Top 10 Emerging IT Audit Issues

The webinar will cover the life cycle of a security audit from start to finish. Several areas will be discussed to include auditing of software. There will be tips on how to reduce the number of audit findings from a security and privacy perspective from the start of the SDLC (Software development life cycle). This presentation will focus on FISMA audits, but the tips can be applied to all security and privacy audits.

Zac Streelman, Manager, Information Technology at Leupold and Stevens was looking for a disaster recovery (DR) solution that would extend the flexibility of virtualization to his DR environment. The solution had to deliver enterprise-class support for his mission critical applications: Oracle, Microsoft SQL Server and SharePoint and various CAD programs. The board of directors was specifically asking what the current solution was and what service levels could the infrastructure deliver.
Zerto Virtual Replication installed seamlessly into their existing infrastructure, did not require any data center updates and is fully integrated into VMware vCenter.

With Zerto Virtual Replication he was able to:
- Realize very aggressive service levels – recovery point objectives of seconds and recovery time objectives of minutes
- Deliver a better ROI with a DR solution that is hardware agnostic
- Increase team productivity with a very simple solution
- Quickly cross-train additional staff on DR processes and procedures
- Optimize flexibility as changes to the environment required changes to the DR strategy
- Test and validate the DR failover process without taking primary production systems offline

Join Zac Streelman, Manager, Information Technology at Leupold and Stevens and Jennifer Gill, Director of Product Marketing at Zerto, to hear from your peers and learn about Zerto Virtual Replication.

As more applications have moved to the cloud, the industry has seen a proliferation of application security issues. In 2012, several cloud service providers were breached as a direct result of application security vulnerabilities. Before you choose a cloud service provider, make sure that it answers the series of security questions created by the Cloud Security Alliance (CSA). CSA has created a checklist of industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings – creating more transparency for enterprises. The speakers will walk attendees through this blueprint, helping them to become more adept at identifying service provider security readiness. They'll also discuss some of the most common application vulnerabilities, including unencrypted passwords, SQL Injection, and those that impact poorly architected mobile apps.

New and disruptive technology is changing how we live and work. It is no longer just the infrastructure of our organization, providing tools and information with which to run our business, it has become integral to many of our products and services. The deployment of technology is the #1 way in which CEOs look to gain advantage and market share, and the CIO must be a visionary leader of the organization.

The panel will discuss how this affects IT Governance. Is it still appropriate to focus on the enterprise governance of IT as a separate but important issue? Or, should the focus shift to governance of the enterprise as a whole and whether it is taking sufficient advantage of technology? Panelists will address the issue from the perspective of an IT Governance Evangelist, an advisor to boards and CFOs, and a leading internal auditor.

As the cloud model continues to disrupt and enhance the modern enterprise IT teams are facing new challenges retaining security and control in these new environments. This panel will explore a multifaceted approach to the cloud that looks at the importance of integrating the right tech solutions and deployments while negotiating and understanding your relationship with cloud providers.

Panel:

Bill Brenner, Managing Editor, CSO Magazine (moderator)
Nataraj Nagaratnam, Ph.D., IBM Distinguished Engineer, IBM Master Inventor
Chris Farrow, Information Security Specialist, Compassion International
Jason Mendenhall, EVP Cloud, Switch

Join us as top security experts look at some of the latest security challenges and provide strategies for defense, including how to quickly implement a robust solution that provides the protection you need without impacting your network performance or reducing employee productivity. You will learn how to better protect your networks from the inside as well as the outside, with solutions that reduce work for IT and security teams.

You will learn about:
•The malware menace – latest stats and facts
•Third party industry firewall comparison results: which firewall is best for you?
•Best and easiest practices for securing end points
•How a customer implemented a solution—step-by-step
•And much more…

Synopsis:
This webinar will define the concept of active defense or "hack back”. During his talk, David will explore the legal issues, reveal how it can be accomplished without breaching any laws, and show you how active defense will actually improve your security posture.

About the speaker:
David is a leading authority in cyber security and the law. He is a licensed attorney in NY, CT, and CO, and owner of Titan Info Security Group, a Risk Management and Cyber Security law firm. David is a retired Army JAG officer. During his 20 years in the Army he provided legal advice in computer network operations, information security and international law to the DoD and NSA and was the legal advisor for what is now CYBERCOM. He holds the CISSP & Security + certifications and has two LLM’s in International Law and in Intellectual Property law. He is a VP of his local ISSA chapter and a member of InfraGard.

Are you still rolling with the changes? Virtualization has made a huge impact on the way we deploy our computer workloads, and with that it has also changed the ways in which we protect them. The business continuity plans in place for IT even just five years ago look very different than what many companies have in place today. Keeping on top of these changes will help you understand your recovery capabilities, and your limitations as well. Join this session to make sure you're keeping your IT business continuity plans spicy and fresh!

About the Presenter:
Josh Mazgelis has been working in the storage and disaster recovery industries for close to two decades and brings a wide array of knowledge and insight to any technology conversation. He is currently working as a senior product marketing manager for Neverfail Group. Prior to joining Neverfail, Josh worked as a product manager and senior support engineer at Computer Associates. Before working at CA, he was a senior systems engineer at technology companies such as XOsoft, Netflix, and Quantum Corporation. Josh graduated from Plymouth State University with a bachelor’s degree in applied computer science and enjoys working with virtualization and disaster recovery.

In today's open and interconnected enterprise, traditional perimeters are being extended to adopt mobile, cloud, social access and information interactions. To make matters worse, many organizations face the growing risk and burden of managing multiple identity and access controls without the required security intelligence to address those challenges. They need the ability to secure identity and access across the wide variety of enterprise and internet resources from any device, any service and any source. In this session, join IBM to review the emerging needs, the next generation access and identity management solutions available today to enable secure and rapid adoption of mobile, cloud, and social transformation.

As companies migrate to the virtual datacenter, executives must deal with security, audit, and visibility of their environment which has grown beyond their physical datacenter. Because of this, hesitancy remains and many questions are still being asked. What is a next-gen datacenter? What changes as businesses take steps toward a hybrid datacenter? When they move to a virtualized environment, how does their data remain secured and in their control? Will encrypting data in this environment achieve visibility and control of who is accessing it? Plus despite more knowledge on virtual risks, cloud services are still being purchased without authentication, adopting cloud first and then thinking about security second. So how can organisations win the struggle with authentication in the cloud?

Join your fellow professionals for this lively and insightful discussion providing a complete vision on virtual risks in a virtual world. Then understand a way to manage risk, maintain compliance, accelerate and protect business from evolving security threats.

Enterprise is adapting to embrace new technologies and capture new opportunities. Cloud capabilities are attractive, but concerns for information security remain. In this webinar, Dr. Jeremy Ward will discuss how you can adapt and embrace change, while maintaining the security of your infrastructure and information. The key points discussed will include choosing a security service that helps you form better cloud security strategies that manage data risk, reduce complexity, identify vulnerabilities, and ease user access; resulting in improved security governance, enhanced visibility, increased cost control, and reduced risk exposure.

Synopsis:
Cloud computing creates new opportunities for attackers who deploy social engineering as part of their strategy. End user organisations and cloud providers may be unprepared for these new attack vectors, which exploit some of the key elements of the cloud computing model. Pete will describe some real-world experiences with attacks that utilise multi-vector techniques and suggest how organisations can better defend against criminals and hackers alike.

About the Speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.

Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.

Synopsis: Organisations can’t avoid using the cloud. With surveys reporting that 90% of organisations achieve projected savings and 80% increase their competitive advantage, as one tech writer put it, “the cloud is coming to your business, like it or not”. But with cloud systems come inherent challenges. These are further complicated as data subject to privacy regulation inevitably moves into the cloud. This webinar explains why data privacy in the cloud is a business issue. It provides an overview of privacy as a concept, explains personally identifiable information (PII), along with the demands typically placed on organisations by privacy regulations and de-mystifies the complexity of cloud-based systems and their inherent risks. The webinar maps out how you can manage the risk of using cloud services for private data – whatever stage you are at – based on current efforts to formulate good practice at leading ISF Member organisations around the world. It offers independent guidance on simplifying the complexity of cloud-based systems and their inherent risks, providing insight into how organisations can develop the necessary privacy safeguards and good practice guidelines to achieve privacy compliance when using such systems.

About the speaker:
Steve Durbin is Global Vice President of the Information Security Forum (ISF). He is a regular speaker and chair at global events and is quoted in the Financial Times, Wall Street Journal, Forbes, Deutsche Presse, Süddeutsche Zeitlung, CIO Forum, ZD Net, and Information Week.
Steve has considerable experience working in the technology and telecoms markets and was previously senior vice president at Gartner. He is also currently chairman of the Digiworld Institute senior executive forum in the UK, a think tank comprised of Telecoms, Media and IT leaders and regulators.

"It's a great situation when you have a hobby which becomes a job. And for a lot of hackers, we're doing something for fun, and somebody's going to pay us to do it." Jack Daniel, Technical Product Manager at Tenable and a well-known industry figure, comments on the transformations that many hackers encounter as they enter the world of productivity and management.

Todays cyberthreats are becoming more targeted and sophisticated. Antivirus and other traditional security products are ineffective against stopping these attacks - like the ones that could be aimed at your organization.

Learn how the visibility, detection, protection and forensic capabilities of a next generation security platform can help you protect your organization against advanced threats and malware by using trust-based application control.

Attend this webinar to discover how you can:

· Know what’s running on every server and endpoint—right now.
· Deploy real-time detection of advanced threats and zero-day attacks.
· Stop all untrusted software from executing.
· Conduct a full audit trail that accelerates analysis and response.
· How you can Integrate Endpoint/Server and Network Security