How to use actionable network modelling to improve your organisation’s security
The digital world is transforming at the speed of light. The adoption of new technologies, expansion into the cloud, and distributed workforces all leave attack surfaces undefended. Learn why scanning and patching are no longer adequate, how to collect the right data, and how to remediate with network context.
Recorded on: Friday 8th October 2021
Knowledge vs Faith: How to use observable data to make better defence decisions
Watch a discussion on whether knowledge about the facts – the objective observations and prior knowledge of the behaviour of a large system over long period of time – or faith in vendor’s judgements will help you defend your business before any other solution will become aware of the threat.
Recorded on: Wednesday 29th September 2021
Better cybersecurity log management: Data backups are sent offsite, why aren’t most security logs?
It takes an average of 256 days to identify and contain a breach. So why do we typically only retain 90 days of security log data? How can you find IoC in your environment many months ago? Discover how a cloud System of Record (SoR) gives you the advantage with extensive backwards cover and end-to-end timeline visibility.
Recorded on: Monday 27th September 2021
Applying metrics to security awareness, behaviour and culture
The ‘click rate’ is the most common metric used in security awareness, but it is inaccurate and focusses on only a small aspect of the behavioural transformation we seek to cultivate. Join this interactive session to explore alternative measurements that can provide deeper, actionable insights.
Recorded on: Wednesday 8th September 2021
Understanding cybersecurity behaviours using gamification and behaviour analytics
Training often doesn’t consider why humans exhibit poor security behaviours or how people perceive risk differently. Join us to learn how gamification and human behaviour analytics can be used to assess individuals’ risk perception and the consequent need for security and trigger behaviour modification.
Recorded on: Friday 3rd September 2021
How to get your security programme proposals approved
Have you been passionate about a proposed solution, only to find that nobody understands how it could positively impact the business? This doesn't need to happen. Join us to learn how to leverage your research and project management skills to tell a compelling story, create a proposal that justifies investment, and generate buy-in.
Recorded on: Wednesday 1st September 2021
What is the impact of the changing face of EDR?
EDR has changed significantly over the course of the last 10 years, developing from simplistic anti-virus to complex end-point productions. It can now enable a much more effective preventative posture for a business that may be under attack. Learn why EDR is important and how to get the best out of its deployment.
Recorded on: Thursday 29th July 2021
From little acorns grow mighty oaks: Why small behavioural changes lead to significant risk reduction
The links between security behaviours and risks are not always clear. Knowing how different behaviours affect risks gives us clarity, allowing us to design focussed approaches and measure the results. Learn how to use open-source tools to identify and prioritise security behaviours.
Recorded on: Thursday 3rd June 2021
Cybersecurity metrics (part 2): The value of strategic intelligence
When it comes to cybersecurity, you have to be right every time; yet malicious actors only have to be right once. Threats cannot be eliminated completely, but they can be prevented with the right precautions. Discover how macro changes can reduce risk, why a good security function needs high-quality intelligence, and how intelligence is like a moving tanker.
Recorded on: Wednesday 26th May 2021
Seeing beyond the obvious: Why rigor AND due diligence are vital in vulnerability management
Traditional methods of scanning and patching are rigorous and leave gaps in vulnerability management. To yield complete results, these methods must include exposure analysis which pinpoints exposed vulnerabilities on important assets. Join us to learn how this method drives due diligence, improves SLAs and reduces operational inefficiencies.
Recorded on: Wednesday 19th May 2021
Cybersecurity metrics (part 1): The good, the bad, and the ugly
In this first session from Secrutiny and SentinelOne, we delve into the purpose of good metrics, the golden rules of measuring what matters, examples of good and bad metrics, and the best methods of presenting findings to the board. We also discuss why we are more like Formula One race drivers than you think…
Recorded on: Tuesday 11th May 2021
Anonymisation – Is it a double-edged sword?
How often do we believe our data has been anonymised, when it hasn’t? We discuss how the research value of data sets is retained while personal information is removed, and the associated legal requirements. Anonymisation has been critical to research, especially in the fight against Covid-19, but how does it work? And can we trust the process?
Recorded on: Thursday 8th April 2021
Cyber readiness: Attacks don’t happen on paper, so why measure human capability that way?
So why do we still measure skills on paper? This session will challenge traditional training methods and explore how organisations can equip teams with useful expertise and utilise gamification in skills development. You will also see unique approaches to mapping human capabilities when they face evolving threats and adversaries.
Recorded on: Wednesday 17th February 2021
SASIG Metrics Academy Session 1 - Meaningful metrics (part 1): Why and how data is changing the way we manage human cyber risk
Join us for the first session in our four-part Metrics Academy series. The ‘security awareness’ space is evolving. Rapidly. So what has changed? And why? Find out how metrics, data and reporting have evolved cybersecurity from simple compliance to human-focussed risk management. This interactive session will include a panel discussion and workshop.
Recorded on: Friday 5th February 2021
Using the MITRE ATT&CK framework to drive risk remediation programs and mitigate cyber attacks
This webinar explores the value and utility of the MITRE ATT&CK framework - a globally accessible knowledgebase of adversary tactics and techniques. Learn how to leverage the MITRE framework to assess your cyber maturity against security standards and define a prioritised roadmap for addressing critical gaps in your security, based on common, high-frequency tactics and techniques.