Tools for Simplifying Regulatory Requirements for Risk Assessment | James Tarala

SANS Institute · Beginner ·🛡️ AI Safety & Ethics ·1y ago

Skills: AI Security80%Security Basics60%

Is your organization struggling to streamline the risk assessment process and keep up with evolving regulatory requirements? In today’s complex cybersecurity landscape, the challenge of managing risks while adhering to numerous standards can be overwhelming. In this insightful presentation, James Tarala, a 20-year faculty member at SANS Institute and cybersecurity expert, dives into practical tools and approaches for simplifying risk assessment. He shares invaluable research and hands-on strategies that organizations can use to identify, validate, and track their cybersecurity safeguards with ease. James also introduces different tools—from Excel-based models to more advanced GRC (Governance, Risk, Compliance) and CASM (Cyber Asset Attack Surface Management) tools—that help make compliance and risk management less daunting. What You'll Learn: - How to use Excel and GRC tools for easy safeguard tracking and compliance. - The difference between safeguard selection and safeguard validation. - Why easy safeguard tracking and compliance are critical to modern risk management. Whether you're new to risk assessment or looking to upgrade your processes, this session offers actionable insights and resources to enhance your organization's security posture. Ready to simplify your risk management process? Watch now and start leveraging the right tools for your organization! James is the author of LDR419: Performing a Cybersecurity Risk Assessment, and the brand new LDR519: Cybersecurity Risk Management and Compliance course. Connect with James on LinkedIn at https://www.linkedin.com/in/jamestarala and X at https://x.com/isaudit Join SANS Senior Instructor James Tarala for LDR419: Performing A Cybersecurity Risk Assessment: https://www.sans.org/LDR419 See where James is teaching next: https://www.sans.org/profiles/james-tarala/ -- This session was a part of the SANS 3rd Annual Healthcare Forum 2024: Tackling Challenges, Building Cyber Resilience Healthcare and

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from SANS Institute · SANS Institute · 0 of 60

← Previous Next →

SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques

SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques

SANS Institute Cybersecurity Training Customer Stories

SANS Institute Cybersecurity Training Customer Stories

SANS Institute UK Cyber Academy

SANS Institute UK Cyber Academy

SANS Institute UK Cyber Academy

SANS Institute UK Cyber Academy

CISSP® Prep Exam, MGT414, by SANS Institute

CISSP® Prep Exam, MGT414, by SANS Institute

SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN

SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN

Information Security Training from SANS Institute - Student Testimonials

Information Security Training from SANS Institute - Student Testimonials

SANS DFIR NetWars

SANS DFIR NetWars

Hack The Drone - SANS Cyber Academy UK

Hack The Drone - SANS Cyber Academy UK

SANS VetSuccess Immersion Academy

SANS VetSuccess Immersion Academy

SANS Cybersecurity Training, Certifications & Placement for Veterans

SANS Cybersecurity Training, Certifications & Placement for Veterans

The 2015 SANS Holiday Hack Challenge

The 2015 SANS Holiday Hack Challenge

SANS VetSuccess Academy: Hands-on Skills

SANS VetSuccess Academy: Hands-on Skills

SANS VetSuccess Academy Overview

SANS VetSuccess Academy Overview

SANS ICS Security Summit & Training 2017

SANS ICS Security Summit & Training 2017

Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017

Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017

WannaCry recap, patches, and analysis

WannaCry recap, patches, and analysis

If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?

If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?

Graduation Day - SANS HM Gov Cyber Retraining Academy

Graduation Day - SANS HM Gov Cyber Retraining Academy

Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017

Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017

SANS Data Breach Summit & Training 2017

SANS Data Breach Summit & Training 2017

SANS Secure DevOps Summit & Training 2017

SANS Secure DevOps Summit & Training 2017

How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017

How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017

SANS Webcast – Continuous Opportunity: DevOps & Security

SANS Webcast – Continuous Opportunity: DevOps & Security

SANS Cybersecurity Programs for the Department of Defense

SANS Cybersecurity Programs for the Department of Defense

SANS Pen Test HackFest Summit & Training 2017

SANS Pen Test HackFest Summit & Training 2017

SANS SIEM & Tactical Analytics Summit & Training

SANS SIEM & Tactical Analytics Summit & Training

If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017

If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017

ICS515: ICS Active Defense and Incident Response

ICS515: ICS Active Defense and Incident Response

Introducing the NEW SANS Pen Test Poster

Introducing the NEW SANS Pen Test Poster

SANS Institute - An Inside Look at the Newly Updated ICS515 Course

SANS Institute - An Inside Look at the Newly Updated ICS515 Course

SANS ICS Security Training, Munich, Germany

SANS ICS Security Training, Munich, Germany

SANS Automotive Summit Webcast

SANS Automotive Summit Webcast

Privesc Playground - SANS Pen Test HackFest Summit 2017

Privesc Playground - SANS Pen Test HackFest Summit 2017

Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017

Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017

Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation

Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation

SANS Security Operations Summit & Training 2018

SANS Security Operations Summit & Training 2018

Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018

Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018

ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018

ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018

You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018

You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018

A Sneak Peak at the New ICS410

A Sneak Peak at the New ICS410

Jumping Air Gaps – SANS ICS Summit 2018

Jumping Air Gaps – SANS ICS Summit 2018

Introduction to Linux

Introduction to Linux

Introduction to Malware Analysis

Introduction to Malware Analysis

You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam

You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam

Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018

Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018

Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework

Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework

Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018

Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018

SANS Webcast - Perimeter Security and Why it is Obsolete

SANS Webcast - Perimeter Security and Why it is Obsolete

SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture

SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture

The Science of Security: The Psychological Impacts of Security Awareness Programs

The Science of Security: The Psychological Impacts of Security Awareness Programs

How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018

How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018

Practical Advice for Submitting to Speak at a Cybersecurity Conference

Practical Advice for Submitting to Speak at a Cybersecurity Conference

SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep

SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep

SANS Webcast - Zero Trust Architecture

SANS Webcast - Zero Trust Architecture

SANS STX Cyber Range

SANS STX Cyber Range

Part 1 – SANS Institute and Tenable talk about cloud security

Part 1 – SANS Institute and Tenable talk about cloud security

More on: AI Security

View skill →

Managing Threat Intelligence with Cortex XSOAR

SECURE Your App with Roles and Permissions in Spring Security!

SECURE Your App with Roles and Permissions in Spring Security!

TheCodeAlchemist

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Warning! Python Remote Keylogger (this is really too easy!)

Warning! Python Remote Keylogger (this is really too easy!)

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Microsoft Developer

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Amazon Web Services

Related AI Lessons

When the System Makes the Call, Why Does the Human Take the Blame?

Learn why humans are often blamed when AI systems fail, and how to address this issue in AI development and deployment

Synapse Security

Learn to architect an AI-driven cyber defense ecosystem and incident response blueprint for enhanced security

Medium · Machine Learning

MCP Has a Security Problem. I Build on It Anyway.

Learn how a design-level vulnerability in Model Context Protocol affects 7,000 servers and 150 million downloads, and why it's crucial for developers to prioritize security

The $881M Mistake: Why AI Governance Isn’t Optional Anymore

Learn how poor AI governance led to an $881M loss for Zillow and why it's crucial for businesses to prioritize AI governance

Lead AI Governance, Policy, and Continuous Compliance