoundWay Consulting Inc. Jennifer Sosa: Director, Consulting and Information Governance Services, TransPerfect Legal Services No matter how hard your organization tries to adhere to key cyber and privacy regulations, you can still be sabotaged by the sloppy or careless actions taken by your third-party partners. This panel session will cite, one by one, the various regulatory bodies of authority whom you may run afoul of, if a third-party incident or leak bleeds into your own organization For each example, the panelists will examine the type of third-party cyber behavior that can get you into hot water, the potential ramifications and punishments, and strategies insulate yourself from third-party risk in that particular area. This way, by understanding the biggest compliance risks that businesses are exposed to via their third parties, you can hopefully insulate yourself against threats which many start out external, but ultimately creep their way into your organization. -------------------------------------------------------------------------------- 1:30 PM The right KRIs and KPIs for measuring third-party risk Alastair Parr. Senior Vice President: Global Products & Risk at Prevalent. Measuring risk from third parties can be complex, requiring you to translate obscure metrics into potential business impacts. And, once you define ways to measure risk, you still need benchmarks and standards to compare your third-party risk management (TPRM) program’s effectiveness. It doesn’t have to be so complicated! In this webinar, you’ll gain practical tips for: • Defining and implementing meaningful and actionable TPRM KPIs and KRIs • Leveraging risk triggers to unearth your major pillars of risk • Fostering a “collective risk management” ideology in your organization • Evolving TPRM metrics from checklists to continuous risk management -------------------------------------------------------------------------------- CLOSING KEYNOTE | 2:00 PM | The risks and rewards of third-party code in your DevOps projects Third-party code is often used as a development shortcut to achieve quick results – but depending on the source of that code, you might just be embedding exploitable vulnerabilities into your own budding web and mobile applications. This webcast will look at ways you can vet, evaluate and approve third-party code libraries before borrowing from them – offering tips and tricks to securely incorporate someone’s code as part of your own DevSecOps practices. *Please check back for updates to this agenda* SPONSORS Log in Register Business Email Password First Name Last Name Company Name Job Title Phone Yes, I would like to receive industry news alerts, the Daily Scan, and editorial updates from SC Media. Yes, I would like to receive information about upcoming SC Media events, webcasts, and conferences. By clicking the Create Account button below, you agree to SC Media Terms and Conditions and Privacy Policy. Create Account -------------------------------------------------------------------------------- ABOUT US SC MediaCyberRisk AllianceContact UsCareersPrivacy GET INVOLVED SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us EXPLORE Product reviewsResearchWhite papersWebcastsPodcasts Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization. Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions. COOKIES This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you. If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies. Accept cookies