The landscape of Digital Risks is not static. Today’s state of the art technologies lose their effectiveness over time as new research and increasing processing power make innovative attacks possible and create new risks. Change has to be the new normal and we have to measure and quantify that change.
In this last part of the Digital Risk Conference Track, we will discuss how to implement the risk mitigation strategies and enable a secure digital transformation, with a special focus on risk metrics.
After attending this block of sessions you will be able to
- Identify digital risks
- Deal with ongoing new innovative attacks and new risks
- Implement risk mitigation strategies
- Enable a secure digital transformation
This block qualifies for up to 3 Group Learning based CPEs depending on the number of sessions you attended.
The Role of Policy Management in the Software-Defined Era
The morning sessions explored policy-based solutions to IoT, cloud and other online-based risks. This session explores the connection of technology and people through the growing role of standards in policy management in an era where the reliability of software-based organization and operations are increasingly depended upon by organizations. This session will seek to help businesses to identify what elements of risks are mitigated, and what new risks arise, with these changes.
“Software-defined” is an emerging technology trend that is getting rapid traction, allowing for amazing management, security and compliance innovations. But ‘software-defined’ also makes the application of policy more critical – and more complicated. For example, new servers and networks can be provisioned anytime, anywhere. Assets can connect with other resources, and be used for any purpose by anyone, all based on policy. A policy is a principle or protocol to guide decisions and achieve rational outcomes. How do we rationalize regulations requirements with software-defined, context-aware security policies?
The panel is comprised of industry experts from NIST NCCoE, Microsoft, Intel, Cisco and HyTrust, who will discuss the role of policy management in the software-defined era. Speakers will present commonly used policy definitions and usage, and debate the emerging need for policy-based resource lifecycle management, including how to secure these resources and demonstrate compliance, leveraging concrete use cases: 1) Software Defined Networking, 2) Software Defined Data Center/Orchestration, and 3) NCCoE Building Blocks – ABAC and Trusted Geo-Location.
What Gets Measured Gets Done – Identifying New Metrics for Distributed Digital System Performance to Evaluate and Mitigate Risk.
Data is the lifeblood of organizations and managers of organizations have access to increasing volumes of data; but what does data really mean in a given context? How can effective and dynamic risk evaluation and mitigation processes be cultivated from better measurement practices in an organization, and a more nuanced understanding of how different sources of risk will reveal themselves through different sorts of metrics.
How to Measure the Real Access Risk?
There are many factors that make up the access risk of users. Access to privileged accounts, but also elevated privileges in certain applications sum up to a complete picture of access risks. Users with uncommon combinations, user that have fairly different access than their peers, users with many direct assignments of entitlements: All these indicators might be related to higher access risk – or not. Aside of that: Not only the assigned entitlements are risk indicators, but also the use of access rights. Someone might access only the records of customers he is currently working with – or the ones of all customers he potentially has access to. The first one is just normal, the other an indicator of fraud.
However, organizations need to understand the real risks for being able to mitigate these.
In this session, the participants will discuss various approaches on measuring risk, looking at that from various angles.
Bringing it All Together – Distributed Strategy Solutions for Distributed Risk
In evaluating distributed systems risk, the attention to data is misdirected. Rather it is the distributed nature of data management systems (and the increase in interaction volume) that increase the perception and actuality of risk. Distributed problems need distributed solutions. Applying the community of interest approach – how can your organization more effectively reduce and manage risk?