Hi [[ session.user.profile.firstName ]]

SureCloud

  • Date
  • Rating
  • Views
  • Policy-driven, Risk-based Security Policy-driven, Risk-based Security Audrey Gilchrist - GRC Team Leader at SureCloud and Amanda Ewing - Security Assurance Manager at Dentsu Aegis Network Recorded: May 11 2016 19 mins
    Policy is the corner stone of any risk-based security programme. Policies are put in place not only to govern the way organisations operate, but also to mitigate risks, and as such require board level backing and sign-off. Yet when it comes to security programmes information risk, both internally and externally, is often presented in terms un-meaningful to the board of directors. Using real world example, this session will present a model for effective risk-based security that engages senior executives.
  • The Evolution of the Penetration Test The Evolution of the Penetration Test Toby Scott-Jackson, Principle Security Consultant, SureCloud and Chris Cooper, Senior Security Consultant, SureCloud Recorded: Apr 12 2016 23 mins
    The confluence of sophisticated cyber criminals, white hats and technological change means organisations are increasingly exposed to weaknesses and vulnerabilities in their networks, devices and applications.

    With a combination of expert security commentary and vulnerability trends, SureCloud will reveal the sophisticated nature of the latest attacks and what the future may hold. We will focus on modern exploits that go beyond the typical network and web application attack vectors.

    SureCloud will describe how organisations need to change their attitudes to security testing, considering the frequency and scope of assessments, and act on results in a timelier manner.
  • Internal Audit at a Breaking Point: How to Manage the Growing Array of Audits Internal Audit at a Breaking Point: How to Manage the Growing Array of Audits GRC Analyst Michael Rasmussen, GRC 20/20 accompanied by Nick Rafferty, COO, SureCloud Recorded: Dec 15 2015 47 mins
    Internal audit is in a constant state of transformation. Audit departments are being asked to do more audits, provide assurance on business operations and risk management, evaluate compliance, and advise the organisation with limited audit resources.

    They are challenged with a growing array of audits that go beyond financial audits to provide assurance through IT audits, operational audits, quality assurance audits, third party audits, and more. This demands that Audit have processes supported by an information and technology architecture that drives efficiency, effectiveness, and agility in audit processes and tasks.


    This webinar details how organisations need to take an agile approach to internal audit management that allows for a growing array of audits on an agile information and technology architecture to support internal audit management activities and reporting.

    This ‘Expert’ presentation will address the following:

    • Where and how internal audit is strained
    • How to integrate a risk-based approach to audits as well as a cyclical audit plan
    • The value of an information and technology audit management architecture
    • Best practices in internal audit management
  • Managing Risk Across Different Departments with Different Needs Managing Risk Across Different Departments with Different Needs GRC Pundit Michael Rasmussen, GRC 20/20 accompanied by Richard Hibbert, CEO, SureCloud Recorded: Nov 3 2015 47 mins
    Risk and risk management is pervasive throughout organisations. There are many departments that manage risk and have their unique understanding, models, and views into risk. This makes enterprise and operational risk management a challenge. Organisations fail in enterprise risk management strategies when they force everyone into one flat view of risk, they also fail when they allow different views of risk but do not do risk normalisation and aggregation as they roll-up risk into enterprise reporting.

    This webinar details how organisations need to take a federated approach to risk management that allows different departments some level of autonomy and supports their department level risk management strategies but also enable a common information and technology architecture to support overall risk management activities and reporting.

    This ‘Expert’ presentation will address the following:
    Where and how enterprise risk management fails
    How to build an enterprise risk register and show interrelationships of risk
    The value of an information and technology risk management architecture
    Approaches to risk normalisation and aggregation for accurate enterprise risk reporting.
  • Third Party Risk Management: an effective, efficient, and agile approach Third Party Risk Management: an effective, efficient, and agile approach Michael Rasmussen, The GRC Pundit, GRC 20/20 and Nick Rafferty, Chief Operating Officer, SureCloud Recorded: Jul 21 2015 43 mins
    Organisations across all sectors are dealing with a growing array of third party/vendor relationships. Even obscure supplier relationships can have significant impact on security, risk and compliance. The Target credit card breach is one example in which a heating and air conditioning supplier was the doorway in to a significant breach of a point of sale system and theft of credit card data. Organisations have to manage risk across their third party supplier relationships but are limited in the resources they can devote to this.

    This 'Expert' webinar will address the following:-

    o Understand the growing array of third party relationships
    o The impact of third party relationships on security, risk and compliance
    o Elements of an effective, efficient, and agile vendor risk management process
    o How other areas of the organisation can leverage a common approach to third party risk management

    Attend this webinar if:-

    o You are concerned by the growing number of third party supplier relationships
    o You realise your risk and compliance exposure is growing because of these relationships
    o You need to be able to manage supplier risk but cannot recruit more staff to do so
    o You desire the need to know how to keep current in a dynamic environment of third party relationships

Embed in website or blog