KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
At first, some insights into the background, purpose and history of the e-IDAS regulation are provided and the difference between the previous and the currently proposed e-IDAS version are explained very shortly. Core part of the presentation addresses the impact and main challenges, including the concerns expressed by various stakeholder groups. Finally, the expected timeline is given.
At first, some insights into the background, purpose and history of the e-IDAS regulation are provided and the difference between the previous and the currently proposed e-IDAS version are explained very shortly. Core part of the presentation addresses the impact and main challenges, including the concerns expressed by various stakeholder groups. Finally, the expected timeline is given.
With the introduction of ChatGPT, we have entered into the knowledge age. In this new economy, CISOs are presented with new challenges. This session explores three concerns arising from capabilities like ChatGPT but also three opportunities that CISOs are well positioned for in this new knowledge economy.
The cybersecurity landscape is complex and can be confusing even to experts. The Cyber Defense Matrix is a model that simplifies this landscape, enabling us to navigate it more easily and clearly communicate our plans to others. This workshop will explain the Matrix and how it can be used to build, manage, and operate a security program. By organizing technologies, skillsets, and processes against the Matrix, we can understand the problems we need to solve, what gaps exist, and what options are available to close those gaps.
As artificial intelligence continues its upward trajectory, a radical proposition emerges: Could AI take the helm of cybersecurity leadership? This bold discourse dives into the heart of this debate, exploring whether AI can effectively shoulder responsibilities traditionally assigned to a chief information security officer. Areas of exploration include AI's potential in threat detection, vulnerability assessment, and incident response.
But where does human judgment fit into this AI-dominated picture? Is the seasoned expertise of a CISO irreplaceable? This electrifying discussion stirs the pot of the future of cybersecurity leadership, grappling with the balance between emerging AI capabilities and indispensable human expertise.
Lack of control and controllability is increasingly a problem in many internal IT departments today. The complexity of the solutions used has steadily increased. It is therefore all the more important that information security systems are optimally set up and easy to operate and administer.
Establishing a risk class-based access management system makes sense for many reasons. In addition to meeting compliance requirements such as ISO27001, BSI IT-Grundschutz or industry standard 62443 and integrating seamlessly into a risk-based approach followed in the information security management system, this approach promotes the regaining of control over all possible accesses to company or organisational systems, regardless of these requirements.
Traditional federation agreements are relatively static. It takes some effort to onboard an IdP and RP to each other, but once that trust is established, it's good until some exceptional event breaks the federation.
But what about a more dynamic world, one where trust comes and goes based on context? What if users could be provisioned dynamically into a space based on trust from elsewhere? What if an isolated space could still function in a disconnected state and still have powerful security properties? What if these isolated spaces could reconnect to the network and provide audit capabilities and security signaling to other components throughout the wide ecosystem? And what if all of this could be built on a layer of trusted software that didn't rely on pre-placing keys or accounts ahead of time?
Come to this talk to learn about Federation Bubbles, the proof of concept being built out on top of a suite of technology including OpenID Connect, OAuth, SPIFFE, Verifiable Credentials, and more.
Quantum computing has found its way into Deutsche Bahn's technology roadmap. In the session I’ll give an introduction where is it used, which use cases are being developed, which skills does the industry need? The key question is which risks do we expect and how can we prepare our organization against attacks, some keywords are NIST, PQC, crypto agility. I will give an overview of the international quantum landscape and its progress. You will get hands on advice how to establish a maturity model for quantum readiness and an enterprise program to become quantum ready.
Organizations nowadays are agile and tech-dependent, deploying updates frequently and relying ons 3rd parties. This leads to dynamic and complex digital systems with exposed and vulnerable assets. Testing frequency does not keep pace with development, is very noisy, and more than one-third of an organization’s attack surface is unknown to the organization. Autonomous ethical hacking powered by hackers and AI, can help tech teams to identify and mitigate vulnerabilities and manage their digital infrastructure continuously and accurately. By combining machine hacking with human hacking in a symbiotic relationship, machines can go in-breadth and automated (80% of tasks with 20% of impact ); while ethical hackers go customized and in-depth (20% of tasks with 80% of impact). The knowledge flows from humans to machines and the platform learns continuously through ML & AI. This allows to uniquely provide instant, continuous, accurate, and affordable security.
In the fast-paced and intricate world of cyber defense, the challenges are numerous and ever-evolving. Our "Forging Stronger Shields" panel convenes a group of esteemed Chief Information Security Officers who dive deep into the complexities of this digital age, drawing from their hands-on experiences and daily challenges. These seasoned professionals will delve into the nuances of the present-day cyber threat landscape, from advanced persistent threats to state-sponsored cyberattacks. They'll emphasize collaboration's crucial role in establishing effective defense strategies.
As they share tales from the trenches, the CISOs will explore the blend of human expertise and cutting-edge technology required to construct formidable barriers against cyber threats. Furthermore, they will shed light on fostering a pervasive culture of cybersecurity, emphasizing that this responsibility doesn't just lie with the IT department but spans from the boardroom to the break room.
This session will be an engaging dialogue as these experts navigate the intricate cybersecurity maze, reiterating that our collective strength and unity are vital in defending against sophisticated cyber adversaries. Be part of this conversation that aims to inform and catalyze a united front against cyber threats.
The side effects of (re)generative AI impacting cyber security
The polarizing public discussion about ChatGPT and its siblings and the smokescreens of those responsible for technology and business behind the brands obscure a differentiated view on the non-obvious side effects of a completely overheated Chatbot rally. This makes it difficult to seriously address the partially mutually dependent side effects of the large-scale public use of this technology.
Employers in particular are torn between giving in to the tempting benefits of this technology while, at the same time, they have to live up to their responsibility towards the law, regulations such as ESG, their organizations and their digital assets, the society and the duty of care towards their employees. All of that without missing a beat of innovation in that field.
In this workshop, we'll jointly explore the missing questions that need individual answers for a conscious, responsible and security aware use of AI.
Most contemporary digital identity discussions deserve another label: They are mostly about electronic trust ecosystems, considering all kinds of attributes beyond just pure identity. Additionally, nowadays they include natural persons, legal entities and (internet of) things. Everyone seems to agree the future is decentralized and all this only works with these curious wallets. Andre Kudra takes us on a journey through electronic trust ecosystems, diving into questions like: Which ones do we already have today? Some are successful, others not – why? Regulators are on it, too: What will eIDAS 2.0 and the EUDIW bring? What’s in the pipeline in other parts of the world? Will organizational digital identity (ODI) now invoke the breakthrough of decentralized identity overall? Why is decentralized identity the only way for Zero Trust Architectures which deserve the name?
The Digital Operational Resilience Act (DORA), which entered into force on 16 January 2023 and will apply from 17 January 2025, aims to enhance the digital operational resilience of entities across the EU financial sector and to further harmonise key digital operational resilience requirements for all EU financial entities. DORA sets out uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information and Communication Technologies) services to them, such as cloud computing or data analytics services. DORA creates a regulatory framework on digital operational resilience, whereby all financial entities need to make sure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across the EU, with the core aim to prevent and mitigate cyber threats. DORA is complemented with several “regulatory technical standards (‘RTS’)” which give more details on requirements for cyber security.
As the whole DORA legislation cannot be presented in a short timeframe, I will focus on the part that is most important to ensure cybersecurity and the part that is the most interesting one for the audience, the RTS on ICT Risk Management Framework. I will give a quick overview and highlight the topics, which will bring the most workload to the industry. The biggest challenges will be in the areas of Asset Management, Operations Security, Network Security and Encryption.
