Enterprise Risk Management: a Holistic Approach

ON THIS SESSION WE'RE HOLDING A PRIZE DRAW AND TWO LUCKY ATTENDEES WILL WIN A GUEST PASS TO THE BOSTON GRC SUMMIT IN APRIL.

Organizations are suffering from volatility across all risk types, and need to re-think their enterprise risk strategy. In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders in all sectors, and gaining a complete view of an organization's risk exposure is increasing in complexity.

A well defined risk management program cannot achieve high maturity scores without integrating risk management systems across divided organisational units. Organizations must thoroughly understand the true value at risk and ensure their compliance mandates are not geographically siloed. At the heart of this strategy is the need for a single consistent view of the data. It is a necessity for organizations to build a new generation of integrated risk solutions and applications that exploit this single view of the truth discretely and holistically, driving towards maximum synergy within the enterprise.

Join our panel as they discuss a new generation of risk technologies which use a holistic approach to data management and achieve functional competence. We will explain the most effective way to manage risk across the enterprise, how to get the attention of executives to make sure that enough attention is being paid to the risk, and how to achieve enormous economies of scale while simultaneously meeting the demanding landscape of regulatory change.

ON THIS SESSION WE'RE HOLDING A PRIZE DRAW AND TWO LUCKY ATTENDEES WILL WIN A GUEST PASS TO THE BOSTON GRC SUMMIT IN APRIL.

Information Governance is an essential element to your compliance planning and execution. With evolving regulatory demands and increased litigation, the imperative to gain control over business content has never been more critical. Experts know that managing the retention and disposition of business information reduces litigation risk and legal discovery costs. But with the best of plans, there are challenges to face and decisions to make. Add in the maturation of technology and security issues, and the challenges seem to grow exponentially.

Governance is still lacking in many organizations as around 85% of users still manually identify records, but are not clear which content is valuable and not valuable, and as a result, there is considerable fear towards the regulatory impact of deleting information. New auto-classification technologies can take the burden off the end user by eliminating the need for them to manually identify records, by providing automatic identification, classification, retrieval, archival, and disposal capabilities for electronic business records according to governance policies. During this webinar we will discuss how to improve your governance practices with auto-classification technologies. Join us for tips and insights on:

- Understanding and Identifying the risks and costs of discoverable information
- Quantifying the business benefits of Information Governance practices and Auto-Classification
- How Auto-Classification works and can seamlessly fit into your organization

Big Data is a trend that has engulfed today's IT industry and one that organizations are struggling to manage. According to IDC, the amount of information created, captured or replicated has exceeded available storage for the first time since 2007, and many organization's are spending far more time looking for information than actually using it. The size of the digital universe this year will be tenfold what it was just five years earlier. Therefore, organizations must find smarter data management approaches that enable them to effectively corral and optimize their data.

A business classification and information governance process can help guide and tame Big Data, preventing it from costing more than necessary, yet ensuring it is at hand when and where it's needed, while freeing IT staff to drive more strategic technology initiatives. Enterprises willing to create automated processes to identify and value business data can take control of information governance before the big-data onslaught swamps them. As a result, they can meet key corporate objectives, such as lowering costs, lowering risk and making better business decisions.

Attend this webinar for insights on:

- The practical benefits of information governance
- Developing a business classification initiative
- Big Data analytics tools
- Managing the Big Data lifecycle

WE'RE HOLDING A PRIZE DRAW AT THE END OF THIS PRESENTATION AND THE WINNER WILL RECEIVE A $400 APPLE GIFT CARD.

69 percent of organizations have employees using mobile devices to connect to their corporate network. This brings not only security concerns, but practical problems with managing a variety of devices that can contain both personal and corporate data. As a result, mobile device management (MDM) and bring your own device (BYOD) solutions for the enterprise are exploding into the market. Choosing the right solution will increase enterprise efficiency, while maintaining security security and regulatory compliance, without a massive burden on IT.

However, selecting a solution has never been more difficult. The explosive growth of the market has created a glut of new and relatively unknown vendors, the industry is far from mature with costs are all over the board. According to Forrester Research, there are over 40 vendors in the market, offering software with core features such as configuration management, troubleshooting and support, inventory, remote control and reporting capabilities. There are many methods of delivery, such as premise-based, hosted, SaaS, managed services, on demand, cloud computing and outsourced. With each term used in different ways, it can often be confusing and hard to compare, and every organization will have different reasons for selecting a particular method of delivery.

It is important to choose a vendor that will continue to innovate as the marketplace evolves and conscientious businesses take a proactive approach and seek to mitigate the emergent tactical needs with solutions that will serve in the longer term. Join our panel as they discuss ways to select the right MDM and BYOD solutions for your organization.

For many years complying with government standards and industry regulations has been seen as a check box in the lengthy list of IT security tasks. However, most recent changes in the environment and increased cyber security threats have led to a rethinking of this approach. With more than 365 security incidents reported in 2011 affecting over 126 million records, many organizations are rethinking the way they approach security, risk management, and compliance.

Technologies like virtualization, cloud computing, and social networking present companies with major opportunities to develop their businesses. However, it is important to keep one eye firmly fixed on the associated risks and businesses should be prepared for these incidents before they occur. More and more organizations realize that instead of looking at Governance, Risk, and Compliance from a centralized perspective, it is more efficient to let business operations drive these efforts as that 's where the organization's risk knowledge resides. Join this session for insights on:

* The challenges faced by senior executives in managing risk in the changing landscape.
* Successful approaches to tackle risk and its associated controls by business unit.
* Key steps to identify and address emerging risk.
* How to classify and manage unknown risk.
* Pitfalls to avoid when trying to automate risk management efforts.
* Getting the attention of executives to make sure that enough attention is being paid to the risk.
* How Compliance is tied to Risk Management in the context of business.

The rapid evolution of consumer devices and a growing demand from employees are changing the ways in which organizations deliver mobility solutions to the workforce. There are any number of new mobile devices and emerging technologies to help today's professionals do their jobs in any location, and these technologies bring a range of new challenges, from security, compliance and risk management, to cost and human capital management.

Organizations need to address these challenges by defining policies that regulate the usage of consumer and personal mobility for employees, and they need the appropriate tools to enforce policies, regulate behaviors and manage risks, across multiple device platforms. In addition, they need to choose the appropriate management approach and the products and services that can help to enforce those policies in a cost-effective way.
Join this expert panel for insights on:

* Understanding your mobile device management requirements;
* Identifying the risks and benefits of introducing support for corporate applications on personal devices;
* Defining policies that regulate the usage of mobile devices for employees and address BYOD;
* Tools to effectuate policies, regulate behaviors and manage risks across multiple device platforms;
* Strategies for containerization and layered security to protect devices, data and networks;
* Selecting the right options that can help to enforce and monitor policies in a cost-effective way.

Governance, risk management and compliance (GRC) processes are extensive; they are how an organization is directed and managed to achieve goals, considering risks to achievement, and complying with applicable laws and regulations.

Issues around information have become central to organizational strategies and GRC software is needed in organizations, and investment in these areas has been increasing. The GRC software space is vast with over 400 GRC software providers that span multiple categories and sub-categories of GRC related software.

Implementing a solution can be a lengthy and costly exercise, so it is imperative to choose carefully from the large number of options in the market. The issue is sifting through all the vendors with their offerings to find the one that best fits your organization. Buyers should have a clear understanding of their organizations functionality requirements, and a strategy in place for selecting the right partner. Join this webcast, and learn how to choose the right GRC solution for your organization as our experts discuss:

- How to understand your organizations functionality needs.
- Guidance for selecting the right partner including examples of good RFP questions.
- How to sift through the different solutions and make weighted assessments against solution criteria.
- Core maintenance and ongoing feeding requirements.

Senior management at all levels are pressured to improve their organizations risk management capabilities. In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders in all sectors. Whether you are maintaining an online banking system, sharing healthcare data with a business associate or rolling out a new mobile device policy to agency staff, you are tasked with understanding the information security risks and the management of controls.

This can be a daunting process, if risk management techniques are too complicated, they may discourage crucial input from colleagues and subject matter experts. If they are too simple, they won't yield enough relevant information to guide important business decisions. Join this roundtable discussion and learn how to:

- Develop a multi-tiered risk management approach built upon governance, processes and IT.
- Articulate the extent or size of a risk, and learn how to measure and communicate risks.
- Implement a risk management framework and link goverance and risk to establish continuous compliance.

* Attendees of this webcast will receive CPE credit.

Cloud Computing has been hailed as the long sought after answer of low cost computing , where users can remotely store their data into the cloud and enjoy the on-demand high quality applications and services from a shared platform of resources. By outsourcing their data storage, users can be relieved from the burden of local data storage and maintenance, in some cases eliminating IT departments all together. However, no longer having physical possession of their data makes the data integrity protection in the Cloud environment sets the stage for a potentially lethal environment, especially for users with constrained computing resources and capabilities. Thus, allowing or even mandating 3rd party security and compliance audits for Cloud Service Providers (CSP) is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed.

The number one concern for many organizations is how to ensure adequate information security i.e. confidentiality, integrity and availability of critical data stored by the cloud service provider whilst also balancing the need for confidentiality versus integrity versus availability. This serious concern has created the need for standardization and consistency in audit and assurance practices in the cloud computing space, particularly third party audit and assurance. Over burdening the Cloud Service Providers with a multitude of continuous audits will increase the cost of the service and the internal costs associated with monitoring and managing the audit processes and reports.

Join our panel of experts as they discuss the issues surrounding the main concerns of Cloud Computing, the different audit approaches and tools that are being offered, the evaluation of those tools and what is a common sense, efficient and cost effective process to follow when evaluating a Cloud Service Provider.

The Payment Card Industry Data Security Standard (PCI DSS) provides data protection requirements for organizations that process card payments. These requirements have even been adopted as law by some US states (e.g., Minnesota, Nevada, Washington). While organizations that fully comply with PCI DSS are considered compliant credit-card processors, compliance and security are not one in the same. An organization can be breached without cardholder data being compromised, but there are other valuable items in the companies possession – customer PII, strategic information, patents and innovations, as well as reputation and trust – that can be equally or more costly to lose.

What is the difference between compliance and security? And how can organizations effectively think more broadly about risk and security that drives an approach PCI DSS compliance and beyond to ensure the security and control of all their critical information? In this IT GRC Forum webinar, Michael Rasmussen of Corporate Integrity and Dave Wallace from Chase Paymentech will examine:

1. How the threat landscape is indeed dynamic, but the effective system exploits remain the same as in the late 90s.
2. Why the COMPLIANCE environment hasn't changed much – the same threats are still valid, and the same vulnerabilities are still being exploited.
3. How developing and implementing an effective risk and security program can serve as a catalyst for achieving multiple forms of compliance - including PCI DSS
4. Critical elements to achieving effective and efficient security that addresses PCI DSS compliance

Today, enterprises around the globe operate IT processes covering areas such as security, availability, infrastructure and IT project management. These processes support the core business processes that organizations use to operate successfully.

However, the management of risk and compliance around IT processes, or IT GRC, remains quite distinct and separate from the risk and compliance issues related to business processes. Most organizations manage their IT GRC separately from their enterprise GRC efforts. As a result, they face increased costs and labor efforts from having uncoordinated GRC initiatives. More importantly, they may not be appropriately managing the key IT risks and controls that could cause significant business impact. Critical business decisions cannot be made effectively when IT GRC efforts are not integrated with business GRC initiatives as CIOs must be able to explain IT risks in terms of business performance.

Join us for this webcast where you will learn how to:

- Remove the silos of GRC Management and define your Risk Measurement Process.
- Automate and standardize GRC activities with pre-defined workflow and reporting.
- Protect business value through continuous monitoring of both IT and business controls.
- Gain competitive advantage by managing risk across their IT and business processes.
- Integrate your business and IT GRC aligning GRC Technology with your GRC Program.

*Rescheduled event*
This event will discuss an overall payment security landscape, the costs associated with managing payment data, and the benefits of Tokenization. Attendees will learn how payment security solutions, such as encryption and tokenization can go beyond complying with PCI–DSS requirements and reduce the scope of PCI, while keeping data safe and alleviating the overall impact on your business.

- Opportunities & Challenges of Tokenization
- Differences in types of payment security and tokenization
- How you can reduce the scope of PCI within your organization
- Available payment security solutions and approaches
- How investing in a payment security solution can produce an ROI

Who Should Attend:

Designed for both technical and non-technical audiences concerned with their eCommerce Security and PCI compliance

As the number of regulations that affect Global 2000 organizations can easily exceed a dozen, many companies struggle to map multiple frameworks and specifications across configurations settings. This leads to cost-inefficiency, inaccuracies, and often audit fatigue. How do you address these challenges? Join us for this webcast where we reveal best practices of managing compliance in today's multi-regulatory world.

This is a follow up to our panel discussion webinar: PCI DSS 2.0 & Virtualization - Are You Compliant?

In this session we will provide a detailed analysis on how PCI DSS 2.0 impacts your IT operations (e.g., network engineering, server management, and applications development); intended for technical audience.

We will also address the feedback and questions we did not cover in "PCI DSS 2.0 & Virtualization - Are You Compliant?" , and provide some real-world examples and actionable information on how people are managing virtualization and PCI 2.0.

We will provide you with additional content through PowerPoint presentation, and answer all additional questions. You can earn 1 CPE credit by attending this webcast.

This session will focus on the value of internal tokenization in reducing scope and potential audit costs at the datacenter, with a specific focus on post-payment applications, databases, loyalty tracking systems, data warehousing, and business applications. Internal tokenization contrasts with external tokenization, which involves third-parties, brands and additional vendors. Instead, internal tokenization allows enterprises to own and control their own tokens, avoiding migration issues and increasing choice. The presentation will focus on general concepts around internal tokenization, including specific examples of internal tokenization seen in different datacenter applications.

· Learn the difference between external and internal tokenization.
· Learn how to address more than 200 PCI DSS compliance requirements with a single solution.
· Maintain control over your own tokens and avoid payment processor lock-in.
· Tokenize customers’ credit card data to reduce PCI scope and risk
· Understand the controls and protection around the secure vault
· Maintain auditable security policies in a single, hardened form-factor, allowing for future review and change control.

For many organizations, Sarbanes-Oxley compliance is mandatory; both on the financial side and on the IT side managing the process can be an arduous an unwitting waste of time. Walkthroughs that need to be reviewed by numerous individuals, tens of controls that need to be sampled and tested in detail can come with time lags that makes an already detailed task more cumbersome.

Automating the self-assessment process can make it less painful if performed under proper supervision. There are many advantages to using a GRC tool to automate assessments such as speed, efficiency, data integrity, and improved analysis.

Join Salman Aziz, ANX's President Risk and Compliance Services domain expert, in this 1-hour live webcast, where he will uncover the top automation requirements organizations should consider to successfully automating SOX quarterly self-assessments.

Agenda.

1. THE NEED FOR STRATEGIES AND POLICIES
The widespread private use by employees is embraced by many businesses in their communications.

2. SOCIAL MEDIA COMPLIANCE POLICIES - some case studies

3. PROTECTION OF (FAIR USE OF) INTELLECTUAL PROPERTY:
The policies and procedures on the proper business use of social media should address the protection of intellectual property, but also consider and respect the interest of preserving the public domain and fair use/dealing, of stimulating fair competition and innovation.

4. REGULATORY REQUIREMENTS ON THE USE OF SOCIAL MEDIA
Following the distinction in legal cultures, every regulator of financial markets and services providers has its own, separate compliance framework. Nevertheless, many regulators expect or even require that parties under regulation have supervisory policies, procedures, systems and internal controls to monitor all electronic communications technology used by the party and its associated persons to conduct the business of the party.