Event Recording

Welcome to CSLS 2022

Speakers
Berthold Kerl
CEO
KuppingerCole
Berthold Kerl
Berthold Kerl, born 1960, studied economics at the University of Nürnberg and performs as CEO of KuppingerCole since 1 st July 2020. Before that he had been with Deutsche Bank AG for 17 years. As CIO he was working on major IT Transformation, IT Strategy, Change Management and Governance...
View profile
Noémie Rinckenbach
PR Manager
KuppingerCole Analysts AG
Noémie Rinckenbach
Noémie joined KuppingerCole as a PR Manager in May 2022. She is responsible for Public Relations and Media. Noémie studied Philosophy in France, the United-Kingdom and Germany where she obtained her master’s degree. Prior to joining KuppingerCole, Noémie gathered...
View profile
Playlist
Cybersecurity Leadership Summit 2022
Event Recording
How the Current Crisis could become a Catalyst for Various Transformations
Nov 10, 2022
Event Recording
Reducing Complexity – Introducing a Practical Model for Security Classifications
Nov 09, 2022

Building and running cyber security in both worlds modern cloud security in combination and legacy on premises introduces extra complexity.  Some of the well known security patterns and models are not applicable in cloud systems while the modern security models like zero trust barely  fit in legacy systems. Based on a model for security classification we will explore some does and don’ts in modern cyber security.

Event Recording
Risk-Based Cyber Reporting Best Practices
Nov 09, 2022

Cybersecurity reporting is a critical mechanism to ensure effective commincation of significant security issues across different levels of your organization - from software architects to the Board. Yet, reporting today is far from being a formality and does not comprehensively highlight an organization's exposure to cyber threats. Join this session to understand the factors that drive the effectiveness of a risk-based cybersecurity report and get access to best practices on communicating actionable metrics within a specific context.

Event Recording
Successfully tackling your Digital Supply Chain Risk
Nov 09, 2022

In this talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will provide insights on Digital Supply Chain Risk. He will look at the areas of risks, from secure partner onboarding to software supply chain security and others. He will look at prominent examples and common weaknesses in these areas. He then will provide insight into actions that organizations should and must take, both organizational and technical.

 

Event Recording
Panel | Misinformation – Disinformation – Malinformation (MDM): The Next Big CISO Challenge?
Nov 09, 2022

Even though MDM has had a long history during war and times of high tension,  the digital era has been increasing reach and potential impact of weaponized misinformation. Sophisticated tools such as machine learning mechanisms and software bots is opening a huge battlefield for creating and spreading manipulated information at scale even for those with limited technical skills. From nation state attacks through organized crime down to that one single customer who feels treated unwell – they all can use such tools. What does this trend mean for your organization and what ist he CISO´s role combating MDM attacks? In this extra-long panel session we will try to find answers on how MDM will affect our organizations and how we can increase antoi-MDM resilience.

Event Recording
Know Your Enemy and Know Yourself, How to Win at Cyber Warfare and Turn You People From the Weakest Link to a Defence Mechanism
Nov 10, 2022

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War

Join this session to gain a deeper understanding of threat actors and the current threat landscape, in order to help you adapt and protect your organisation from cyber warfare. We know adversaries do not rest. Attacks are growing more destructive, causing mass disruption to organisations and society. Take away knowledge of Threat Actors, current attacks, strategies to defend your organisation and understand how your workforce puts you both at risk but can also be leveraged to be your first line of defence.

Event Recording
Future-Proof Network Detection & Response for IT & OT – Made in Switzerland
Nov 10, 2022
Event Recording
Zero Trust Journey, How We Moved from an Immature Organization to Zero Trust
Nov 09, 2022

This is the story of our journey to Zero Trust, from the initial analysis to its technical and effective implementation. As many organizations our starting point was not the best one (lack of proper asset management, mixed permissions, etc) but when we started to work on a Zero Trust implementation we were able to overcome these and also solve some unforeseen problems and offer major security also through Human Factors and Risk Management. The aim of this talk is to inspire security leaders on what is a Zero Trust Architecture (which is not an off-the-shelf solution and desn't require massive initial investments) and how they can reuse their internal knowledge and tools to deliver it.

Event Recording
The Changing Face of Resilience
Nov 10, 2022

Resilience has been changing over the last 15-20 years, where we now accept and acknowledge the various types of reslience an organisation should be responding to. This session will explore how security has moved from a focus on just protection to faster detection and response. It will aso explore what the fast moving technologies mean for other types of resilience that organisations will be faced with in the coming future, and what they can do about it.

Event Recording
Enterprise Access Control for Zero Trust
Nov 09, 2022

With many privileges to manage within an organization, authorization within an Enterprise can be a challenge. As capabilities in any organization are often in a state of constant change and growing complexity, implied trust can easily creep into authorization frameworks and policies leading to an overly-permissive environment. Learn how an organization can layer and support Role, Attribute, and Policy-Based Access Control methodologies to avoid these pitfalls and while also preventing entitlement duplication leading to a more secure Identity perimeter for your users. 

Event Recording
Standards & Regulatory Frameworks Are Static, Security Isn't
Nov 10, 2022

Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take years before the kinks are ironed out demonstrate that they are good for what they were designed for at inception, but after that many of them do not keep up with the changing threats and risks enterprises face, let alone the real controls that are required to protect the enterprise. This is why they are more than often just a tick-box exercise for many enterprises. This session will demonstrate with an analysis of several standards and frameworks, that they are a great starting point if you don't know where to start, but if your really want to protect your enterprise you need to go beyond using controls checklists designed for yesteryear's threats and risks. And what organisations can do to improve security to keep in touch with current threats and risks?

Event Recording
Security Automation Strategies to Succeed or Fail: You Choose
Nov 10, 2022

This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.