Hi [[ session.user.profile.firstName ]]

ISACA Online Events

  • Date
  • Rating
  • Views
  • The Bleeding Edge of AppSec The Bleeding Edge of AppSec Dan Kuykendall, Sr. Director, Applications Security, Rapid7 Recorded: Dec 1 2016 60 mins
    APIs. SPAs. You know the acronyms. And you know that applications are evolving faster than we can secure them. While embedding app security earlier in the software development lifecycle is a start, there's more we can do. Join this discussion to learn best practices in app security and how applying them can solve some of its toughest challenges.
  • Rethink Security for SaaS with a Platform Approach Rethink Security for SaaS with a Platform Approach Anuj Sawani, Head of SaaS Security Strategy, Palo Alto Networks Recorded: Nov 29 2016 62 mins
    The challenges of SaaS applications such as Office 365, Box or Salesforce are already here whether they are enabled by IT or end users themselves. With the adoption of SaaS, your data is now outside your traditional network perimeter and any changes to how the data is shared, who it is shared with and if it is free of malware is no longer known by your organization. History has shown that organizations often deploy a point product to address these new risks. But, defenses made up of multiple point products that do not integrate leave gaps that may expose your organization to attack.
    Join us for this live webinar where we will examine the various stages of a real-world attack targeting your SaaS applications and best practices to build a strategy to secure your SaaS environment.

    What you’ll learn:
    •Real-world examples of risks seen in enterprise SaaS environments
    •Best practices to build a strategy for securing your SaaS environment
    •Steps to protect against the new threats and prevent data exposure

    Make sure your organization leverages the value of SaaS applications without exposing you to their risks.
  • 2016 Data Protection Benchmark Study: Are you at Risk? 2016 Data Protection Benchmark Study: Are you at Risk? Rob Gresham, Sr. Consultant, Intel Security Recorded: Nov 10 2016 63 mins
    Data loss is a huge problem for companies across the globe. But how big is big, who is most at risk, and what can your organization do about it?

    Join data protection expert Rob Gresham for a deep-dive analysis of the latest data breach incident benchmark research. The research summarizes top findings of the data breach incidents in the financial, government, retail, healthcare, and manufacturing verticals. Detail you’ll learn include:
    • The average risk levels—per industry—based on number of events and incidents from the primary research report.
    • A company's security posture around data protection and how risky their environment is.
    • Tips and best practices from industry experts on implementing a lowered risk data protection solution.
  • Defending Against the Data Breach: Implementing a Defense-in-Depth Security Stra Defending Against the Data Breach: Implementing a Defense-in-Depth Security Stra Saikat Saha, Sr. Principal Product Manager, Oracle Database Security Recorded: Oct 25 2016 61 mins
    Organizations have been under increasing pressure to address the growing risks around the mega-breach and to meet ever-expanding compliance regulations. Motivated hackers will find multiple attack vectors in order to access sensitive data—the crown jewels. A comprehensive preventive strategy is key to slowing down and mitigating damage that might be done by the intruder. While most of these impacted companies were utilizing the latest network firewalls and endpoint security, they have discovered that network security and endpoint security are not adequate to address today's threat vectors. We need to have a security strategy that focuses on the data.

    In this webcast, we will cover how to build multi-layered security controls that include data-at-rest encryption, data-in-motion encryption, key management and principles of least privileges. We will spell out technologies best adapted for mitigating this growing threat and how to build a complete defense-in-depth strategy. Join us for this webcast on October 25th.
  • Making Risk Assessments Meaningful:  Data Breach Intelligence That Matters Making Risk Assessments Meaningful: Data Breach Intelligence That Matters Billy Austin, Vice President of Security, SolarWinds Recorded: Oct 6 2016 59 mins
    How can organizations quantify the impact of a breach before it happens? Are there more productive ways to engage stakeholders and manage resources than the classic vulnerability report? This session details an approach to capturing the potential financial impact of a breach and demonstrates methods for producing reports encompassing sensitive data and detected threats in straightforward terms for your entire business. By changing the conversation from “threats and vulnerabilities” to “dollars at risk,” security professionals can more easily justify remediation and demonstrate the value of risk management.
  • Why Cyber Risk IS Business Risk: Assessing Cyber Risk Appetite for the C-Suite Why Cyber Risk IS Business Risk: Assessing Cyber Risk Appetite for the C-Suite Mason Karrer, Principal GRC Strategist, RSA Recorded: Oct 4 2016 62 mins
    In the constantly changing landscape and myriad of sources behind cyber risk, executives and board members are increasingly forced to take command and accountability. Yet many lack the critical knowledge to make effective risk management decisions and incorporate them into their overall business strategy. This inevitably leads to security strategies that are ineffective and reactionary.

    Per International president of ISACA, Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, “In 2016, organizations must be sure that they have the cybersecurity framework, knowledge, skills and resources to manage these new threats.” The success and failure of modern enterprises is dependent on the ability to quantify cyber risk and make informed decisions within an organizations cyber risk appetite. Those who do so effectively will be better positioned to enable continued growth and those who do not, will expose their organization to risks with potential calamitous implications. Without having a foundational, solid understanding, determining how and where to allocate human, financial, and technology resources is a complicated calculus.

    Join RSA for this informative session as we discuss practical steps for identifying and categorizing cyber risk with your key stakeholders. Cyber risk IS business risk. Attend this session to enlighten your executives, enable your auditors, and take command!
  • How Secure is Your Private Cloud? How Secure is Your Private Cloud? Peter Bury, Cloud Security Specialist, Enterprise Technology Specialists Team at Intel Security Recorded: Sep 27 2016 62 mins
    As datacenters evolve from physical places to private clouds to fully software-defined datacenters (SDDC), concerns about security tools and methods ensuring a secure computing environment also change.

    Understanding changing operational models and technologies is a key component to skillfully addressing risks when architecting a cloud environment. Software-defined security solutions make it possible to take advantage of the agility and speed of a private cloud while maintaining compliance.

    You’ll learn:
    · Why organizations choose SDDC over public cloud, the benefits and pitfalls
    · How SDDC challenges traditional approaches to security and visibility
    · How software defined infrastructure can be used to enhance and deliver security
  • Securing “Shadow IT” and Sensitive Company Data in the Cloud Securing “Shadow IT” and Sensitive Company Data in the Cloud Ed Moyle (ISACA), Raef Meeuwisse (Cyber Simplicity), Martin Johnson (Blue Coat), Mari Heiser (IBM) Recorded: Sep 15 2016 62 mins
    Rapid employee adoption of cloud apps without IT sanction or oversight, known as Shadow IT, poses substantial problem for IT as CIOs and CISOs work to ensure the security of the cloud services their organizations adopt, control costs and complexity, and effectively manage their overall cloud strategy. Gaining visibility and control over Shadow IT is the first step in ensuring organizations are secure. In addition, uncovering and controlling access to the sensitive corporate data stored and shared in both IT sanctioned and unsanctioned apps, known as shadow data, is often overlooked but arguably even more critical. The costs associated with compliance violations, mitigation costs, and lost reputation that typically follows a cloud account breach can be devastating. This roundtable session will explore the growing risk posed by Shadow IT and Shadow Data and the security obstacles that must be overcome to safely adopt the cloud.
  • SSH Keys: Access Out of Control SSH Keys: Access Out of Control Matthew McKenna, Chief Strategy Officer, and Fouad Khalil, Director of Compliance, SSH Communications Security Recorded: Sep 13 2016 62 mins
    The SSH protocol is one of the security industry's greatest tools, but it’s not completely understood. Used by administrators around the world for remote access to servers, network devices, and secure data transfer between applications, SSH has been providing encrypted trusted access for the last two decades. Nonetheless, the power it actually wields is widely unknown, exposing a major gap in our identity access postures and creating risk for the resilience of our enterprises.

    We will explore SSH user keys – the only form of access credentials that can be provisioned without oversight or expiration dates. Therefore, they continue to provide access until they are eliminated from the systems on which they reside. Enterprises are finding millions of SSH user keys without knowing who they belong to or whether they are still in use. SSH user keys are access credentials to our most critical infrastructure – yet are undiscovered, unmonitored, and unmanaged.

    During this webinar you will learn how SSH user keys function in relation to the access they provide, why they pose such a significant risk, and why many auditors have been in the dark on this topic until now.
  • Compliance = Security: Why the Math Doesn’t Add Up Compliance = Security: Why the Math Doesn’t Add Up Gedeon Hombrebueno, Director of Security Solutions (CA Technologies) and Piyush Pandey, Senior Manager Cyber Risk (Deloitte) Recorded: Sep 8 2016 54 mins
    Business leaders believe compliance can keep them out of harm’s way. Yet the majority of organizations are not anywhere close to being safe from attacks. Why the disconnect?

    Join Gedeon Hombrebueno (CA Technologies) and Piyush Pandey (Deloitte) as they discuss the importance of taking IT security measures beyond standards or regulations, and how to establish the necessary privileged access management controls to not only prevent data breaches, but also to satisfy audit and compliance demands.

    You will learn:
    • Why a “compliance based approach” to security is inadequate and flawed
    • How to move from a compliance-based approach to risk-based approach
    • How Privileged Access Management can help address compliance requirements, using PCI DSS compliance as an example