SecureWorld Denver 2024

Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

• What are the components of the framework?

• Why is the framework is valuable?

• What type of organizations can use the framework?
  

Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

The threat of ransomware to global businesses, institutions, and governments has reached pandemic proportions. If you are the victim of a ransomware attack, your business will have a tough choice: either pay the attacker and hopefully gain control of your critical computer systems and information, or don’t pay and hopefully minimize the impact of data loss and recover the critical IT systems with minor damage. Law enforcement agencies recommend not paying, because doing so encourages continued criminal activity. In some cases, paying the ransom could even be illegal, because it provides funding for criminal activity.

Many of today’s ransomware attacks exfiltrate data, which means that attackers could have access to a victim’s confidential data, files, login credentials, and emails. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that enable a quick response.

This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The focus is to: (1) prevent a successful attack (best case scenario); (2) reduce the impact of an attack by protecting critical assets; and (3) recover from an attack with minimal downtime and data loss.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

This roundtable discussion is for our Advisory Council members only.

Participating professional associations and details to be announced.

Cyber insurance is no longer a “do I need it?” but a must-have for organizations. This conversation among cybersecurity peers will discusse how to properly assess insurance programs, including a candid look into how the organization should drive what is and is not covered, not the insurance provider.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

In today’s data-driven world, organizations face increasing pressure to protect personal information while complying with complex privacy regulations. This session offers practical insights and strategies for developing a comprehensive privacy program that effectively manages ‘Forget Me’ requests and Subject Access Requests (SARs). Drawing from real-world experiences, we’ll explore how to leverage people, processes, and technology to create a privacy framework that meets regulatory requirements and builds trust with customers and stakeholders.

Key Takeaways:

1. Roadmap to Success: Learn how to develop a strategic project roadmap for implementing a robust privacy program, including key milestones and dependencies.
2. Streamlined SAR Management: Discover efficient processes for handling Subject Access Requests, from initial receipt to final delivery of information.
3. Effective ‘Forget Me’ Protocols: Explore best practices for implementing and managing data erasure requests in compliance with GDPR and other privacy regulations.
4. Data Discovery and Classification: Understand techniques for conducting thorough data inventories and classification to support privacy initiatives.
5. Technology Integration: Learn how to leverage technology solutions to automate and enhance privacy processes, including data mapping and request management.
6. Training and Culture: Develop strategies for fostering a privacy-aware culture through comprehensive employee training and engagement.
7. Balancing Compliance and Operations: Gain insights on striking the right balance between regulatory compliance and operational efficiency.
8. Continuous Improvement: Explore methods for monitoring, auditing, and continuously improving your privacy program to adapt to evolving regulations and threats.

This session will equip privacy professionals, IT leaders, and compliance officers with actionable strategies to enhance their organization’s privacy posture and effectively manage data subject rights in an increasingly complex regulatory landscape.

The Security Operations Center (SOC) is an organization’s first eyes and ears to security threats and risks. For the SOC to support being an organization’s first response team, the team must have the proper resources for continuous growth and monitoring to keep an organization secure. This discussion focuses on key foundational elements for developing and maturing a SOC. Attendees will learn how to establish processes, procedures, and growth plans for their SOC. Additionally, use metrics to show maturity opportunities within a SOC and identify cyber security risks in a business.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Why strategic leadership and an understanding of roles, personalities, and psychology is important for building and managing effective cybersecurity teams.

Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.

Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything  changes so quickly. Insider threat initiatives require a new, more focused approach.

This presentation will explore:

• The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools
• Four attributes of a successful insider threat program
• How behavioral analytics baseline “normal” behavior of users and devices – showing risk faster
• An automated investigation experience that replaces manual routines and effectively guides new insider threat teams

In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

Our panel provides a comprehensive overview of the current threat landscape.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Measuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.

Key take-away: 
How to rethink database security controls in a cloud-first world.

For most organizations, data repositories hold our most sensitive, mission critical assets. As enterprises continue their digital transformation journeys, data repositories and the sensitive assets within are more exposed than ever before for several reasons, including a dramatic rise in the:

• Amount of data created, collected, and stored
• Number of repositories storing sensitive data across clouds
• Number of users and applications that need access to data

In the dynamic realm of cybersecurity, the battle between defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.

Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.

Join us in this exploration of the unseen, as we strive to anticipate and understand the threats that lie beyond the shadows of the current cybersecurity landscape.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

We’ll discuss trends in e-fraud, cybercrime , and the evolution of recent attacks in the Rocky Mountain region.

Artificial Intelligence (AI) coupled with Machine Learning (ML) has tremendous potential to strengthen defenses, but the benefits of ML/AI in cust be contextualized against the risks it poses. The usage of ML/AI has increased exponentially, but security and privacy governance and policies have not expanded at the same rate. Moreover, the pace of instituting AI and privacy regulations varies across the globe, creating a rather complex governance structure for cybersecurity personnel to operate under. This presentation delves into the security and privacy implications of using ML/AI in the organization, whether it is using ML/AI-based security tools or ensuring security of ML/AI-based products developed by the organization.

When a data breach or other cyber incident happens, having a plan in place can mean the difference between a quick recovery and unwanted headlines and irreparable harm to stakeholder trust.

Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

Join your peers for conversation and complimentary hors d’oeuvres and beverages. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.