Hi [[ session.user.profile.firstName ]]

ISACA Online Events

  • Date
  • Rating
  • Views
  • How Secure is Your Private Cloud? How Secure is Your Private Cloud? Peter Bury, Cloud Security Specialist, Enterprise Technology Specialists Team at Intel Security Recorded: Sep 27 2016 62 mins
    As datacenters evolve from physical places to private clouds to fully software-defined datacenters (SDDC), concerns about security tools and methods ensuring a secure computing environment also change.

    Understanding changing operational models and technologies is a key component to skillfully addressing risks when architecting a cloud environment. Software-defined security solutions make it possible to take advantage of the agility and speed of a private cloud while maintaining compliance.

    You’ll learn:
    · Why organizations choose SDDC over public cloud, the benefits and pitfalls
    · How SDDC challenges traditional approaches to security and visibility
    · How software defined infrastructure can be used to enhance and deliver security
  • Securing “Shadow IT” and Sensitive Company Data in the Cloud Securing “Shadow IT” and Sensitive Company Data in the Cloud Ed Moyle (ISACA), Raef Meeuwisse (Cyber Simplicity), Martin Johnson (Blue Coat), Mari Heiser (IBM) Recorded: Sep 15 2016 62 mins
    Rapid employee adoption of cloud apps without IT sanction or oversight, known as Shadow IT, poses substantial problem for IT as CIOs and CISOs work to ensure the security of the cloud services their organizations adopt, control costs and complexity, and effectively manage their overall cloud strategy. Gaining visibility and control over Shadow IT is the first step in ensuring organizations are secure. In addition, uncovering and controlling access to the sensitive corporate data stored and shared in both IT sanctioned and unsanctioned apps, known as shadow data, is often overlooked but arguably even more critical. The costs associated with compliance violations, mitigation costs, and lost reputation that typically follows a cloud account breach can be devastating. This roundtable session will explore the growing risk posed by Shadow IT and Shadow Data and the security obstacles that must be overcome to safely adopt the cloud.
  • SSH Keys: Access Out of Control SSH Keys: Access Out of Control Matthew McKenna, Chief Strategy Officer, and Fouad Khalil, Director of Compliance, SSH Communications Security Recorded: Sep 13 2016 62 mins
    The SSH protocol is one of the security industry's greatest tools, but it’s not completely understood. Used by administrators around the world for remote access to servers, network devices, and secure data transfer between applications, SSH has been providing encrypted trusted access for the last two decades. Nonetheless, the power it actually wields is widely unknown, exposing a major gap in our identity access postures and creating risk for the resilience of our enterprises.

    We will explore SSH user keys – the only form of access credentials that can be provisioned without oversight or expiration dates. Therefore, they continue to provide access until they are eliminated from the systems on which they reside. Enterprises are finding millions of SSH user keys without knowing who they belong to or whether they are still in use. SSH user keys are access credentials to our most critical infrastructure – yet are undiscovered, unmonitored, and unmanaged.

    During this webinar you will learn how SSH user keys function in relation to the access they provide, why they pose such a significant risk, and why many auditors have been in the dark on this topic until now.
  • Compliance = Security: Why the Math Doesn’t Add Up Compliance = Security: Why the Math Doesn’t Add Up Gedeon Hombrebueno, Director of Security Solutions (CA Technologies) and Piyush Pandey, Senior Manager Cyber Risk (Deloitte) Recorded: Sep 8 2016 54 mins
    Business leaders believe compliance can keep them out of harm’s way. Yet the majority of organizations are not anywhere close to being safe from attacks. Why the disconnect?

    Join Gedeon Hombrebueno (CA Technologies) and Piyush Pandey (Deloitte) as they discuss the importance of taking IT security measures beyond standards or regulations, and how to establish the necessary privileged access management controls to not only prevent data breaches, but also to satisfy audit and compliance demands.

    You will learn:
    • Why a “compliance based approach” to security is inadequate and flawed
    • How to move from a compliance-based approach to risk-based approach
    • How Privileged Access Management can help address compliance requirements, using PCI DSS compliance as an example
  • Pragmatic Networking: One of Your Most Effective Career Tools Pragmatic Networking: One of Your Most Effective Career Tools Caitlin McGaw, President of Candor McGaw Inc. Recorded: Aug 25 2016 61 mins
    Business today still runs on the “it’s not what you know, but who you know” philosophy. Nevertheless, most professionals dislike the prospect of networking. It’s kind of like knowing you should be eating green stuff, like kale or spinach, but not having any salad with dinner. Numerous articles identify networking as a critical skill tied to leadership competency; it also increases your visibility for new opportunities and allows you to meaningfully giving back to your profession. You’ve heard it will make you stronger, smarter, and cooler…but you avoid it.

    Women in technology are still in the minority in IT audit, information security, IT GRC, and other related fields. It’s not surprising that many female IT professionals find it daunting to dive into networking opportunities, even when we know it could open doors and build our careers! Networking feels awkward, salesy, and self-serving. How do you even start?

    In this webinar, Caitlin McGaw will discuss the benefits of networking and then jump into practical methods for becoming an adept networker at work, conferences, or any professional event. She’ll also discuss how to leverage the unique advantages that women bring to the networking dynamic.

    You will learn:
    • How to overcome feeling nervous or awkward about networking
    • Women and networking – what we’ve got in our favor
    • Goal-setting for networking
    • The dynamics of networking – the give and take that makes it effective
    • What to listen for in networking conversations
    • Body language that will facilitate positive networking
    • How to close the loop and follow up after meeting a new contact
    • Caring for and feeding your network
  • Demystifying End Point Security and Global Threat Intelligence Demystifying End Point Security and Global Threat Intelligence Craig Jett, Security Product Portfolio Director, Dimension Data and David O'Berry, Worldwide Technical Strategist, Intel Recorded: Aug 23 2016 62 mins
    Over the last several years, there has been significant security industry focus on Advanced Persistent Threats and intelligence-driven security approaches to combat these threats. The challenge of most organizations is turning threat intelligence data from multiple sources into actionable, contextual information that can be utilized quickly and efficiently.

    This ISACA educational, cybersecurity webinar will focus on this integration of threat intelligence data within Security Operation Centers to improve threat detection, response and even predict future threats. The thought-leadership will also include key insights on end point security.
  • ISACA Presents: Building Capability with CMMI ISACA Presents: Building Capability with CMMI Alexander Stall, CMMI Practice Leader, CMMI Institute and Peter Tessin, CISA, CRISC, CGEIT, Technical Research Manager, ISACA Recorded: Aug 17 2016 62 mins
    Join Alex Stall, distinguished CMMI Practice Leader, as he provides an introduction to the Capability Maturity Model Integration (CMMI) and brief information on the synergy between CMMI Institute and ISACA. Peter Tessin, Technical Research Manager (COBIT) at ISACA will be on hand, in addition to Alex, at the end of the webinar to address questions about the relationship between ISACA and CMMI.

    CMMI Background: The Capability Maturity Model Integration (CMMI) maturity model is a framework of best practices initially developed 25 years ago for the United States Department of Defense (DoD) to identify suppliers that could provide consistent, high-quality software on-time. The associated appraisal method proved to be highly effective in identifying and maturing highly capable suppliers; this led to the framework’s use around the world and across almost every industry. Today the CMMI maturity model is used in over 100 countries and by some of the largest and most respected multinational companies in the world: Honeywell, HCL, Siemens, NASA, and more. The CMMI institute continues to evolve the framework and is currently working on the next generation of the model.
  • Top 5 Tips to Overcome Executive Challenges to Implement Data Classification Top 5 Tips to Overcome Executive Challenges to Implement Data Classification Bill Belcher, Vice-President of Sales & Business Development, Boldon James, Ltd. Recorded: Aug 11 2016 57 mins
    Employing data classification is now the best practice standard in the first step to achieving a holistic data-centric security strategy, but where do you start? And how do you overcome challenges to implement classification successfully in your organization?

    Join Bill Belcher, Vice-President – Sales & Business Development of Boldon James on this webinar where he will discuss 5 key approaches to overcome the challenges faced by today’s CISO and senior security professionals in implementing data classification.

    Bill will explore how using Data Classification can protect your most sensitive data, ensure compliance and help identify risky user behavior before it impacts your business. He will also discuss how data classification can be used successfully to protect data, transform security culture, and enhance existing security technologies such as DLP.

    Key takeaways will include:
    • How to approach defining and getting consensus on a data classification policy
    • Determining the right classification approach for your organization (automation vs. user driven)
    • Building the business case for data classification
    • How to communicate the value of data classification to stakeholders
    • Who is employing data classification successfully for competitive advantage
  • Effective Third-Party Risk Assessment – A Balancing Process Effective Third-Party Risk Assessment – A Balancing Process Brad Keller, Senior Director of Third-Party Risk & Compliance, Prevalent Recorded: Jul 26 2016 60 mins
    The key component of every third-party risk management program is the third-party assessment process. However, correctly balancing the growing need for broader and more in-depth assessment due diligence with the need to conduct assessments in a timely and cost-effective manner presents a difficult challenge. Third-parties continue to be the primary source of breach incidents, while regulatory and industry requirements for third-party due diligence continue to expand along with the need for more effective executive and board reporting.

    How do you satisfy the growing demand for more comprehensive assessment of third-party risk controls, without substantially increasing the cost and time for conducting assessments?

    Join us as we discuss how to analyze your third-party assessment process to find the best methods to balance these competing demands, and key ways to enhance your assessment process to be able to do more without increasing the time and cost of assessment due diligence.
  • IT/OT Convergence and Industrial Cybersecurity IT/OT Convergence and Industrial Cybersecurity Frank Schettini, CIO at ISACA, Marcus Sachs, Sr. VP and CSO at NERC, and Eric Cosman, ISA Executive Board Member Recorded: Jul 20 2016 62 mins
    Much has been written and presented on the topic of “IT/OT convergence”; a phrase used to describe the trend that is blurring the line between what have traditionally been well-differentiated classes of information technology based systems. The IT term has been retained as shorthand for the tradition business-oriented solutions, while the OT term has gained acceptance as a means of referring to the application of information technology in an Operations context (including automation).

    While this trend is well established, the full implications are still developing in areas such as the management and protection of systems against cybersecurity threats. The diversity of technologies involved ensures that there is effective collaboration across multiple disciplines. This webinar examines various aspects of this phenomenon and identifies specific implications for industrial control systems cybersecurity.

    You will learn about…
    • How this convergence has been developing over the years, and how it has shaped responses in many areas.
    • How the convergence is reflected in international standards for cybersecurity, such as ISA/IEC 62443.
    • The typical and needed responses from the various stakeholders.
    • The importance of consequence estimation for the asset owner.
    • The fundamental concepts that form the basis of the ISA/IEC 62443 standards and practices.
    • The resources available for those creating their cybersecurity management system.

Embed in website or blog