T.E.N. Knowledge Base

ISE® Central 2019

Qualys Cloud Platform: One stack to consolidate traditional enterprise security and compliance solutions and secure the digital transformation  > Download Whitepaper
As organizations digitally transform business processes to boost agility and efficiency, IT environments become distributed, elastic and hybrid — a challenge for security teams. CISOs are no longer well served by conventional security products designed to protect traditional, welldefined corporate perimeters where most assets are on premises.

With the adoption of cloud, mobility, virtualization, and other innovations, IT infrastructure frontiers have been pushed out, blurred, and even erased. To regain visibility and control over these new amorphous IT environments, CISOs often resort to accumulating heterogeneous point tools, an ineffective and counterproductive approach.

Because it’s difficult to integrate, manage and scale a plethora of disparate security products, this strategy results in operational silos, increased costs and data fragmentation. Worse, it leaves organizations exposed to opportunistic hackers who take advantage of attack vectors created by the speed, openness and interconnectedness of modern IT.

Cloud-Based IT Asset Inventory: A SOLID FOUNDATION FOR INFOSEC INFRASTRUCTURE  > Download Whitepaper
Complete, unobstructed visibility of your IT environment is the foundation for effective cybersecurity. Without a full, detailed inventory of all your IT assets, your InfoSec team won’t be able to properly protect your organization because the things that pose the highest risk are the ones that you don’t know are there. For a long time, this basic requirement was fairly simple to fu lfill. Network perimeters were well-defined and IT environments were ti ghtly encapsulated. Accounting for and monitoring all the hardware, s oftware and networking elements in these self-contained and sealed IT environments was straightforward.

WHAT'S OLD IS NEW AGAIN - A number of macro trends are driving the wider adoption of DLP. But as we looked at the resources out there, we couldn’t find one source that could provide all the essential information in one place. So we created this guide to provide answers to the most common questions about DLP - all in an easy to digest format.

Vikrant Arora

Andrew Albrecht

Sponsored by:

Creating a Secure Cloud Infrastructure  > Summary
The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to supplement to meet their obligations as part of the shared responsibility model. Join our discussions to learn how a thorough understanding of your company’s cloud infrastructure, native cloud security capabilities, and the shared responsibility model gives security professionals a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.

Listyanna Dowell

Listyanna Dowell
Director, IT Security Platform Operations
Sirius XM Radio

Company Security Culture  > Summary
As numerous data breaches have placed organizations’ brands and CEOs’ jobs on the line, security is gradually becoming a priority for C-suite executives and board members alike to integrate into company culture on every level. When your organization moves beyond simply discussing security to taking actionable steps, you’ll know cybersecurity has become a priority within your company. To make that transition from “talking” to “doing,” C-suite members are responsible for convincing board members to adopt cybersecurity as a top-down initiative. The more support C-suite leaders can garner from the board, the more likely they can receive the support and funding for resources and the development of a security program. In addition, having business leaders embody a culture of security with actions as well as rhetoric can have a positive impact on employees, who often receive the brunt of training initiatives, email alerts, and security tests in an organization. Join our discussions as we learn how leadership promoting the positives of security while eliminating apathy, division, and self-interest from the culture will help ensure security behaviors change throughout the company for the better.

sprague_gary Gary Sprague
Director, Information Security & Compliance

Creating a Dynamic and Actionable Information Security Plan  > Summary
Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.

Effendi_Asif Asif Effendi
Director - Cybersecurity
GE Oil & Gas Operations

Data Loss Prevention in an Age Without Borders  > Summary
The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.