ISACA Online Events

Channel profile:

Monthly webcasts on governance, risk, security and compliance

Member only webcasts

Subscribers (67,348)
An Effective Framework for Third-Party Information Security and Privacy Oversigh Rebecca Herold, CIPM, CISA, CIPM, CIPT, CIPP/US, CISSP, FLMI Founder and CEO, The Privacy Professor® A significant portion of privacy breaches originate within the organizations contracted to perform services for them. The organizations that entrusted access to those vendors will share responsibility for the breaches; generally the less due diligence they've performed to ensure the third party had appropriate security and privacy controls, the more responsibility they will have for the damages done. Any organization can be victimized by a breach, even when the breach occurs outside its control within a contracted third. Organizations that outsource data services of any kind to a third party needs to establish need to address this risk by establishing an effective framework for management third party information security and privacy oversight and risk mitigation. Rebecca has led and performed over 200 third party information security and privacy program reviews/audits. During this webinar Rebecca will described from her experience and supporting research the most common risks that third parties present to those contracting them. These include not only long-standing problems, but also emerging problems from the use of big data analytics, cloud computing, mobile computing, and the increasing use smart “things.” She will also describe what she has identified to be the most efficient framework to use to manage those risks. Read more >
May 28 2015
60 mins
Play
  • Live and recorded (119)
  • Upcoming (3)
  • Date
  • Rating
  • Views
  • A significant portion of privacy breaches originate within the organizations contracted to perform services for them. The organizations that entrusted access to those vendors will share responsibility for the breaches; generally the less due diligence they've performed to ensure the third party had appropriate security and privacy controls, the more responsibility they will have for the damages done. Any organization can be victimized by a breach, even when the breach occurs outside its control within a contracted third. Organizations that outsource data services of any kind to a third party needs to establish need to address this risk by establishing an effective framework for management third party information security and privacy oversight and risk mitigation. Rebecca has led and performed over 200 third party information security and privacy program reviews/audits. During this webinar Rebecca will described from her experience and supporting research the most common risks that third parties present to those contracting them. These include not only long-standing problems, but also emerging problems from the use of big data analytics, cloud computing, mobile computing, and the increasing use smart “things.” She will also describe what she has identified to be the most efficient framework to use to manage those risks.
  • This webinar is a preview of a forthcoming ISACA publication, and serves the following learning points in a brief manner given the time allotted:
    •Understand the significance of Business Benefits Realization in today’s organizational context
    •Learn how the COBIT 5 framework principles and enablers facilitate the management of Business Benefits Realization
    •Become aware of some current approaches to assess Business Benefits – a key challenge faced by business and IT teams
    •Gain practical guidance and advice on approaches towards effective and efficient implementation of Business Benefits Realization
  • Strong authentication and Single Sign-On can be a powerful combination to mitigate the threat of data breaches while providing a convenient user experience, but is that enough? What happens if credentials are stolen? What can be accessed during the session?

    Please join Carol Alexander, Director, Authentication Solutions and Russ Miller, Director, Security Solutions to learn how Intelligent Authentication and Single Sign-On including Risk-Aware Session Management can help improve session security.
  • Technology, Creativity, Risk Management. What do these three have in common? Risk management is not ordinarily seen as a creative discipline. In fact, in many organizations, creativity can be actively discouraged when it comes to the risk management function. But looking ahead, as new technologies develop and transform how we do business, an innovative risk management culture can not only increase efficiency and throughout, but can also increase quality and accuracy as well. The key is in adopting the right changes and in fostering an open culture of innovation to not miss opportunities that arise. This talk will discuss practical aspects of applying new creative and agile techniques and discuss real life examples where they've added tremendous value to organizations. Learn how you might adapt your Risk Management culture to make it a Culture driven by Creative Growth rather than Negative Compliance.
  • Information security is simply not detecting the bad guys, according to the Verizon Data Breach Investigations Report. Antivirus, intrusion detection systems, and log review all pick up less than 1% of data breach incidents. In fact, very few companies do proactive monitoring and those that do are simply troubleshooting problems they already know about. The result is that 86% of data breach incidents were ultimately detected by someone other than the victimized organization; an embarrassing statistic. Only 35% of organizations audit to determine whether privileged users are tampering with systems. As well, for nearly 70% of organizations, it would take greater than one day to detect and correct unauthorized database access or change. With average data breach compromises taking less than a day, the majority of organizations could lose millions of dollars before even noticing.
    Join Oracle and learn how to put in place effective activity monitoring including:
    •Privileged user auditing for misuse and error
    •Suspicious activity alerting
    •Security and compliance reporting
  • La privacidad es una realidad que las compañías tienen que asumir para prevenir daño a su imagen, sanciones económicas y asegurar la información de sus interesados, por otro lado, los avances tecnológicos (BYOD, Cloud, redes sociales, Big data y otros) incorporan vulnerabilidades a nuestras organizaciones con alto impacto en la privacidad.
    Debemos comprender el estado de la privacidad en las compañías, considerando ejemplos históricos y recientes, para analizar los riesgos de las compañías, hablaremos sobre que se debería esperar tras la publicación del reglamento Europeo y la legislación en Latino América y algunos caminos para resolver el gap entre necesidades de privacidad y la realidad.
  • Standalone network security products don’t share threat data, preventing you from seeing the complete threat landscape. As part of the US Government’s Cyber Intelligence Sharing and Protection Bill, they are clearing a path for the means of sharing critical threat information between the intelligence community and cybersecurity entities. But it shouldn’t stop there; your network security infrastructure should be doing the same. Learn how sharing threat intelligence between security devices assembles the big picture needed to block threats across your entire network, including branch offices and remote locations.
  • Our target audience: Young Professionals who have worked for a few of years and have acquired a first level of technical expertise but are aspiring for management opportunities that have taken them outside their traditional comfort zone.

    What’s it about: So you love the idea of transferring to another country or seeking a role outside your traditional comfort zone and potentially stepping outside your own culture. How could your work life change? What would your social life be like? Join two workplace adventurers who have experienced work and life outside their traditional cultural comfort zones and have a wealth of experience to share with you.

    Matthias Kraft, until 2014 had, in fact never worked in his native Germany and has two foreign born children who are now experiencing life in their dad’s country of origin and Jo Stewart-Rattray who spent years working in Germany, the UK, Canada and Singapore.

    Matthias and Jo will provide attendees with practical advice on working abroad and how to not only be effective but how to succeed in a different cultural environment. They will share personal stories and examples as well as cluing you into some of the potential pitfalls for the newly arrived including cultural awareness; differing customs; communication styles; appearance and gender differences.

    At the end of what will surely be a spirited discussion, attendees will have a chance to pose questions to these two workplace adventurers!
  • A lot has changed in the banking industry since introduction of technology helped create the 1st ATM machines in 1960's. However, one largely unchanged aspect of all tech powered payments platforms is authentication. Uid/PW, have served the industry for a long time and the attractiveness of this mechanism's intrinsic property - "something you know', has enjoyed people's unwavering support for a long time. However, the time has come for this technology to rest in peace. The technology, the attacks, and the processes using challenge-response gate have all evolved to a point where there can be a much stronger and secure solution without compromising on the user experience or cost.

    In this seminar we will introduce you to the FIDO Alliance and the frameworks created by this industry consortium to help bring online authentication, especially in payments into the current century and beyond.
  • The concept of the Internet Of Things is nothing new, with the term first being introduced over 15 years ago. Since then, the supporting technology has advanced at lightning speed; whereas the understanding of the challenges faced with this concept has developed at a snail's pace.

    This presentation will hope to provide an insight into the background & evolution of the IOT concept and the future challenges & responsibilities faced to ensure that the opportunities outweigh the potential threats.

Embed in website or blog