Name: Revolutionizing Compliance and Third-Party Governance
Start: 2025-08-01T15:00:00Z
End: 2025-08-01T15:00:59.000Z
Location: BrightTALK
Rating: 0

Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Artificial intelligence systems pose a particular challenge with respect to cybersecurity, owing to their greatly expanded “attack surface” - i.e., the number of all possible attack vectors where a threat actor can access and extract or compromise data. Not surprisingly, with a greatly expanded attack surface comes greatly expanded legal exposure. In this presentation, which is designed specifically for current and aspiring corporate directors and CISOs, a panel of AI/InfoSec attorneys will examine the new cybersecurity mandates stemming from U.S. and multinational Al laws and the needed responses.

Objectives include:
• Providing actionable information, task lists, and discussion points that existing and aspiring directors can immediately take into the board room;
• Offering CISOs an understanding of current AI laws and their legal implications, such as OMB M-25-21 and the EU Artificial Intelligence Act, and
• Obtaining critical insights from leading on-point publications and frameworks from OWASP, ISO/IEC, and NIST.

What Directors and CISOs Need to Know About Cybersecurity Mandates for AI Systems

As businesses increasingly rely on cloud-based services to power their operations, the complexities of cross-border data transfers and data localization requirements have become a major concern — especially for multinational organizations. This webcast will explore the evolving regulatory landscape, security challenges, and privacy risks companies must address when handling data across jurisdictions. Join Illena Armstrong, President at Cloud Security Alliance as she sits down with Peter Kosmala, Course Developer & Instructor at York University as they discuss:
• Regulatory complexities: Understanding evolving global data privacy laws (e.g., GDPR, CCPA, China’s PIPL, India’s DPDP Act) and their impact on cross-border data flows.
• Data localization mandates: How country-specific regulations force businesses to rethink their data storage and transfer strategies.
• Cloud security risks: The challenges of ensuring data integrity, compliance, and access control when using globally distributed cloud infrastructure.
• Mitigating cyber threats: Best practices for securing sensitive data in transit and at rest, protecting against breaches, and ensuring third-party vendors meet security standards.
• Operational and business implications: The balance between regulatory compliance, operational efficiency, and the cost of implementing localized data storage strategies.

Attendees will gain valuable insights into how businesses can navigate these challenges while maintaining security, privacy, and compliance across multiple jurisdictions. This deep dive into the future of cross-border data management and the strategies organizations need to mitigate risk in an increasingly complex regulatory environment will be of interest to everyone.

Data in Transit: Cross-Border Challenges for Security and Privacy

Dive into a full year of SOC data to identify trends in infrastructure targets, malware, schemes, and more to uncover strategies for improving your security resilience in the coming year. We’ll cover:
• Security data specific to the FinServ industry, including specific threats to be aware of and remediation tactics
• Comparisons of trends in FinServ versus cybersecurity customers as a whole
• Recommendations for keeping your FinServ organization secure

Analyzing Annual SOC Data to Inform Your 2025 FinServ Security Strategies

The CSA Enterprise Authority to Operate (EATO) Framework is an assessment, remediation, consultancy, and certification framework. It targets Anything-as-a-Service (XaaS) providers and their entire underlying supply chain who are catering to customers in highly regulated industries processing sensitive data. EATO controls are based on CCMv4, with augmented controls to reflect tight regulatory requirements, and the certification plugs into the CSA STAR Framework as a Level 2 “premium” version. EATO will follow a subscription based model with shared funding of one single cycle (Audit – Findings – Remediation under independent guidance – Re-Audit – Trusted Certification) conducted by CSA certified partners, instead of duplicative assessments by each individual corporate customer.

The CSA Enterprise Authority to Operate (EATO) Framework

As organizations realize security and operational benefits of protecting users with zero trust principles, they are also achieving value for extended environments like office branches, factories, data centers, and clouds. This session will demonstrate how they adopt and operationalize these locations by extending their zero trust architecture to branch offices, cloud workloads, and OT/IoT devices.

Extend Zero Trust to your Branch, Factories and Cloud Environments

With the emergence of AI agents transforming how organizations operate, securing the AI infrastructure itself becomes increasingly central to security leaders. How much of traditional security strategies like shift left and zero trust can be applied to AI security? As organizations integrate AI deeper into their operations, they must determine which established practices remain effective and where new approaches are needed. 

Join Caleb Sima, Chair of the Cloud Security Alliance AI Safety Initiative, and Sysdig's CISO Sergej Epp as they explore the frontlines of AI security. They'll discuss practical strategies for securing and hardening AI workloads, responding to incidents and threats and reflects some misconceptions of AI Security. Sergej will also reveal the pivotal insights that led him from Palo Alto Networks to champion a runtime-first approach to cloud security.

Assume Breach: Securing AI Workloads & Investigating Breaches

Business continuity is top of mind in 2025. With AI-fueled cyberattacks at an all-time high, geopolitical instability in the news, and an ever-growing number of regulations to deal with, organizations are looking for solid foundations on which to build their operations.

In this webinar we will peel back the layers of operational resilience and explore practical ways in to help organizations:
• Remain compliant to regulations covering business continuity
• Protect their brand and reputation in an always-on world
• Look in detail at how to keep its mission critical services online
• Adopt fully managed business continuity cloud solutions

You should expect to come away from this webinar confident in your ability to stay compliant and operational, even during the most trying of circumstances.

Managed Business Continuity Cloud Solutions

Ever wonder what security leaders across industries are focusing on in the GRC space? What are their top priorities, and how should they shape yours?

Join Vanta’s GRC Subject Matter Expert, Faisal Khan, and Daniele Catteddu, CSA's Chief Technology Officer, for a deep dive on building and scaling GRC programs. They will share their take on the role of trust, AI, and automation in strengthening your foundation and preparing for what’s next.

What to expect:
Point of view on top of mind issues for GRC leaders
Role of trust management in scaling GRC 
Where to prioritize AI and automation in GRC

Scaling GRC with Trust, AI, and Automation

Dive into a full year of SOC data to identify trends in infrastructure targets, malware, schemes, and more to uncover strategies for improving your security resilience in the coming year. We’ll cover:
• Security data specific to the FinServ industry, including specific threats to be aware of and remediation tactics
• Comparisons of trends in FinServ versus cybersecurity customers as a whole
• Recommendations for keeping your FinServ organization secure

Artificial Intelligence (AI) is revolutionizing IT systems, rapidly becoming essential for organizations of all sizes. AI risks differ by industry, organization, country, business problem, and complexity. Managing these risks is crucial for user and data security. Join Charles Cresson Wood, author of Internal Policies for Artificial Intelligence Risk Management, and Illena Armstrong, President of Cloud Security Alliance, for a discussion on AI, the need for new risk management approaches, and the possible establishment of a Chief Artificial Intelligence Risk Officer (CAIRO) role in organizations using AI.

Evolving Your Risk Management Strategy Due to Advances in Artificial Intelligence

With AI dominating security conversations, it’s easy to get lost in the hype. What’s real today, and what’s still just a promise for the future?

Join Jesse Booth, Sr. Director of Security Operations at GoTo, Rex Guo, CEO of Culminate, and John DiMaria, Chief of Staff of Cloud Security Alliance, for a 60-minute webcast where they’ll cut through the noise and share how GoTo is successfully leveraging AI in its SOC right now—delivering measurable security and operational improvements right now—delivering measurable security and operational improvements.

5 Real AI-Powered Use Cases in GoTo’s SOC—What’s Working Today

Join us for an exclusive fireside chat with Oasis Security, where industry experts will share insights, experiences, and perspectives on today’s most pressing topics. This informal yet informative session is designed to provide valuable takeaways in a conversational setting.

Top Cloud Threats within AI Security

The PCI DSS v4.x has some new requirements that go into effect March 31, 2025 and cloud service providers need to be aware and ready. Among the more significant changes, the updated Appendix A1:  Additional Requirements for Multi-Tenant Service Providers will require providers to demonstrate good security of payments environments with clear separation between customers and facilitate logging and incident response.  

Join Troy Leach, Chief Strategy Officer at Cloud Security Alliance, along with a panel of PCI compliance experts, for our next FinCloud Friday webinar. This session will break down key changes, their impact on cloud service providers, and what your organization must have in place before the deadline. Stay ahead of compliance challenges and ensure your security controls align with the latest PCI DSS v4.x standard.

Key Topics:
• Overview of the new requirements for multi-tenant service providers
• Engagement strategies for partnering with cloud service providers
• Expert insights on best practices  to meet PCI DSS objectives

Don’t miss this essential discussion—register today to ensure your organization is ready!

Navigating the new PCI DSS v4.x Requirements for Cloud Service Providers

Identity security has traditionally been viewed as a critical yet limiting layer of defense—a necessary barrier against evolving cyber threats. But what if identity management could become more than a defensive perimeter? In this session, we'll explore how forward-thinking enterprises are leveraging non-human identities, as a catalyst for innovation, agility, and business acceleration. Join us to discover:
• How proactive identity strategies enable rapid adoption of emerging technologies, from generative AI to automated DevOps.
• Real-world examples where robust management of non-human identities empowered organizations to launch new services and solutions confidently and securely.
• Practical guidance on shifting your organization's perspective from seeing identity security solely as a risk mitigation tactic to embracing it as a strategic enabler of growth and innovation.
• Turn identity security into your organization's competitive advantage.

From Barrier to Catalyst: Transforming Identity Security into an Engine of Innovation

As businesses rapidly adopt cloud and SaaS technologies, the traditional model of centralized IT control has given way to business-led technology decisions. Rather than fighting this shift, forward-thinking security teams are embracing it by implementing unified visibility and intelligence across their expanding digital ecosystem. This session explores how modern access security and data-driven governance enables organizations to support business-driven innovation while maintaining security control.

Beyond Shadow IT: Enabling Business Innovation Through Unified Access Intelligence

Cloud security teams are inundated with alerts, making it difficult to prioritize what matters most and resolve issues efficiently. While this isn’t a new problem, understanding the scope and scale of the challenge is key to finding solutions. To dive deeper, we analyzed 3,960,090 alerts from our proprietary data to break down the problem at scale. In this session, we’ll reveal the most common misconfigurations and explore the factors behind dangerously long dwell times and high MTTR, some stretching up to 498 days and 285 days, respectively. What’s adding to the complexity? Inconsistent severity ratings across different tools, making prioritization even harder. But it’s not all doom and gloom. We’ll highlight quick wins you can implement today, along with key alert types to prioritize for faster triage and risk reduction. By the end of this session, you’ll learn from our expert services team how they tackle these problems at scale every day, and you’ll take away your data-backed strategies to cut through the noise, tackle high-risk misconfigurations, and improve your cloud security posture.

From Alert to Remediation: Millions of Alerts Analyzed to Shape Your Strategy

Many people still view AI as primarily Large Language Models (LLMs) like ChatGPT, posing business risks through employee interaction. However, AI now includes various types of language models, productivity platforms like Co-Pilot, and Agentic AI that trains "robots" to perform technical tasks.

These AI agents, driven by specialized language models, operate autonomously and raise cyber risk by using non-human accounts for data access and workflow integration. Despite these risks, they offer benefits in vulnerability management, security operations, and automatic remediation.

Join Illena Armstrong, President of CSA and Rick Dotan, CISO at Carolina Complete Health, as they explore the risks and benefits, current organizational uses, and future developments of this ever evolving technology.

The Risks and Benefits of AgenticAI to Cybersecurity and Your Organization

The integration of Agentic AI and advanced machine learning (ML) in the financial services sector is redefining defensive security practices, enabling organizations to strengthen their ability to respond to cyber threats and ensure regulatory compliance. Agentic AI, with its autonomous decision-making capabilities, combined with ML-driven techniques, is enhancing incident response, policy enforcement, and security operations through automation and real-time adaptation. This abstract explores how Agentic AI and advanced ML are transforming key areas of defensive security, including incident response, playbooks, code reviews, and the creation of security architecture blueprints. These AI-powered solutions facilitate the automation of security processes, such as policy-as-code implementation and the development of configuration baselines that ensure consistency and resilience across complex IT environments. Furthermore, Agentic AI enables dynamic risk assessments by continuously analyzing potential vulnerabilities and suggesting mitigations. By embedding AI and ML into these critical security domains, financial institutions can enhance their proactive defense posture and reduce human error in security operations. The paper also discusses the ethical considerations, regulatory challenges, and best practices for integrating Agentic AI into security frameworks, underscoring its role in creating a more agile, secure, and resilient financial services ecosystem.

March FinCloud: AI in Financial Services for Defensive Security

Resiliency is an increasingly important global business and compliance priority across different jurisdictions and business sectors, particularly financial services and those considered to be critical infrastructure. This panel discussion will provide practical organizational and architectural guidance for leveraging Zero Trust security strategy principles to achieve operational resiliency and regulatory compliance.  Key global regulatory requirements for resiliency will be examined, along with aspects of operational resilience where Zero Trust principles can be beneficial in achieving both operational and compliance objectives.

Building Resiliency: Strategies for Compliance and Operational Excellence

Join us for an informative webinar as we delve into the recent release of the Cloud Control Matrix (CCM) version 4.0 by the Cloud Security Alliance (CSA) and its mapping to the latest iteration of the Payment Card Industry Data Security Standard (PCI DSS) version 4.0. In this session, we will explore the intricacies of these essential industry standards and how their alignment can enhance security and compliance within the cloud environment. 

Our expert panelists will discuss the key changes and updates in both the CCM 4.0 and PCI DSS 4.0 standards, highlighting their significance in today's evolving cybersecurity landscape. Through practical insights and real-world examples, attendees will gain a deep understanding of the intersection between cloud security best practices and payment card data protection.

Whether you are a cloud service provider, a PCI DSS-compliant organization, or a security professional seeking to bolster your knowledge, this webinar offers a valuable opportunity to stay current with industry trends and best practices. Don't miss the chance to explore the synergy between CCM 4.0 and PCI DSS 4.0 and how it can drive your organization's security posture to new heights.

Mapping the Cloud Control Matrix (CCM) 4.0 to PCI DSS 4.0

A well-defined cyber risk appetite is foundational to building any firm's information security program in alignment with a firm’s business objectives and values. Yet guidance on what makes a cyber risk appetite effective--especially for firms that will significantly rely on cloud platforms--is arguably lacking, including standards for establishing risk appetite compliance thresholds from KPIs, KRIs, and KCIs. This talk will share current and forthcoming guidance and practices for developing a cyber risk appetite pertinent for firms that will rely on secure critical cloud-based operations.

Bon Appetite: Determining Cyber Risk Appetite Pertinent to Cloud Computing

The finance industry is constantly evolving, driven by the need for increased operational efficiency, reduced costs, and improved accuracy. In this context, Robotic Process Automation (RPA) has emerged as a transformative technology that enables organizations to automate repetitive and rule-based tasks, freeing up human resources for more strategic and value-added activities. But with taking tasks out of the hands of humans comes potential security vulnerabilities.

This presentation explores the implementation of Robotic Process Automation (RPA) initiatives in the finance industry while addressing the crucial aspect of security concerns. It begins by introducing RPA's role in automating repetitive tasks and its benefits to the finance industry, such as improved accuracy and reduced costs. However, the session will acknowledge the potential security vulnerabilities associated with RPA and emphasize the need for proactive measures to mitigate risks. We will delve into specific security challenges, including unauthorized access to sensitive financial data and inadequate control over robot activities, while also highlighting compliance requirements and regulation best practices, such as the importance of continuous monitoring, auditing, and incident response mechanisms to detect and address security breaches is also discussed.

Overall, this presentation provides participants with a comprehensive understanding of RPA initiatives in the finance industry and the necessary steps to address security concerns. It equips attendees with practical strategies and best practices to deploy RPA while ensuring a safe and secure operational environment.

Securing Robotic Process Automation in Finance: Safe & Efficient Automation

Join John Kindervag, Senior Vice President of Cybersecurity Strategy at ON2IT Group and esteemed Fellow and Founder of Zero Trust, as he delivers an insightful webinar exclusively for the CSA Financial Services community.

In this session, John will delve into the On2IT managed service Zero Trust implementation methodology and its practical application within a fictional financial institution. Zero Trust, a comprehensive enterprise security strategy, addresses the unique challenges of modern, cloud-centric, and remote work environments. It encompasses various aspects such as cloud and multi-cloud environments, internal and external user endpoints (including organizational and BYOD devices), on-premises and hybrid systems, as well as considerations for both operational technology (OT) and the Internet of Things (IoT).

Don't miss this opportunity to gain valuable insights into implementing Zero Trust within the financial services industry. Register now for this informative webinar.

ON2IT Zero Trust Implementation for Financial Institutions

As more of Financial Services migrates to cloud operations, managers must plan for ways to train up their technology workforce, supplement with industry expertise where necessary and develop new strategies to adequately address a complex world of IT operations, security and regulated data. John McDonald, Chief Cloud Controls Officer at Barclays and Jimmy Barber, VP Cloud Security at Global Payments join this session of FinCloud Fridays to share their experience and recommendations to empower cloud security staff to keep pace with industry change to protect critical assets and demonstrate assurance to corporate expectations.

Empowering Cloud Security Professionals in Financial Services

Cloud Service Providers (CSPs) are often the first line of defense regarding new technology. CSPs support various financial services companies, including banks, insurance firms, asset managers, and investment funds. The role of a CSP is to provide the tools and infrastructure required to support these organizations' operations, whether it be a data center, disaster recovery site or any other IT requirements.

Our panel of CSP representatives will discuss how cloud providers support the financial services industry and what the industry needs from the cloud, and how using STAR as due diligence facilitates implementing good security posture for high-risk sectors.

This is an excellent opportunity for anyone who works in the financial services industry or wants to learn more about what it means for their business moving forward!

CSP Perspective Working with Financial Services

Billions of financial transactions are routed digitally all over the world each day, requiring many third-party service providers to protect not only the confidentiality and integrity of the information but also be able to clearly demonstrate to their cloud customers adherence to regulatory expectations.

This session will explore the Top 5 risks for third-party cloud services and recommend risk-management best practices for successfully protecting financial data.

Best Practices for Effective Third-Party Management

Whether you noticed it or not, data governance is very much back on the agenda globally, from the European General Data Protection Regulation (GDPR), to California's personal data and privacy law and everything in between. When doing business globally, the data chain of custody and associated responsibility, including data retention, is an increasingly important consideration as we move towards cloud-based data management services and big data analytics.
During this session, we will take you through the major changes around the world, delve into data governance issues and how they may impact the financial industry, and provide some predictions of upcoming trends. We will also discuss the current landscape and why the adequacy of the current regulations is still being debated.

Governance in the Cloud - Managing Data Regulation

In this webinar, Cloud Security Alliance will discuss the growth of cloud services for banking, fintech, crypto exchanges and other organizations managing financial data. Additionally, we’ll discuss CSA’s current efforts to work with industry on pilot programs and other projects to improve cloud migration, reduce regulatory redundancy, and improve security of third-party providers. This will also include a forecast of future opportunities to collaborate within CSA for financial services best practices going forward.

State of Cloud Security for Financial Services

FinCloud Fridays

Financial service organizations today face a maze of third-party and regulatory risks as they look to modernize their offerings, oversee their provider partnerships, and keep pace with emerging risks. The expanding technology footprint creates a much greater scope for compliance activities while the number of regulatory activities continues to rise.

Is there an easier, more efficient and effective way to improve governance, risk management and compliance, increase transparency and achieve objectives at scale?

This session will discuss the impact of new legislation such as DORA, NIS2, CRA, and other emerging standards and explore strategies for harmonizing compliance efforts without duplicating work.

The session will also discuss the recently revealed Compliance Automation Revolution (CAR) initiative whose mission is to establish industry standards, best practices and architectures for compliance automation, real-time evidence collection to improve visibility, harmonizing regulatory framework, fostering continuous assurance and driving risk quantification.

Revolutionizing Compliance and Third-Party Governance

Cloud

Cloud Security

Cyber Security

Security

Governance

Compliance

Financial Services

Automation

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Revolutionizing Compliance and Third-Party Governance

Presented by

About this talk

CSA Research