GRC in a Virtualized Environment

Advanced malware is quickly taking the center stage as many of the most damaging attacks are attributed to it. These threats are even more dangerous as they are designed to evade most of the established network security methods, acting quickly after infiltration to do their damage in environments thought to be well protected and safe. Although methods such as 'sandboxing' get much of the spotlight in the advanced malware discussion, there are several alternative methods of defense that also have unique benefits. This session will focus on a discussion around processes and methods to best architect and defend against advanced malware.

Simplify your IT infrastructure as you create a more dynamic and flexible datacenter with proven server and datacenter virtualization solutions built on VMware vSphere, the industry’s leading virtualization platform. Ensure continued IT innovation while meeting enterprise application SLAs, and increase time-to-market for application provisioning and upgrades.

VMware virtualization helps you reduce capital expenses through server consolidation and improve operating expenses through automation, while minimizing lost revenue by reducing both planned and unplanned downtime.

Make your datacenter secure and compliant at every level: host, virtual server, network, applications and data. Integrated security and compliance solutions from VMware and our partners unlock the benefits of cloud computing, lower costs, and accelerate IT agility.
• Deploy cost-effective and adaptive security services to build a trusted cloud infrastructure.
• Eliminate patchwork of security solutions and use a single policy framework
• Easily integrate third party solutions such as anti-virus IPS
• Ensure compliance by isolating critical workloads and implementing compliance controls on virtual infrastructure

An Industry First Case Study!

Today, QSA’s and security compliance professionals have had to choose from heavy weight encryption, outsourced tokenization, or disconnected on-prem network security solutions to achieve PCI-DSS compliance and/or broader ranging PII data protection for the Enterprise. Choosing between loss of data control via outsourcing or extensive app modifications has slowed deployment coverage across all apps that must be in compliance. Intel and RSA have partnered to bring to market a new no app impact, drop in proxy solution that addresses both core data protection (tokenization & encryption) + required network security controls (integrated key & credential lifecycle management). We will use real world case studies to show how this new design pattern can be used as a dramatic accelerator towards achieving PCI compliance across all apps in a single implementation. Learn how to move to the state of the art in PCI & PII compliance.

All participants will receive a PCI for PII White Paper and a Customer Case Study

Join us to learn more about a broad-spectrum approach to advanced threat defense to attain visibility over the entire threat life cycle. We’ll talk about malware, C2 and exfil detection, and the challenge we all face to spot and stop the bad stuff before it causes irreversible damage.

Digital Forensics & E-Discovery: A Primer for Information Security and Audit Professionals

A malware infection exposes regulated information held by your organization. A competitor initiates legal action related to your company’s latest product release. An employee with access to trade secrets leaves your company under suspicious circumstances. Each of these scenarios involves electronically stored information. And to respond effectively, your organization will rely on the tools and techniques of digital forensics and e-discovery. In this timely webinar, you’ll find out what kinds of incidents require digital forensics and e-discovery, explore specific digital forensics methods, and learn strategies for cost containment, risk mitigation and organizational preparedness.

Recent successful cyber attacks against some of the most security savvy organizations have put into question IT Security strategies across all industries. The reliance on network security and user credentials have left many institutions vulnerable to attacks by insiders, outsiders exploiting stolen credentials, and SQL injection attacks. Additionally, the pervasive use of production data in non-production environments means that attackers can focus their efforts on a development or test server. Analysts estimate that less than 20% of IT Security plans address database security. Join ISACA and Oracle as we focus on the unique threats facing all organizations and their most critical assets—their databases—and learn how to formulate a defense-in-depth database security strategy that covers preventive, detective, and administrative controls.

Social Graces: How to Use Social Media without Compromising Your Reputation, Identity, and Employer

Social media has revolutionized the way we interact with each other, and has made sharing information about ourselves easier than ever before. However, the ability to share personal information so easily has implications for our personal privacy and security, as well as our professional reputations and careers. Some of the dangers and risky behaviors associated with social media may be obvious, but many are not.
For example:
• Ideally only our friends would look at what we post online, but our personal information is just as valuable to a criminal as it is to our friends. What information should you avoid posting on social media?
• Most social media platforms have default privacy settings that are pretty lax, do you know who can see what you’ve posted?
• Shortened URLs are all over social media, making it a source of phishing attacks and the malware that comes with them. How can you recognize and avoid malicious links?
• What information are we really publishing when we post pictures from a mobile device?
• You probably know that posting drunken pictures is bad for your career, but how else can your activity on social media affect your professional life and reputation?

The various ways criminals use our information can be frightening and overwhelming, and the prevalence of social media today makes totally avoiding it impossible. As you begin your career, it will be important to keep in mind the impact that your social media activity can have on your privacy and reputation, and to use social media in a responsible way. By understanding all of the risks, you can protect yourself without limiting your social interactions online.

IDC indicates that open source now comprises greater than 30% of many organizations’ code bases, and many organizations use much more, up to 80% in some cases. Open source software has innumerable benefits; however it can also introduce operational, security and technical risks. Many organizations fail to align their use of open source with their prevailing risk and compliance policy. Risk IT Key Management Practices covered by COBIT 5 can be extended to help organizations govern and manage the use of open source components to ensure compliance.

This webinar will:
• Prescribe a step-by-step approach to marrying the governance and management of open source use with COBIT 5 Risk IT Key Management practices.
• Elaborate on why OSS governance is key to ensuring the optimal risk-adjusted return that enterprises seek when implementing IT risk management practices
• Cover how your organization can accelerate development schedules and achieve cost savings while addressing operational, security and IP risk factors associated with the use of open source components.

All within your existing COBIT 5 framework!

This webinar will present an overview of “COBIT 5,” “COBIT 5: Enabling Processes,” and “COBIT 5 Implementation.” The Academic Advocate will learn the structure of the framework, the components of the COBIT 5 product family, and how they interrelate. They will also receive an introduction to the 7-phase COBIT implementation process. Specific points will be brought out that should be emphasized in the classroom.

This webinar will present an overview of “COBIT 5,” “COBIT 5: Enabling Processes,” and “COBIT 5 Implementation.” The Academic Advocate will learn the structure of the framework, the components of the COBIT 5 product family, and how they interrelate. They will also receive an introduction to the 7-phase COBIT implementation process. Specific points will be brought out that should be emphasized in the classroom.

In the previous SafeNet webinar on 6 December 2012, attendees understood the criticality of encryption for enterprise data protection.

Encryption is the most important way to protect data against internal and unknown threats; also, encryption in the enterprise is the ideal foundation for strong edge and perimetric security. If not implemented correctly, encryption can be hard for companies to implement, as is the associated centralized key management.

In this webinar, Manav Khanna, Enterprise Data Protection Consultant at SafeNet will share with you best practices for the implementation of encryption and centralized key management for data protection, governance and compliance. These best practices will help your enterprise to protect its sensitive data as well as comply with regulatory mandates – and do so in an agile and simple manner.

More business activity is happening online as corporate applications move into the cloud. Users want to access data from any device, at any time.

Join us for an informative session where we’ll explore the growing challenges around access and security in the cloud, as well as some interesting ideas on how to solve them.

• How do you allow access and still make sure that your enterprise security policies apply?

• How do you manage reputation and context based decisions when users access data?

Industry data indicates only 25% of organizations are monitoring for unauthorized database change on most of their databases, much less able to prevent such security breaches. Similarly 70% of organizations have database auditing turned on, but the majority conduct a database audit less than once a year.

In this webinar, Oracle Database Security Director of Product Management, Roxana Bradescu, will discuss the importance of monitoring database activity for security and compliance. We will focus on the different facets of monitoring: detection, prevention, and audit, and the importance of each. We will also discuss a new unified platform to help organizations audit enterprise-wide and protect their databases. Please feel free to come prepared with questions for what will be a highly interactive session.

With all its inherent value, the cloud introduces new security challenges for both consumers and providers of cloud services in all types of IT environments. A challenge for enterprises is how to leverage existing investments in identity and access management (IAM) solutions and extend their reach to the cloud in a hybrid on-premise/off-premise world to reduce operational costs and enable enterprise agility. Challenges for cloud service providers include how to secure an evolving virtualized environment and how to maintain the integrity of tenant information.

Learn how Identity and Access management services, whether on-premise or in the cloud, can help you more securely access your applications and enterprise resources – wherever they may reside.

As a young professional in the audit or security field, you will be expected to conduct formal presentations to various audiences, including senior leaders. The manner in which you communicate is often as important as the message itself. Therefore, it is vital to layout a game plan to present for success, because it is you that is on display. In this session, speaker Christopher Buse will discuss presentation techniques that he has learned from years of public speaking as both an IT audit and information security leader. Christopher also will provide attendees with a forum to pose questions and discuss communication scenarios. Join your peers for this fun and thought provoking session about ways to put your best face forward.

Over the past decade, a broad set of information security controls and processes have been adopted by businesses in response to compliance, complexity, cost, and growth pressures. IBM has been at the forefront of acquiring and developing innovative solutions to address these controls, with billions of dollars invested across organic development and more than a dozen related acquisitions. This session will provide a business-focused perspective on what these controls are and why they have become crucial for the public sector.

In the last webinar sponsored by SafeNet, "Is your Data Protection Strategy good enough?" on 20 September 2012, the speaker introduced significant strategic factors affecting enterprise data security and control were identified. In this webinar, you will build upon this knowledge in order to construct a simple-to-execute, yet solid, implementation strategy for data protection in your enterprise.

At the conclusion of this webinar, attendees will be able to:
• Build solution requirements and implementation elements for effective data protection in the enterprise
• Identify a simple execution strategy using these elements for enterprise data protection

Today's Database Administrators have to deal with complex DBMS platforms and maintaining stringent uptime and performance levels in mixed data center environments, so naturally, many security programs and infrastructure are seen as a major obstruction to delivering on their SLAs. However, perimeter defenses and native DBMS security features fall short of adequately protecting the sensitive information stored in databases, so a dedicated solution is a must.

In this webinar, you'll learn how McAfee Database Security can help:
• DBAs and security admins to easily identify and remediate exploitable security weaknesses
• establish complete visibility into the database landscape
• protect databases in real-time from threats across all vectors without architecture changes or noticeable performance impact
• patch current and even legacy databases with updated protection without downtime