2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your Organization
Previously presented on June 11, 2024
The Verizon 2024 Data Breach Investigations Report (DBIR) is widely recognized across the cybersecurity industry for its comprehensive analysis of the global threat landscape, based on real-world data from actual security incidents and breaches. It serves as an authoritative source of information for organizations seeking to enhance their cybersecurity defenses and make better informed-informed risk management decisions.
This year’s report takes a deeper look at the pathways from breaches and maps those patterns to the CIS Critical Security Controls (CIS Controls) at a Safeguard level that would help mitigate the threats. This showcases the effectiveness of the CIS Controls in protecting against global threats for all industries. The report also includes a look at how to use the VERIS Community Database (VCDB) coupled with the CIS Risk Assessment Method (CIS RAM) to estimate risk. Join us to discuss the way Controls impact threats seen through incidents in breaches with the Verizon team and the longstanding partnership with the CIS Controls team.
Moderator and Speaker
Charity Otwell
Director of Critical Security Controls, CIS
Charity has nearly 20 years of experience in the financial services industry and has built and led various programs such as Business Continuity, Disaster Recovery, Technology Governance, and Enterprise Architecture in a highly Regulated environment. Before coming to CIS, Charity was a GRC champion and practitioner with a focus on risk assessment, process optimization, process engineering, and best practice adoption for a top 50 bank within the United States. She also helped manage the relationship with federal regulators and the management of federal regulatory exams. She completed undergraduate and graduate studies in Birmingham, AL and holds multiple industry certifications.
Speakers
Chris Cronin
Partner at HALOCK Security Labs
Chris Cronin is a partner at HALOCK Security Labs and Chair of the DoCRA Council. He is the principal author of the DoCRA Standard and CIS RAM, Center for Internet Security’s Risk Assessment Method. Chris’ clients include Fortune 100 companies, large and mid-sized organizations, start-ups, litigators, and regulators. Since 2010 Chris has helped his clients manage their information security risks to an evidence-based, reasonable level. Chris’ work as an expert witness has helped his clients, regulators, and litigators evaluate the reasonableness of security controls and programs during regulatory oversight or post-breach legal action. Chris is frequent speaker and cybersecurity writer. He collaborates with peers in industry collaboratives and think tanks, including Sedona Conference, to help bring equity and due care to cybersecurity and risk management.
Phillipe Langlois
Data Breach Investigations Report (DBIR) Author, Verizon
Philippe Langlois is currently working as the lead engineer and author of the Verizon Data Breach Investigations Report (DBIR). Prior to joining Verizon, he worked at CIS leading various data driven projects, such as the CIS Controls and the MS-ISAC Nationwide Cybersecurity Review.