Hi [[ session.user.profile.firstName ]]

ISACA Online Events

  • Date
  • Rating
  • Views
  • Defending Against the Data Breach: Implementing a Defense-in-Depth Security Stra Defending Against the Data Breach: Implementing a Defense-in-Depth Security Stra Saikat Saha, Sr. Principal Product Manager, Oracle Database Security Recorded: Oct 25 2016 61 mins
    Organizations have been under increasing pressure to address the growing risks around the mega-breach and to meet ever-expanding compliance regulations. Motivated hackers will find multiple attack vectors in order to access sensitive data—the crown jewels. A comprehensive preventive strategy is key to slowing down and mitigating damage that might be done by the intruder. While most of these impacted companies were utilizing the latest network firewalls and endpoint security, they have discovered that network security and endpoint security are not adequate to address today's threat vectors. We need to have a security strategy that focuses on the data.

    In this webcast, we will cover how to build multi-layered security controls that include data-at-rest encryption, data-in-motion encryption, key management and principles of least privileges. We will spell out technologies best adapted for mitigating this growing threat and how to build a complete defense-in-depth strategy. Join us for this webcast on October 25th.
  • Making Risk Assessments Meaningful:  Data Breach Intelligence That Matters Making Risk Assessments Meaningful: Data Breach Intelligence That Matters Billy Austin, Vice President of Security, SolarWinds Recorded: Oct 6 2016 59 mins
    How can organizations quantify the impact of a breach before it happens? Are there more productive ways to engage stakeholders and manage resources than the classic vulnerability report? This session details an approach to capturing the potential financial impact of a breach and demonstrates methods for producing reports encompassing sensitive data and detected threats in straightforward terms for your entire business. By changing the conversation from “threats and vulnerabilities” to “dollars at risk,” security professionals can more easily justify remediation and demonstrate the value of risk management.
  • Why Cyber Risk IS Business Risk: Assessing Cyber Risk Appetite for the C-Suite Why Cyber Risk IS Business Risk: Assessing Cyber Risk Appetite for the C-Suite Mason Karrer, Principal GRC Strategist, RSA Recorded: Oct 4 2016 62 mins
    In the constantly changing landscape and myriad of sources behind cyber risk, executives and board members are increasingly forced to take command and accountability. Yet many lack the critical knowledge to make effective risk management decisions and incorporate them into their overall business strategy. This inevitably leads to security strategies that are ineffective and reactionary.

    Per International president of ISACA, Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, “In 2016, organizations must be sure that they have the cybersecurity framework, knowledge, skills and resources to manage these new threats.” The success and failure of modern enterprises is dependent on the ability to quantify cyber risk and make informed decisions within an organizations cyber risk appetite. Those who do so effectively will be better positioned to enable continued growth and those who do not, will expose their organization to risks with potential calamitous implications. Without having a foundational, solid understanding, determining how and where to allocate human, financial, and technology resources is a complicated calculus.

    Join RSA for this informative session as we discuss practical steps for identifying and categorizing cyber risk with your key stakeholders. Cyber risk IS business risk. Attend this session to enlighten your executives, enable your auditors, and take command!
  • How Secure is Your Private Cloud? How Secure is Your Private Cloud? Peter Bury, Cloud Security Specialist, Enterprise Technology Specialists Team at Intel Security Recorded: Sep 27 2016 62 mins
    As datacenters evolve from physical places to private clouds to fully software-defined datacenters (SDDC), concerns about security tools and methods ensuring a secure computing environment also change.

    Understanding changing operational models and technologies is a key component to skillfully addressing risks when architecting a cloud environment. Software-defined security solutions make it possible to take advantage of the agility and speed of a private cloud while maintaining compliance.

    You’ll learn:
    · Why organizations choose SDDC over public cloud, the benefits and pitfalls
    · How SDDC challenges traditional approaches to security and visibility
    · How software defined infrastructure can be used to enhance and deliver security
  • Securing “Shadow IT” and Sensitive Company Data in the Cloud Securing “Shadow IT” and Sensitive Company Data in the Cloud Ed Moyle (ISACA), Raef Meeuwisse (Cyber Simplicity), Martin Johnson (Blue Coat), Mari Heiser (IBM) Recorded: Sep 15 2016 62 mins
    Rapid employee adoption of cloud apps without IT sanction or oversight, known as Shadow IT, poses substantial problem for IT as CIOs and CISOs work to ensure the security of the cloud services their organizations adopt, control costs and complexity, and effectively manage their overall cloud strategy. Gaining visibility and control over Shadow IT is the first step in ensuring organizations are secure. In addition, uncovering and controlling access to the sensitive corporate data stored and shared in both IT sanctioned and unsanctioned apps, known as shadow data, is often overlooked but arguably even more critical. The costs associated with compliance violations, mitigation costs, and lost reputation that typically follows a cloud account breach can be devastating. This roundtable session will explore the growing risk posed by Shadow IT and Shadow Data and the security obstacles that must be overcome to safely adopt the cloud.
  • SSH Keys: Access Out of Control SSH Keys: Access Out of Control Matthew McKenna, Chief Strategy Officer, and Fouad Khalil, Director of Compliance, SSH Communications Security Recorded: Sep 13 2016 62 mins
    The SSH protocol is one of the security industry's greatest tools, but it’s not completely understood. Used by administrators around the world for remote access to servers, network devices, and secure data transfer between applications, SSH has been providing encrypted trusted access for the last two decades. Nonetheless, the power it actually wields is widely unknown, exposing a major gap in our identity access postures and creating risk for the resilience of our enterprises.

    We will explore SSH user keys – the only form of access credentials that can be provisioned without oversight or expiration dates. Therefore, they continue to provide access until they are eliminated from the systems on which they reside. Enterprises are finding millions of SSH user keys without knowing who they belong to or whether they are still in use. SSH user keys are access credentials to our most critical infrastructure – yet are undiscovered, unmonitored, and unmanaged.

    During this webinar you will learn how SSH user keys function in relation to the access they provide, why they pose such a significant risk, and why many auditors have been in the dark on this topic until now.
  • Compliance = Security: Why the Math Doesn’t Add Up Compliance = Security: Why the Math Doesn’t Add Up Gedeon Hombrebueno, Director of Security Solutions (CA Technologies) and Piyush Pandey, Senior Manager Cyber Risk (Deloitte) Recorded: Sep 8 2016 54 mins
    Business leaders believe compliance can keep them out of harm’s way. Yet the majority of organizations are not anywhere close to being safe from attacks. Why the disconnect?

    Join Gedeon Hombrebueno (CA Technologies) and Piyush Pandey (Deloitte) as they discuss the importance of taking IT security measures beyond standards or regulations, and how to establish the necessary privileged access management controls to not only prevent data breaches, but also to satisfy audit and compliance demands.

    You will learn:
    • Why a “compliance based approach” to security is inadequate and flawed
    • How to move from a compliance-based approach to risk-based approach
    • How Privileged Access Management can help address compliance requirements, using PCI DSS compliance as an example
  • Pragmatic Networking: One of Your Most Effective Career Tools Pragmatic Networking: One of Your Most Effective Career Tools Caitlin McGaw, President of Candor McGaw Inc. Recorded: Aug 25 2016 61 mins
    Business today still runs on the “it’s not what you know, but who you know” philosophy. Nevertheless, most professionals dislike the prospect of networking. It’s kind of like knowing you should be eating green stuff, like kale or spinach, but not having any salad with dinner. Numerous articles identify networking as a critical skill tied to leadership competency; it also increases your visibility for new opportunities and allows you to meaningfully giving back to your profession. You’ve heard it will make you stronger, smarter, and cooler…but you avoid it.

    Women in technology are still in the minority in IT audit, information security, IT GRC, and other related fields. It’s not surprising that many female IT professionals find it daunting to dive into networking opportunities, even when we know it could open doors and build our careers! Networking feels awkward, salesy, and self-serving. How do you even start?

    In this webinar, Caitlin McGaw will discuss the benefits of networking and then jump into practical methods for becoming an adept networker at work, conferences, or any professional event. She’ll also discuss how to leverage the unique advantages that women bring to the networking dynamic.

    You will learn:
    • How to overcome feeling nervous or awkward about networking
    • Women and networking – what we’ve got in our favor
    • Goal-setting for networking
    • The dynamics of networking – the give and take that makes it effective
    • What to listen for in networking conversations
    • Body language that will facilitate positive networking
    • How to close the loop and follow up after meeting a new contact
    • Caring for and feeding your network
  • Demystifying End Point Security and Global Threat Intelligence Demystifying End Point Security and Global Threat Intelligence Craig Jett, Security Product Portfolio Director, Dimension Data and David O'Berry, Worldwide Technical Strategist, Intel Recorded: Aug 23 2016 62 mins
    Over the last several years, there has been significant security industry focus on Advanced Persistent Threats and intelligence-driven security approaches to combat these threats. The challenge of most organizations is turning threat intelligence data from multiple sources into actionable, contextual information that can be utilized quickly and efficiently.

    This ISACA educational, cybersecurity webinar will focus on this integration of threat intelligence data within Security Operation Centers to improve threat detection, response and even predict future threats. The thought-leadership will also include key insights on end point security.
  • ISACA Presents: Building Capability with CMMI ISACA Presents: Building Capability with CMMI Alexander Stall, CMMI Practice Leader, CMMI Institute and Peter Tessin, CISA, CRISC, CGEIT, Technical Research Manager, ISACA Recorded: Aug 17 2016 62 mins
    Join Alex Stall, distinguished CMMI Practice Leader, as he provides an introduction to the Capability Maturity Model Integration (CMMI) and brief information on the synergy between CMMI Institute and ISACA. Peter Tessin, Technical Research Manager (COBIT) at ISACA will be on hand, in addition to Alex, at the end of the webinar to address questions about the relationship between ISACA and CMMI.

    CMMI Background: The Capability Maturity Model Integration (CMMI) maturity model is a framework of best practices initially developed 25 years ago for the United States Department of Defense (DoD) to identify suppliers that could provide consistent, high-quality software on-time. The associated appraisal method proved to be highly effective in identifying and maturing highly capable suppliers; this led to the framework’s use around the world and across almost every industry. Today the CMMI maturity model is used in over 100 countries and by some of the largest and most respected multinational companies in the world: Honeywell, HCL, Siemens, NASA, and more. The CMMI institute continues to evolve the framework and is currently working on the next generation of the model.

Embed in website or blog