Redefining CyberSecurity

Guests:Helen Oakley, Director of Secure Software Supply Chains and Secure Development, SAPOn LinkedIn | https://www.linkedin.com/in/helen-oakleyOn Twitter | https://x.com/e2hlnOn Instagram |https://instagram.com/e2hlnLarry Pesce, Product Security Research and Analysis Director, Finite State [@FiniteStateInc]On LinkedIn | https://www.linkedin.com/in/larrypesce/On Twitter | https://x.com/haxorthematrixOn Mastodon | https://infosec.exchange/@haxorthematrix____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesSean Martin and Marco Ciappelli kicked off their discussion by pondering the intricacies and potential pitfalls of the AI supply chain. Martin humorously questioned when Ciappelli last checked the entire supply chain of an AI session, provoking insightful thoughts about how people approach AI today.The conversation then shifted as Oakley and Pesce were introduced, with Oakley explaining her role in leading cybersecurity for the software supply chain at SAP and co-founding the AI Integrity and Safe Use Foundation. Pesce shared his expertise in product security research and pen testing, emphasizing the importance of securing AI integrations.Preventing the AI ApocalypseOne of the session's highlights was the discussion titled "AI Apocalypse Prevention 101." Oakley and Pesce shared insights into the potential risks of AI overtaking human roles and discussed ways to prevent a hypothetical AI apocalypse. Oakley humorously noted her experimentation with deep fakes and emphasized the importance of addressing the root causes to avert catastrophic outcomes.Pesce contributed by highlighting the need for a comprehensive Bill of Materials (BOM) for AI, pointing out how it differs from traditional software due to its unique reliance on multiple layers, including hardware and software components.AI BOM: A Tool for Understanding and ComplianceThe conversation evolved into a discussion about the AI BOM's significance. Oakley explained that the AI BOM serves as an ingredient list, akin to what you would find on packaged goods. It includes details about datasets, models, and energy consumption—critical for preventing decay or malicious behavior over time.Pesce noted the AI BOM's potential in guiding pen testing and compliance. He emphasized the challenges that companies face in keeping up with rapidly evolving AI technology, suggesting that AI BOM could potentially streamline compliance efforts.Engagement at the CISO Executive SummitThe speakers touched on SECTOR 2024's CISO Executive Summit, inviting senior leaders to join the conversation. Oakley highlighted the summit's role in providing a platform for addressing AI challenges and regulations. Martin and Ciappelli emphasized the value of attending such events for exchanging knowledge and ideas in a secure, collaborative environment.Conclusion: A Call to Be PreparedAs the episode wrapped up, Sean Martin extended an invitation to all interested in preventing an AI apocalypse to join the broader discussions at SECTOR 2024. Helen Oakley and Larry Pesce left listeners with a pressing reminder of the importance of understanding AI's potential impact.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190SBe sure to share and subscribe!____________________________ResourcesLearn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrfTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

SecTor, Canada’s largest cybersecurity conference, today announced the release of its full schedule of Summits for SecTor 2024. The live, in-person event will take place from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto. Summits will take place on Tuesday, October 22 and include:SecTor Executive Summit – This Summit will offer CISOs and other cybersecurity executives an opportunity to hear from industry experts helping to shape the next generation of information security strategy. Sponsors include: Armis, Sysdig, Cyera, and Trend Micro. To apply, please visit blackhat.com/sector/2024/executive-summit.html.Inaugural AI Summit at SecTor – This Summit will take place as part of The AI Summit Series, a global conference and expo series focusing on practical applications of AI technologies. This Summit will underscore the importance of artificial intelligence (AI) as an organization’s newest and greatest weapon within the ever-evolving cybersecurity landscape. Passes can be purchased here: blackhat.com/sector/2024/ai-summit.html.Cloud Security Summit at SecTor – This Summit is Canada’s leading cloud security event featuring keynote speakers, panel discussions, and networking opportunities, and provides an invaluable opportunity for every security professional to engage with leaders and discuss the future of cloud security. Sponsors include: CrowdStrike, Cyera, Kyndryl, Okta, OpenText, StrongDM, Sysdig, and Lookout. Passes can be purchased here: blackhat.com/sector/2024/cloud-summit.html.Note: This story contains promotional content. Learn more.ResourcesLearn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaLearn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

About the CISO Circuit SeriesSean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guests: Michael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacenteMandy Huth, Global CISO - VP of Cybersecurity, Kohler Co.On LinkedIn | https://www.linkedin.com/in/mandyhuth/Whitney Merrill, Head of Global Privacy & Data Protection Officer, Asana [@asana]On LinkedIn | https://www.linkedin.com/in/whitney-merrill-5ab05012/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Episode NotesIn this episode of the CISO Circuit series on the Redefining CyberSecurity podcast, co-hosts Sean Martin and Michael Piacente lead an engaging discussion about the current state of cybersecurity leadership, liability, and protection. Their conversation features insights from two distinguished guests: Mandy Huth, an enterprise security leader with over 20 years of experience, and Whitney Merrill, a privacy attorney with a strong background in computer science and legal frameworks around consumer protection.The discussion opens with an exploration of individual liability for cybersecurity leaders and broader business leadership within organizations. Whitney Merrill argues that regulators like the FTC and SEC are increasingly holding individuals accountable for security and privacy lapses. The conversation highlights notable cases where executives have faced scrutiny, emphasizing the growing expectation for tangible processes and proper security postures within organizations.Mandy Huth underscores the importance of shared responsibility and accountability within a business, noting that security decisions are not made in isolation. She advocates for a collaborative approach where security leaders outline risks comprehensively to allow for informed decision-making across the executive team. Huth also expresses concern over the proliferation of CYA (Cover Your Ass) practices that prioritize documentation over meaningful risk mitigation, warning that this can dilute the effectiveness of security programs.Another central theme in the episode centers on the need for standardized frameworks and a common language to articulate risk across an organization. Both guests highlight the need for clear, consistent communication of risks to build a unified understanding among all stakeholders, from the board to individual teams. Piacente and Merrill emphasize that while existing frameworks like NIST and ISO provide a foundation, there is an ongoing need to adapt these frameworks to align with industry-specific contexts and evolving regulatory expectations.A significant takeaway from the conversation is the role of systemic risk and the potential outsized impact of seemingly minor vulnerabilities. Huth and Merrill caution against underestimating these risks and advocate for continuous improvement and adaptation of security measures. They suggest that prioritizing business-friendly security practices can help foster greater adoption and collaboration across the enterprise.The episode concludes with reflections on the future landscape of cybersecurity regulation and practice. Whitney Merrill envisions a shift towards democratizing security, making it more accessible and achievable for small businesses through standardized, affordable solutions. Meanwhile, Huth calls for a balance between regulatory clarity and flexibility to ensure innovative small businesses can thrive without being stifled by onerous security requirements.Overall, the conversation provides valuable insights into the complexities of cybersecurity management, emphasizing the importance of collaboration, clear communication, and adaptability in navigating modern security challenges. These discussions are essential for any business leader or security professional looking to enhance their organization's resilience against cyber threats.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Steve Wylie, Vice President, Cybersecurity PortfolioOn LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Black Hat SecTor Conference, scheduled for October 22-24, 2024, in Toronto, promises an array of discussions and insights into the cybersecurity domain. Steve Wylie, General Manager of Black Hat, joins ITSP Magazine's Sean Martin and Marco Ciappelli to preview the upcoming event. Wylie highlights the acquisition of SecTor by Black Hat in 2019, underscoring its unique focus on the Canadian cybersecurity community while maintaining global research standards.This year's event features three main components: summits, briefings, and a business hall. The summits, including a new AI summit, address various specialized topics, while the briefings provide in-depth research presentations. Keynote speakers like New York University’s Omkhar Arasaratnam, who will discuss security in open-source platforms, further enrich the event. Arasaratnam's focus on the XZ Utils backdoor incident emphasizes the critical nature of open-source security, highlighting both risks and mitigation strategies.The agenda also includes a diverse range of sessions on AI, reflecting its significant role in current cybersecurity practices. Talks range from AI vulnerabilities to the protection and utilization of AI in enterprise security. Sessions such as "15 Ways to Break Your Co-Pilot" and discussions on deepfake image detection systems present real-world challenges and solutions in this area.Wylie also discusses the importance of community engagement, noting the sector's provisions for networking and collaboration. The founders of the original event continue to contribute actively, ensuring the event remains closely tied to its original mission of serving Canada's cybersecurity professionals. Martin expresses enthusiasm for meeting regional participants and learning about their unique challenges and solutions, emphasizing the value of shared knowledge and strategies. The event is positioned as a vital convergence point for both local and international cybersecurity insights and advancements.In summary, SecTor 2024 aims to foster a robust exchange of ideas and solutions, drawing from a wide array of expertise within the cybersecurity field. Attendees can look forward to engaging with high-profile speakers, participating in focused discussions, and exploring the latest industry innovations.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190SBe sure to share and subscribe!____________________________ResourcesLearn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrfTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests:Dan Nutkis, Founder and Chief Executive Officer of HITRUSTOn LinkedIn | https://www.linkedin.com/in/daniel-nutkis-339b93b/Robert Booker, Chief Strategy Officer at HITRUSTOn LinkedIn | https://www.linkedin.com/in/robertbooker/Omar Khawaja, CISO, Client at DatabricksOn LinkedIn | https://www.linkedin.com/in/smallersecurity/Cliff Baker, CEO at CORL TechnologiesOn LinkedIn | https://www.linkedin.com/in/cliffbaker/Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & DeeterOn LinkedIn | https://www.linkedin.com/in/aehicks2000/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesThis episode of the On Location series takes place during HITRUST Collaborate 2024 brought together leading figures in cybersecurity to share their experiences and insights. Moderated by Sean Martin, host of the Redefining CyberSecurity Podcast, the panel included Dan Nutkis, Founder and Chief Executive Officer of HITRUST; Robert Booker, Chief Strategy Officer at HITRUST and former Chief Information Security Officer at UnitedHealth Group; Omar Khawaja, CISO, Client at Databricks and former Chief Information Security Officer at Highmark Health; Cliff Baker, CEO at CORL Technologies and Managing Partner at Meditology Services; and Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Deeter.The session kicked off with Sean Martin highlighting the importance of collaboration and conversation within the cybersecurity community. Dan Nutkis reflected on the early beginnings of HITRUST in 2007 and discussed the initial goal of establishing a comprehensive and effective framework for security. Nutkis highlighted the organization's ongoing commitment to continuous improvement and adaptability in addressing security needs.Omar Khawaja emphasized the need for setting high-security bars and how HITRUST has been instrumental in providing robust frameworks that simplify complex compliance requirements. He shared how Highmark Health leveraged the HITRUST certification to streamline their third-party risk management, ensuring better outcomes with fewer resources. According to Khawaja, HITRUST’s efforts in adapting to market needs and developing new assurance levels like the i1 and e1 have been vital in meeting evolving security demands.Cliff Baker discussed the innovation driven by HITRUST in the compliance space. Baker stressed the importance of the HITRUST ecosystem, which is designed not only to meet today’s security challenges but to anticipate future needs. The assurance framework and transparency provided by HITRUST have proven essential in building and maintaining trust within the healthcare industry.Andrew Hicks praised the rigorous QA process that HITRUST employs, which ensures that certified organizations maintain high standards of security. He emphasized how this rigorous process not only helps organizations achieve certification but also transforms their overall approach to cybersecurity.Robert Booker spoke about the continuous curiosity and commitment required to stay ahead in cybersecurity. He highlighted how HITRUST’s data-driven approach and innovations in areas like AI and continuous monitoring are crucial in maintaining relevance and enhancing security outcomes.Throughout the discussion, the panelists collectively underscored the importance of a robust, adaptable, and comprehensive security framework. HITRUST's continuous innovation and commitment to addressing real-world security challenges position it as a leader in the industry. The collaborative efforts of HITRUST and its community not only improve organizational security but also strengthen the overall reliability of the healthcare system.As HITRUST continues to evolve and introduce new initiatives, it remains a pivotal player in setting high security and compliance standards. The insights shared during this episode of On Location provide a glimpse into the future of cybersecurity and the ongoing efforts to safeguard sensitive data in the healthcare sector.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasBe sure to share and subscribe!____________________________ResourcesLearn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxayLearn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

HITRUST, leader in information security and third-party risk management (TPRM), has announced significant enhancements to its HITRUST Assessment XChange. This comprehensive solution addresses longstanding challenges in TPRM by integrating with leading TPRM platforms to streamline vendor risk management processes. These integrations solve the "last mile" challenge by enabling organizations to efficiently capture, consume, and analyze detailed assurance data.The HITRUST Assessment XChange operationalizes third-party risk management through end-to-end workflows that cover the entire vendor lifecycle—from initial evaluation to results analysis. This approach significantly improves information security risk capabilities, reducing time, costs, and complexity. It also allows organizations to manage risk with updated threat-adaptive controls, broad assessment options, and real-time updates on risk mitigation.Legacy approaches to TPRM have proven inefficient, with many organizations relying on outdated methods like spreadsheets or self-assessment questionnaires. In contrast, HITRUST’s solution offers a practical, effective, and comprehensive approach, making TPRM more manageable and secure across industries.HITRUST’s first planned integration with ServiceNow’s TPRM solution is set for release by the end of 2024, allowing users to leverage HITRUST's capabilities within the ServiceNow platform. This integration marks a new era in operationalizing information security TPRM, providing organizations with unprecedented visibility into vendor risk.Learn more about and stay up to date by visiting hitrustalliance.net/news.Note: This story contains promotional content. Learn more.ResourcesLearn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustLearn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn the third and final installment of the series titled "Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals," Sean Martin continues his compelling conversation with Kush Sharma. This episode focuses on the critical aspects of team dynamics, project management, and stakeholder engagement in the realm of cybersecurity.Kush Sharma elaborates on the importance of establishing a well-structured and communicated vision for security operations within an organization. He emphasizes the necessity of setting expectations with security teams before any major project initiation. According to Sharma, transparency is vital. Security leaders must candidly discuss with their teams that not every decision will tip in their favor, but their role is to advocate for security while being adaptable to business needs. He stresses the importance of documenting and following up on risk mitigation measures even if they aren't implemented immediately.Sharma also sheds light on the concept of integrating business and security functions more seamlessly. He proposes not just embedding security into business but also bringing business personnel into the security fold. By having business unit members work within security teams temporarily, organizations can build a robust line of communication and mutual understanding. This cross-functional approach creates internal champions for security measures and helps significantly cut costs as internal personnel generally have lower operational costs compared to external consultants.A significant portion of the episode revolves around the nuanced engagement with different stakeholders, particularly at the executive level. Sharma advises CISOs to view themselves as peers to other C-suite executives, prepared to defend their positions and decisions vigorously. It's crucial for CISOs to maintain this executive-level mindset and openly communicate the broader business implications of security decisions. Sharma highlights that making a business case for security and showing tangible returns on investment can secure better funding and support from the executive team, leading to more substantial investments in long-term security measures.Sean Martin wraps up the episode by touching on the importance of storytelling in cybersecurity. By translating technical achievements and risk mitigation efforts into relatable stories, CISOs can effectively communicate the value of their work across the organization. These narratives help ensure security remains a priority in business strategies and operations, fostering an environment where security considerations are integral to planning and executing new initiatives.In conclusion, the episode provides essential insights for current and aspiring CISOs on navigating the complexities of internal communications, leadership, and strategic planning in cybersecurity. Both Kush Sharma and Sean Martin offer practical advice and strategies that can help elevate the role of security within any organization, thereby protecting its infrastructure and supporting its growth objectives.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

HITRUST has announced the launch of HITRUST Continuous Assurance, a new strategic evolution aimed at enhancing security sustainability and outcomes through continuous control monitoring. This initiative builds upon the proven HITRUST ecosystem, providing organizations with an efficient way to manage security and compliance risks in the face of evolving cyber threats. Traditional approaches that prioritize compliance over security are increasingly inadequate, especially in the era of generative AI and sophisticated cyber-attacks.Continuous Assurance minimizes the risk of evidence decay by enabling organizations to monitor security controls continuously, ensuring that security requirements remain relevant and reliable. Key features of this initiative include automated evidence collection, a continuous monitoring taxonomy integrated with the HITRUST CSF, and enhanced workflows in HITRUST’s MyCSF platform. The system also supports integration with Governance, Risk, and Compliance (GRC) systems, ensuring streamlined risk management.HITRUST's Continuous Assurance will leverage its extensive certification framework, which has shown significant success. Notably, the 2024 HITRUST Trust Report highlighted that 99.4% of HITRUST-certified organizations did not report a breach over the past two years. Continuous Assurance offers new capabilities that further solidify HITRUST’s role as a leader in information security risk management.Learn more about and stay up to date by visiting hitrustalliance.net/news.Note: This story contains promotional content. Learn more.ResourcesRead the Press Release: https://hitrustalliance.net/press-releases/hitrust-announces-continuous-assurance-through-the-proven-hitrust-ecosystemLearn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustLearn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Sagar Bhure, Senior Security Researcher, F5 [@F5]On LinkedIn | https://www.linkedin.com/in/sagarbhure/At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#sagar-bhure-45119____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe authenticity of audio and visual media has become an increasingly significant concern. This episode explores this critical issue, featuring insights from Sean Martin, Marco Ciappelli, and guest Sagar Bhure, a security researcher from F5 Networks.Sean Martin and Marco Ciappelli engage with Bhure to discuss the challenges and potential solutions related to deepfake technology. Bhure reveals intricate details about the creation and detection of deepfake images and videos. He emphasizes the constant battle between creators of deepfakes and those developing detection tools.The conversation highlights several alarming instances where deepfakes have been used maliciously. Bhure recounts the case in 2020 where a 17-year-old student successfully fooled Twitter’s verification system with an AI-generated image of a non-existent political candidate. Another incident involved a Hong Kong firm losing $20 million due to a deepfake video impersonating the CFO during a Zoom call. These examples underline the serious implications of deepfake technology for misinformation and financial fraud.One core discussion point centers on the challenge of distinguishing between real and artificial content. Bhure explains that the advancement in AI and hardware capabilities makes it increasingly difficult for the naked eye to differentiate between genuine and fake images. Despite this, he mentions that algorithms focusing on minute details such as skin textures, mouth movements, and audio sync can still identify deepfakes with varying degrees of success.Marco Ciappelli raises the pertinent issue of how effective detection mechanisms can be integrated into social media platforms like Twitter, Facebook, and Instagram. Bhure suggests a 'secure by design' approach, advocating for pre-upload verification of media content. He suggests that generative AI should be regulated to prevent misuse while recognizing that artificially generated content also has beneficial applications.The discussion shifts towards audio deepfakes, highlighting the complexity of their detection. According to Bhure, combining visual and audio detection can improve accuracy. He describes a potential method for audio verification, which involves profiling an individual’s voice over an extended period to identify any anomalies in future interactions.Businesses are not immune to the threat of deepfakes. Bhure notes that corporate sectors, especially media outlets, financial institutions, and any industry relying on digital communication, must stay vigilant. He warns that deepfake technology can be weaponized to bypass security measures, perpetuate misinformation, and carry out sophisticated phishing attacks.As technology forges ahead, Bhure calls for continuous improvement in detection techniques and the development of robust systems to mitigate risks associated with deepfakes. He points to his upcoming session at Sector in Toronto, where he will delve deeper into 'Hacking Deepfake Image Detection Systems with White and Black Box Attacks,' offering more comprehensive insights into combating this pressing issue.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190SBe sure to share and subscribe!____________________________ResourcesHacking Deepfake Image Detection System with White and Black Box Attacks: https://www.blackhat.com/sector/2024/briefings/schedule/#hacking-deepfake-image-detection-system-with-white-and-black-box-attacks-40909Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrfTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jeremy Huval, a key player at HITRUST, discusses the upcoming launch of an AI Security Certification slated for December 2024. This certification aims to tackle the unique security challenges posed by AI systems, marking a first in cybersecurity. Huval highlights how existing controls fall short and emphasizes the new, prescriptive measures designed specifically for AI and machine learning. This initiative enhances third-party risk management, fostering greater trust and security in AI deployments while simplifying workflows and reducing costs.