ISACA Online Events

The explosion of social media in recent years means that there are millions of users or ‘fans’ to reach and add to your customer base. While there are clear benefits to end-users and the organizations that accept their social identities for account creation and authentication, there are important risk factors that have to be considered as well.

Please join CA and ISACA for this webinar, where we will review the pros and cons of social media login and Bring Your Own Identity (BYOI), and provide guidance and best practices based on real use cases to help guide organizations to a model that meets their risk profile.

Advanced malware is quickly taking the center stage as many of the most damaging attacks are attributed to it. These threats are even more dangerous as they are designed to evade most of the established network security methods, acting quickly after infiltration to do their damage in environments thought to be well protected and safe. Although methods such as 'sandboxing' get much of the spotlight in the advanced malware discussion, there are several alternative methods of defense that also have unique benefits. This session will focus on a discussion around processes and methods to best architect and defend against advanced malware.

Simplify your IT infrastructure as you create a more dynamic and flexible datacenter with proven server and datacenter virtualization solutions built on VMware vSphere, the industry’s leading virtualization platform. Ensure continued IT innovation while meeting enterprise application SLAs, and increase time-to-market for application provisioning and upgrades.

VMware virtualization helps you reduce capital expenses through server consolidation and improve operating expenses through automation, while minimizing lost revenue by reducing both planned and unplanned downtime.

Make your datacenter secure and compliant at every level: host, virtual server, network, applications and data. Integrated security and compliance solutions from VMware and our partners unlock the benefits of cloud computing, lower costs, and accelerate IT agility.
• Deploy cost-effective and adaptive security services to build a trusted cloud infrastructure.
• Eliminate patchwork of security solutions and use a single policy framework
• Easily integrate third party solutions such as anti-virus IPS
• Ensure compliance by isolating critical workloads and implementing compliance controls on virtual infrastructure

An Industry First Case Study!

Today, QSA’s and security compliance professionals have had to choose from heavy weight encryption, outsourced tokenization, or disconnected on-prem network security solutions to achieve PCI-DSS compliance and/or broader ranging PII data protection for the Enterprise. Choosing between loss of data control via outsourcing or extensive app modifications has slowed deployment coverage across all apps that must be in compliance. Intel and RSA have partnered to bring to market a new no app impact, drop in proxy solution that addresses both core data protection (tokenization & encryption) + required network security controls (integrated key & credential lifecycle management). We will use real world case studies to show how this new design pattern can be used as a dramatic accelerator towards achieving PCI compliance across all apps in a single implementation. Learn how to move to the state of the art in PCI & PII compliance.

All participants will receive a PCI for PII White Paper and a Customer Case Study

Join us to learn more about a broad-spectrum approach to advanced threat defense to attain visibility over the entire threat life cycle. We’ll talk about malware, C2 and exfil detection, and the challenge we all face to spot and stop the bad stuff before it causes irreversible damage.

Digital Forensics & E-Discovery: A Primer for Information Security and Audit Professionals

A malware infection exposes regulated information held by your organization. A competitor initiates legal action related to your company’s latest product release. An employee with access to trade secrets leaves your company under suspicious circumstances. Each of these scenarios involves electronically stored information. And to respond effectively, your organization will rely on the tools and techniques of digital forensics and e-discovery. In this timely webinar, you’ll find out what kinds of incidents require digital forensics and e-discovery, explore specific digital forensics methods, and learn strategies for cost containment, risk mitigation and organizational preparedness.

Recent successful cyber attacks against some of the most security savvy organizations have put into question IT Security strategies across all industries. The reliance on network security and user credentials have left many institutions vulnerable to attacks by insiders, outsiders exploiting stolen credentials, and SQL injection attacks. Additionally, the pervasive use of production data in non-production environments means that attackers can focus their efforts on a development or test server. Analysts estimate that less than 20% of IT Security plans address database security. Join ISACA and Oracle as we focus on the unique threats facing all organizations and their most critical assets—their databases—and learn how to formulate a defense-in-depth database security strategy that covers preventive, detective, and administrative controls.

Social Graces: How to Use Social Media without Compromising Your Reputation, Identity, and Employer

Social media has revolutionized the way we interact with each other, and has made sharing information about ourselves easier than ever before. However, the ability to share personal information so easily has implications for our personal privacy and security, as well as our professional reputations and careers. Some of the dangers and risky behaviors associated with social media may be obvious, but many are not.
For example:
• Ideally only our friends would look at what we post online, but our personal information is just as valuable to a criminal as it is to our friends. What information should you avoid posting on social media?
• Most social media platforms have default privacy settings that are pretty lax, do you know who can see what you’ve posted?
• Shortened URLs are all over social media, making it a source of phishing attacks and the malware that comes with them. How can you recognize and avoid malicious links?
• What information are we really publishing when we post pictures from a mobile device?
• You probably know that posting drunken pictures is bad for your career, but how else can your activity on social media affect your professional life and reputation?

The various ways criminals use our information can be frightening and overwhelming, and the prevalence of social media today makes totally avoiding it impossible. As you begin your career, it will be important to keep in mind the impact that your social media activity can have on your privacy and reputation, and to use social media in a responsible way. By understanding all of the risks, you can protect yourself without limiting your social interactions online.

IDC indicates that open source now comprises greater than 30% of many organizations’ code bases, and many organizations use much more, up to 80% in some cases. Open source software has innumerable benefits; however it can also introduce operational, security and technical risks. Many organizations fail to align their use of open source with their prevailing risk and compliance policy. Risk IT Key Management Practices covered by COBIT 5 can be extended to help organizations govern and manage the use of open source components to ensure compliance.

This webinar will:
• Prescribe a step-by-step approach to marrying the governance and management of open source use with COBIT 5 Risk IT Key Management practices.
• Elaborate on why OSS governance is key to ensuring the optimal risk-adjusted return that enterprises seek when implementing IT risk management practices
• Cover how your organization can accelerate development schedules and achieve cost savings while addressing operational, security and IP risk factors associated with the use of open source components.

All within your existing COBIT 5 framework!

This webinar will present an overview of “COBIT 5,” “COBIT 5: Enabling Processes,” and “COBIT 5 Implementation.” The Academic Advocate will learn the structure of the framework, the components of the COBIT 5 product family, and how they interrelate. They will also receive an introduction to the 7-phase COBIT implementation process. Specific points will be brought out that should be emphasized in the classroom.