|Tuesday, October 10, 2023|
|When risk becomes reality: Overcoming a third-party security crisis|
We spend a lot of time talking about how organizations can shore up their vendor security assessments and enforce cyber policies with business partners in order to minimize their exposure to third-party risk. But despite our best efforts, attacks WILL happen, so what do you when a close partner of yours experiences a full-scale cyber emergency?
This session will address the tough questions, like what kind of timely intelligence you should expect to receive from the affected partner, what recourse you have to mitigate your own risk and when it's time to end a third-party relationship or pursue legal action due to blatant cyber negligence.
|Elizabeth Bemah Amankwah - Omni Strategies|
|Seeking safer shortcuts for devs: Snyk’s 2023 state of open source security report|
Open source code provides developers with the shortcuts they need to innovate and
|Jamie Smith - Snyk|
|Factoring supply-chain risk into cyber insurance coverage|
This informative session will examine how cyber insurance firms are factoring third-party and supply-chain risks into their coverage and payouts. To qualify for coverage, it may no longer be enough to show that you have reached or exceeded compliance with insurance industry standards. You may have to show that the partners you worth with aren't drastically altering your risk profile.
|Joseph Brunsman - Brunsman Advisory Group LLC|
|The intersection of CMMC compliance & third-party risk|
As of 2025, all defense contractors who are members of the defense industrial base will be expected to follow the Department of Defense's Cybersecurity Maturity Model Certification (CMMC) as a means of assessing their compliance with current governmental security requirements. And there's no question that third-party risk must be factored into this critical assessment. This session will look at the intersection between CMMC compliance and third-party/supply-chain security practices, and how even organizations outside the DIB can learn and improve their supply chain security practices from this Herculean effort.
|Christina Bray - Collins Aerospace|
|Wednesday, October 11, 2023|
|Best supply chain security practices for CI/CD pipelines|
August In 2023, NIST published an initial draft of a document that recommends actionable measures for integrating the fundaments of software supply chain security assurance into CI/CD pipelines to prepare organizations that plan to deploy cloud-native applications. This session will feature one of this paper’s key authors, NIST’s Ramaswamy Chandramouli, who will detail these recommendations and explain how they can help organizations better company with the tenets of Executive Order 14028 and NIST’s Secure Software Development Framework (SSDF).
|Ramaswamy Chandramouli - NIST|
|Enforcing least privilege|
Join Delinea’s Chief Security Scientist and Ethical Hacker Joseph Carson as he explains how a ransomware attack progresses from initial credential compromise to escalated privileges, exfiltrated data, and ultimately the ransomware deployment and ransom demand.
|Joseph Carson - Delinea|
|What's the prognosis? An examination of Health3PT's supply-chain security efforts|
Health3PT, aka the Health 3rd Party Trust Initiative, has brought together thought leaders from across the healthcare industry to tackle the ever-prevalent problem of third-party information security risk. This session will look at how this initiative is progressing in its mission to encourage best practices that will lead to -- in the words of the organization's website -- "more reliable assurances, consistent information security program reporting, and better visibility into downstream relationships with third parties and beyond."
|Glen Braden - Attest Health|
John Houston - University of Pittsburgh Medical Center
Matthew Webb - HealthTrust Performance Group
|How managed services make 3rd-party risk assessments repeatable and scalable|
It sounds ironic, maybe even a little paradoxical, but it might just take hiring a third party to help an organization assess and mitigate the risk posed by their other third-party partners. For organizations that cannot or prefer not to spearhead this task internally, MSSPs can provide a scalable and consistent third-party risk assessment program that yields insightful, enforceable and actionable recommendations. This session will examine the benefits of having MSSPs evaluate third-party partnerships that exist outside of their clients’ organizational boundaries, plus best practices when conducting outsourced risk assessments.
|Craig Searle - Trustwave|