Cyber Resilience Awareness Day Virtual Summit

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Cyber resilience has become a trendy, all-purpose concept on which everyone can hang whatever they like. If we want our organizations and ecosystems to become more 'cyber resilient', it makes sense to first establish common ground on what cyber resilience actually means. It is not synonymous to cybersecurity nor operational resilience, and it is more than just adding response and recovery to prevention into a cocktail blender.

You're invited to join discussions on high value targets, critical asset taxonomy, threat informed defense, threat modeling, best-in-class cyber resilience frameworks, cyber resilience architectural concepts and methodologies & cyber resiliency skills. We will point as well to the Cyber Resilience Manifesto as a foundational compendium to this talk.

Featuring:
• Francesco Chiarini: ISSA, High Value Target
• Patrick Lechner: Co-Founder, Managing Director, resion - innovative cyber resilience
• Mehdi Azaouioui: ISSA, CEO LimberSecurity

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

In this session we will review Sheltered Harbor Data Vaulting, which is designed to enable a financial institution to survive despite a severe but plausible outage such as might result from a cyber attack that causes the loss of all customer data.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Organizations often rely heavily on industry best practices and standards to guide and reassure them in deciding how to enhance their cyber resilience posture. However, knowing what “good resilience” looks like in theory is proving a necessary but insufficient condition to drive meaningful improvements in the resilience of our increasingly digital enterprises and economies. To move the dial on better outcomes, we need to be willing to look below the surface of our network topologies and be radically curious about the human and interpersonal complexity we find underneath.

In this talk, Anne Leslie will delve into the intricate, unspoken dynamics that exist between diverse stakeholder groups with diverging incentives and competing interests, best-practice domain expertise, organizational processes, and defensive technologies in achieving robust cyber resilience, drawing on actionable insights from the disciplines of dispute resolution, negotiation, and psychology. By examining how individual and group identities, behaviors, emotions, and power dynamics collide in our organizations, she will offer participants a new mental model for thinking about how to drive better cyber resilience outcomes, with practical recommendations for navigating the complex decision-making and operational steering that underpin all cyber resilience-building efforts.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

The NICE Framework provides standard language for describing cybersecurity work. In 2024, the NICE Program Office at the National Institute of Standards and Technology (NIST) published 11 Competency Areas aimed at supporting assessment and professional development in emerging and multidisciplinary cybersecurity domains, including Cyber Resiliency. Following engagement with diverse subject matter experts, the NICE team has developed an inventory of Knowledge and Skills that practitioners of cyber resiliency need to do their jobs.

This presentation will explain Competency Areas and summarize the development of the Cyber Resiliency Competency Areas. It will also highlight opportunities for applying the Cyber Resiliency Competency Area across areas of cybersecurity work represented in the NICE Framework. Finally, the presentation will provide information about how stakeholder can engage in the continuing improvements to the NICE Framework.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Space is a critical asset for the United States. It represents the nerve center of many advanced communications and defense systems vital to the economic and national security interests of the nation. NIST is partnering with NASA’s Jet Propulsion Laboratory in the first of its kind experiment to use the security design principles in SP 800-160, Volume 1 to protect a real space flight system. This session will describe the pilot project’s strategy, hypotheses, objectives, outcomes, and metrics for success.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

The CRO is a Senior Executive responsible for creating a modern resilience capability. They not only anticipate, defend and adapt to threats by studying the global landscape and asking, "Could this happen to our company?", but also by determining the best strategy to prevent it, and more importantly, do so in a way that positions organizations to capitalize on disruption and uncertainty.

Featuring:
• David Young: Business Continuity and Organizational Resilience Leader, Panasonic Energy of North America
• Chika Okoli: GRC Consultant, Miratech

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Traditional Indicators of Compromise (IoCs) fall short in detecting advanced persistent threats, which are becoming increasingly sophisticated and evasive. The Indicators of Behavior (IoB) Subproject under the Open Cybersecurity Alliance (OCA) aims to overcome these limitations by shifting the focus from static artifacts like virus signatures to dynamic patterns of adversarial behaviors.

This talk will explore the IoB Subproject's efforts to standardize the representation of cyber adversary behaviors, enhance the sharing of behavioral patterns across organizations, and improve analytics for behavior-based threat detection. We’ll also discuss how IoB builds upon the widely adopted STIX2.1 framework, incorporating behavior-based indicators for better detection and mitigation of threats. Attendees will gain insights into the latest developments in threat detection methodologies, including actionable playbooks and workflows designed to streamline incident response processes.

In this webinar we will present key insights from the latest survey conducted by the Information Systems Security Association (ISSA), highlighting the current state of cyber resilience across various industries.

This session will explore critical findings, including the effectiveness of cyber defense strategies, emerging challenges, and best practices for enhancing organizational resilience in the face of evolving threats. Attendees will gain a comprehensive understanding of how organizations are adapting to the complex cyber landscape, as well as a valuable benchmark for improving their cyber resilience posture.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

The talk will address the diverse challenges encountered when implementing a comprehensive cyber resilience strategy at scale. These include aligning organizations at different levels of cybersecurity maturity, managing legacy systems, and addressing specific OT-related risks.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

This presentation dives into real-world experiences in responding to cybersecurity crises on a global scale and the critical steps for recovery. Drawing from over two decades in the field, Ashley Fairman will share key lessons learned from handling high-pressure cyber incidents across industries from DoD to Big Tech.

From initial response to full recovery, this session will guide businesses through the process of managing cyber crises and rebuilding with resilience. Key topics will include incident management frameworks, stakeholder communication, regulatory considerations, and long-term recovery planning.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Resilience is the ability to remain viable amidst adversity and to be better for it. The world has come to realize incidents will happen. The key is to detect faster and to recover quicker. Malicious actors understand our technical defenses are strong, so they exploit the softer dimensions of people, process, and organization.

In this session, we will level-set the guiding principles of resilience while walking through national and international efforts, including legislation, regulations, and standards. After laying the foundation, the session will map out the core steps to achieve resilience while providing lessons learned and street knowledge so you can make informed decisions.

The President’s Council of Advisors on Science and Technology (PCAST) produced “Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World.”

The EU enacted the Network and Information Security Directive (NIS2) to raise the level of resilience across the EU. The EU also passed the Digital Operational Resilience Act (DORA) to further bolster the financial services sector. Other nations like Canada have similar efforts.

The session will suggest tools and techniques to facilitate your journey along with metrics, statistics, and case studies to make informed decisions.

Featuring:
• Alex Sharpe: CEO, Sharpe llc
• Adam Isles: Principal, Chertoff Group
• Mark Orsi: CEO, GRF
• Gentry Lane: CEO, CTO & Founder, Nemesis Global
• Dr. Georgianna "George" Shea: CTO FDD and PCAST Member

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Beyond the Basics: What Firefighting Can Teach Us About Cyber Resilience – Unveiling the IDRRA Framework for Dynamic Defense

What it means to be truly resilient—because in the world of cyber, as in firefighting, preparedness & adaptability are everything. When we think of cyber resilience, we often default to the basics: protect, detect, and respond. But true resilience goes beyond these elements. Just as firefighters don't just react to a fire but prepare, anticipate, and adapt their tactics based on an evolving understanding of the situation, organizations must rethink how they approach cyber resilience.

In this session, I will introduce the IDRRA Framework (Investigate, Declare, Respond, Recover, Adapt), a proprietary approach that borrows from the disciplined, dynamic, and proactive strategies of firefighting to better prepare for and respond to cyber threats. This framework challenges the conventional wisdom of cyber security, moving beyond static defense and response to embrace a more agile, adaptive, and holistic approach to cyber resilience.

Just as firefighting is a mix of preparation, swift response, and continuous adaptation, true cyber resilience requires a blend of technical excellence, operational agility, and cultural commitment. It’s time we stop seeing cyber resilience as a checkbox activity and start treating it as an ongoing operation—dynamic, complex, and ever-evolving.

Join me for this thought-provoking session where we will delve into the IDRRA framework, drawing parallels with firefighting to uncover the unspoken elements of CR that many organizations overlook. Let's explore how adopting this framework can transform your approach to security, turning your organization from a passive defender into a proactive, adaptive force in the face of cyber threats.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

The CREF Navigator™ was developed as a web based relational tool distilling the complex concepts and relationships from NIST SP 800-160 Volume 2 (Rev 1) into useful cyber resiliency terms, tables, and relationship visualizations enabling architectural and engineering analysis. The tool contains a hover-over, clickable dictionary of cyber resiliency terms; customizable visualization of complex relationships to other frameworks; the ability to balance and prioritize cyber resiliency choices based on nodal analysis; and export and import capabilities from ATT&CK® Navigator for presentation and analysis. The tool also provides an excellent crash course reference and training tool for those uninitiated to cyber resiliency concepts that is available to the masses via the internet for free.

Sign up for this talk and ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

This session provides a strategic framework for navigating the complex and chaotic landscape of cybersecurity risks, emphasizing the need for resilience in the face of rising cyber threats.

The presentation outlines key survival strategies, including developing "meta" systems, cultivating domain awareness, promoting risk awareness, and investing in contingencies and controls. It highlights the importance of establishing Risk Level Agreements™ and integrating business operations with security operations.

The discussion covers essential topics such as governance, vulnerability management, and the concept of "Cyber Entropy™," focusing on how increasing complexity, dependencies, and external threats challenge cybersecurity efforts. The overall message encourages organizations to embrace risk, acknowledge conflict, and strategically plan for resilience through governance, risk management, and continuous system improvement.

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Power utilities use a variety of Industrial Control Systems (ICS) to manage their operations which are structured into six independent but interconnected zones: Power Generation, High Voltage (HV) Transmission System Operation (TSO), Medium Voltage (MV) Distribution System operation (DSO), MV Distributed Generation, Low Voltage (LV) power delivery and LV Distributed Generation. Each of these zones includes electrical and mechanical assets, process controllers and communications, which perform local control within their zone and communicate with other zones. The power grid structure described here is in line with the deployment of the Smart Grid architecture, which also includes MV and LV distributed generation, and Industrial Internet of Things (IIoT).