Hi [[ session.user.profile.firstName ]]

Audit and Compliance

  • When to report a potential claim or incident (1 CPE)
    When to report a potential claim or incident (1 CPE) Ralph Picardi Recorded: Aug 15 2018 74 mins
    This webinar will focus on how to respond once you become aware of an actual or suspected claim or potential claim (often referred to as an incident). The session will explain how to utilize the CPAOnePro Risk Management Hotline to determine when and how to report a claim or incident to the insurance carrier, and how to proceed relative to the matter while awaiting the carrier's response to your report. The session will also explain when and how to invoke the subpoena coverage within your policy.

    Presented by: Ralph Picardi
    Ralph Picardi is the managing member of PICARDI LLC specializing in advising accountants, lawyers, and their insurers in matters of coverage, and in matters of loss control through hotlines, seminars, risk management audits and publications.
  • Roadmap to Smarter Audits
    Roadmap to Smarter Audits Sam Abadir, VP of Industry Solutions, Lockpath Recorded: Aug 15 2018 49 mins
    Audits provide a vital checks and balances function in an organization. But what if audit's role as the third line of defense was more efficient and strategic? Doing so would enhance the role of the internal auditor. In this live webinar, Lockpath's Sam Abadir will share the roadmap to smarter audits, including:

    • Critical capabilities required for the audit process
    • Importance of customizing messaging to stakeholder audiences
    • The pros and cons of current audit management strategies
    • Strategic, effective audits that can scale with future growth

    More strategic and effective audits won't come from current processes. Discover the road to smarter audits by attending this educational webinar. Register now!
  • Customer Interview - Zynga - Risk Culture
    Customer Interview - Zynga - Risk Culture Fran Gutkowski - Zynga, Sam Abadir - Lockpath Recorded: Aug 14 2018 3 mins
    Hear how Zynga strengthened their risk culture with the help of the Keylight GRC Platform.
  • AppSec in Financial Services through the BSIMM Lens
    AppSec in Financial Services through the BSIMM Lens Nabil Hannan, Managing Principal, Synopsys Software Integrity Group (SIG) Recorded: Aug 14 2018 39 mins
    Do you ever wonder whether your software security program is the correct one for your organization? You spend time and money on processes, technology, and people. But how do you know whether the security efforts you’ve put in place even make sense? The Building Security In Maturity Model, or BSIMM, is a metrics-driven study of existing security initiatives at other organizations. BSIMM results help you assess the current state of your software security initiative and determine which areas need improvement.

    During the webinar, we’ll use a BSIMM broken down by the financial services industry to see what other companies are doing. We’ll also:

    · Use real data to help drive your software security initiative
    · Learn how organizations use the BSIMM to measure the maturity of their software security initiatives
    · Look at the aggregate data of the FSI vertical in the BSIMM
    · Discuss some of the most common activities that we observe with FSI companies and the drivers of those activities
  • Top 10 New Ways to Pay
    Top 10 New Ways to Pay Kieran Hines, Ovum; David Scheidemantel, Semafone; Steve Kramer, ACI Worldwide Recorded: Aug 9 2018 57 mins
    In this session, we cover the newest payment methods organizations are using, and we'll discuss how executives plan the move to more secure and convenient ways to receive consumer payments. We'll also include exclusive research from Ovum!

    Key Takeaways:

    - Learn about the top ten new ways to pay
    - Steps executives are taking to increase security
    - New payment method that could reduce the number of PCI controls in your call center by up to 90%
  • Customer Interview - Zynga - Documenting Processes
    Customer Interview - Zynga - Documenting Processes Fran Gutkowski - Zynga, Sam Abadir - Lockpath Recorded: Aug 7 2018 2 mins
    Hear how Zynga documented their risk management processes before adopting the Keylight GRC Platform.
  • DevSecOps: Security at the Speed of DevOps with Comcast
    DevSecOps: Security at the Speed of DevOps with Comcast Larry Maccherone, Sr. Director DevSecOps Transformation, Comcast Recorded: Aug 3 2018 50 mins
    Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve.

    What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. This requires that security specialists become self-service toolsmiths and advisors and stop thinking of themselves as gatekeepers.

    This webinar includes guidance on the characteristics of security tools compatible with DevOps, but it focuses primarily on the harder part: the people. This talk introduces the DevSecOps manifesto and provides you with a process model, based on agile transformation techniques, to accomplish the necessary mindset shift and achieve an effective DevSecOps culture transformation. It has been successfully used in a large DevSecOps transformation at Comcast and has gained recognition in DevSecOps circles as a leading framework.
  • Discovering a Competitive Advantage with ISO 27001 Certification
    Discovering a Competitive Advantage with ISO 27001 Certification Jason Eubanks - Lockpath Recorded: Aug 2 2018 41 mins
    Organizations with mature, enterprise-wide information security risk management programs enjoy a competitive advantage, thanks to ISO 27001 certification that signifies an international standard for safeguarding information. In this webinar, Lockpath's Jason Eubanks, a governance, risk management, and compliance (GRC) consultant and former ISO auditor, will share the business case for earning ISO 27001 certification and the critical role of a GRC platform in implementing a successful information security management system (ISMS).

    You'll learn:

    • Challenges and pitfalls with ISO 27001 certification
    • Tips on establishing and maturing an ISMS
    • Strategies for preparing and passing ISO audits
    • Technology's role in earning and maintaining certification

    Learn how ISO 27001 can give you a competitive advantage and strategies for earning certification. Register now to attend this educational webinar.
  • How GCI Built Its Security Compliance Program
    How GCI Built Its Security Compliance Program Lisa Hartford - GCI, Sam Abadir - Lockpath Recorded: Aug 2 2018 55 mins
    General Communication Inc. (GCI), a telecommunications company based in Alaska, spent a year building its security compliance program from the ground up. In this webinar, you'll see how GCI did it, starting with one person using the Keylight Platform, through challenges like creating new process and tearing down silos, to where they are by year-end: a fully engaged team leveraging Keylight to manage security compliance.

    As a webinar attendee, you'll learn GCI's secret to:

    * Finding and training IT and security professionals
    * Developing new or streamlining existing processes
    * Scaling Keylight to address security compliance requirements.

    Regardless of your program's status, hearing GCI's lessons learned can inspire and guide you in building or improving your company's security compliance program. Register for this educational webinar today.
  • Building a Culture for Change with GRC
    Building a Culture for Change with GRC Carole Switzer - OCEG Recorded: Jul 31 2018 58 mins
    In this session, OCEG President Carole Switzer addressed how such cross-functional consideration is an essential aspect of effective GRC, and building it into the GRC change process will enhance the outcome of the project and contribute to a stronger corporate culture for years to come.
  • Customer Interview - Zynga - Keylight Preparation
    Customer Interview - Zynga - Keylight Preparation Fran Gutkowski - Zynga, Sam Abadir - Lockpath Recorded: Jul 31 2018 2 mins
    Hear how Zynga prepared for the initial setup and implementation of the Keylight GRC Platform.
  • Customer Interview - Zynga - Why Keylight
    Customer Interview - Zynga - Why Keylight Fran Gutkowski - Zynga, Sam Abadir - Lockpath Recorded: Jul 31 2018 2 mins
    Hear why Zynga adopted the Keylight GRC Platform to manage their risk management (IRM) programs.
  • Key eDiscovery Case Law Review for First Half of 2018
    Key eDiscovery Case Law Review for First Half of 2018 Doug Austin and Tom O'Connor Recorded: Jul 25 2018 61 mins
    Legal precedents set by past case law decisions remain one of the best ways to guide lawyers on how to do their job, especially when it relates to eDiscovery best practices. Case law examples help lawyers avoid mistakes made by others, as well as saving time and money for their clients. This CLE-approved* webcast session will cover key case law covered by the eDiscovery Daily Blog during the first half of 2018 to enable lawyers to learn from these cases. Key topics include:

    + Is there a template for how parties should cooperate in a Technology Assisted document review?
    + Should a plaintiff be allowed to email all defendant employees to see if they have responsive documents?
    + Will fabrication of text messages result in sanctions post Rule 37(e)?
    + Can Twitter be compelled to produce direct messages between their own employees?
    + Can an individual be compelled to produce private Facebook photos by the opposing party?
    + How have proportionality considerations in the 2015 Federal rules affected scope of discovery?
    + Should a receiving party be granted a quick peek at privileged documents to resolve privilege disputes?
    + Should border searches of electronic devices require a warrant?
    + Can you be sanctioned for discovery violations even after a jury verdict?

    * MCLE Approved in Selected States

    Presentation Leader: Doug Austin

    Doug is the VP of Products and Professional Services for CloudNine. At CloudNine, Doug manages professional services consulting projects for CloudNine clients. Doug has over 25 years of experience providing legal technology consulting, technical project management and software development services to numerous commercial and government clients. 

    Special Consultant to CloudNine: Tom O'Connor

    Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems. Tom’s consulting experience is primarily in complex litigation matters.
  • Reviewing Spectre 6 Months Later
    Reviewing Spectre 6 Months Later Taylor Armerding, Senior Security Strategist for Synopsys Recorded: Jul 25 2018 30 mins
    It’s been more than six months since the major design flaw in computer chips labeled Spectre became public. And, as predicted, it is still haunting the world of information technology. The CPU (central processing unit) is, after all, the “brain” of any computer, phone, tablet, modern TV, or other “smart” device.
    Since then, we’ve all learned a bit about terms some of us had never heard before—“speculative execution,” anyone? We’ve also been told that you can’t just patch a chip the way you can patch bugs in software. But you can create work-arounds with software patches.
    In this webinar, Taylor Armerding, senior security strategist for Synopsys Software Integrity Group, will address some of the questions that “regular”—i.e., nontechnical—users may have about Spectre:
    - What is it?
    - How does it work?
    - Why does it work?
    - Why didn’t chip makers catch a flaw of this magnitude during the design phase?
    - Why is a tool called static analysis the best way to work around Spectre without causing intolerable performance slowdowns?
  • Penetration Testing or Vulnerability Scanning - Aren’t they the same thing?
    Penetration Testing or Vulnerability Scanning - Aren’t they the same thing? Mike Larmie, Federal Solutions Architect, Synack Recorded: Jul 24 2018 53 mins
    Take a look behind the curtain and decide for yourself. Join government security expert Mike Larmie as he breaks down the key differences. He will share what your agency needs to know to make sure your security program is both identifying vulnerabilities and reducing risk of exploit. He will cover the techniques, tools, and tradecraft of each, as well as common questions such as:

    -Who performs the services?
    -How often do they run in a network environment?
    -What’s covered in their data output and reporting?
    -What’s their value?

    Mike will present how government agencies are reinventing how they conduct security testing to achieve greater efficiency and ROI. Learn how your agency’s security team CAN achieve security without compromise.

    BIO: Mike Larmie, Federal Solutions Architect at Synack has more than 20 years of IT Security Experience, and has been involved with countless missions within the DoD, Intel and Civilian Federal Agencies. He has a wealth of experience having worked at companies such as Tenable, Sourcefire, Rapid7, Infoblox, G2 and others.
  • Reaching the GRC Summit - Planning, Technology, and Execution
    Reaching the GRC Summit - Planning, Technology, and Execution Michael Rasmussen - GRC 20/20 Recorded: Jul 24 2018 52 mins
    To ascend a mountain safely takes proper planning and equipment. Yes, you can go solo without equipment, but disaster awaits you. The same is true for GRC implementations, a cavalier approach is likely to lead to failure. To achieve progress and maturity in GRC requires careful planning and execution that is supported by the right technology choices. Like climbing a mountain, this should be done in stages with critical points to review progress and look at the path ahead of us. This keynote session took lessons from mountaineering and applied them to GRC process improvement through the appropriate use of technology.
  • Customer Interview - Zynga - Before Keylight
    Customer Interview - Zynga - Before Keylight Fran Gutkowski - Zynga, Sam Abadir - Lockpath Recorded: Jul 24 2018 2 mins
    Hear how Zynga managed their integrated risk management (IRM) processes before adopting the Keylight GRC Platform.
  • Customer Interview - Zynga - IRM with Keylight
    Customer Interview - Zynga - IRM with Keylight Fran Gutkowski - Zynga, Sam Abadir - Lockpath Recorded: Jul 24 2018 2 mins
    Hear how Zynga is using the Keylight GRC Platform to implement their integrated risk management (IRM) processes.
  • Customer Interview - Zynga - Full Interview
    Customer Interview - Zynga - Full Interview Fran Gutkowski - Zynga, Sam Abadir - Lockpath Recorded: Jul 24 2018 16 mins
    Hear how Zynga is streamlining their integrated risk management (IRM) processes with the Keylight GRC Platform.
  • Hacker Powered Cloud Security Testing
    Hacker Powered Cloud Security Testing Andy Condliffe, Solution Architect EMEA, Synack Recorded: Jul 24 2018 60 mins
    Cloud security has come full circle - back to the user. Early cloud vendors promised complete security only to find the truth more nuanced - there’s a shared responsibility. Both infrastructure and applications in the cloud need attention to stay clear of security vulnerabilities old and cloud new. Security testing has evolved to meet the needs of hybrid, public, and private cloud deployments. Attendees of this webinar can expect to learn:

    The shared model for cloud security
    What cloud providers protect...and what they don’t
    How to migrate securely to the cloud
    What penetration testing for cloud environments does differently
  • Accelerate Open Banking with APIs, Strong Authentication and Risk-Based Security
    Accelerate Open Banking with APIs, Strong Authentication and Risk-Based Security From CA Technologies: Sanjay Tailor, Mehdi Medjaoui, Robert Lindberg, David Chui Recorded: Jul 19 2018 61 mins
    Whether driven by PSD2 compliance, market demand for mobile apps, or fintech competition, open banking is becoming a top priority for financial businesses. Through exclusive research and customer successes, we determined that building a modern application architecture with APIs, microservices and strong authentication is a key success factor in this space. In fact, our latest report shows that fully digital banks enjoy an estimated 25% cost-to-income ratio, versus 60% for traditional institutions.

    For this webcast, we assembled a panel that includes Mehdi Medjaoui, author of Banking APIs: State of the Market, along with experts in API and security capabilities, to introduce the elements of modern application architecture that all digital banking business leaders should know about – API management, microservices, strong authentication and risk-based security. You’ll learn about:

    * The current state of open banking, and what your peers are doing

    * How to invest in modern application architecture to improve your open banking projects

    * How to align better with IT to accelerate your time-to-market

    All registrants will also benefit from a complimentary copy of our Banking APIs: State of the Market report.
  • Anatomy of a Hack: Learning From Successful Law Firm Cyberattacks
    Anatomy of a Hack: Learning From Successful Law Firm Cyberattacks Jake Bernstein, Eli Wald, Kip Boyle Recorded: Jul 18 2018 61 mins
    Law firms are increasingly a high-value target for hackers, a “one stop shop” for sensitive data. And as dozen of examples show, the hackers are often successful. How do these cybercriminals infiltrate law firms and what can be done to prevent them?

    Join our panel of experts as they dissect the anatomy of a successful law firm cyberattack and explain how you can protect yourself, and your clients, from a similar fate.

    Attend this webinar to learn:
    -Why hackers are increasingly targeting legal professionals
    -What vulnerabilities make law firms easy prey for hackers
    -The ethical implications of law firm cybersecurity
    -How to protect yourself, your clients, and your data

    Featuring:
    - Jake Bernstein: An attorney with Newman Du Wors, Jake Bernstein’s practice focuses on counseling clients on cybersecurity issues. A former Washington State Assistant Attorney General and a frequent speaker and advisor on cybersecurity legal issues, Bernstein has significant experience with regulatory compliance, privacy, and cybersecurity law.

    - Eli Wald: A professor of legal ethics at the University of Denver’s Sturm College of Law, Eli Wald was one of the first academics to investigate the ethical implications of law firm cybersecurity. A frequent author and speaker on ethics and professional responsibility, his work has been cited in ABA ethics opinions and excerpted in legal ethics casebooks.

    - Kip Boyle: A 20-year information security expert and founder of Cyber Risk Opportunities, Kip Boyle advises global companies in the logistics, technology and financial services industries. He is a nationally recognized analyst, lecturer and thought-leader in cyber risks and has been featured in Entrepreneur magazine, Chief Executive magazine and others.
  • Hot Topics for Internal Audit
    Hot Topics for Internal Audit Tim Lietz and Ed Williams of Experis Finance Recorded: Jul 18 2018 61 mins
    Experis Finance is pleased to announce the first of our Hot Topics Series for Chief Audit Executives and their teams. Our goal is to provide you with a series of webinars that provide practical insights on topics of interest to internal audit professionals. Our first session will cover Agility and preparing for Robotic Process Automation.

    The webinar will provide participants with the following learning objectives:

    •Define Agility in the context of Internal Audit
    •Share pragmatic insights in how to define and execute an Agile transformation
    •Discuss RPA and in practical terms as companies begin to assess, plan and implement
    •Highlight the role of audit in assessing the overall RPA plan
    •Link the opportunities of RPA to the concepts of Agile Auditing

    Presented by:
    Tim Lietz – CIA, CRMA, MBA
    Regional Director, Risk Advisory Services
    Experis Finance

    Ed Williams CIA, CRMA
    Sr. Manager, Risk Advisory Services
    Experis Finance
  • Client entertainment as a form of bribery and its wide-ranging ripple effects
    Client entertainment as a form of bribery and its wide-ranging ripple effects Mike Koehler, FCPA Expert and Law Professor Aug 21 2018 6:00 pm UTC 60 mins
    If you thought FCPA scrutiny and enforcement arises only from suitcases full of cash, to bona fide foreign government officials, in connection with a government contract, then you are wrong. What makes FCPA compliance challenging for business organizations is that scrutiny and enforcement can arise from normal business activity such as client entertainment if offered or provided to a specific type of customer or potential customer. In this engaging webinar, FCPA expert Professor Mike Koehler will highlight recent FCPA enforcement actions based on corporate hospitality and the compliance take-away points from the actions. In addition, the webinar will highlight the wide-ranging, negative financial consequences that often result from FCPA scrutiny and enforcement beyond settlement amounts and discuss why FCPA compliance is not just a legal issue but more properly a general business issue that needs to be on the radar screen of many professionals who can assist in risk management.
  • New Horizons in Data and Litigation
    New Horizons in Data and Litigation Christopher J. Adams, Martha K. Louks, and Michael Simon Aug 21 2018 6:00 pm UTC 60 mins
    The amount of data available to legal professionals is expanding at a mind-boggling pace. Over 2.5 exabytes, or 75 trillion pages’ worth, of data is generated every day. And much of it isn’t the email inboxes and Office documents attorneys are used to dealing with.

    From chat messages, to IoT data, to ephemeral communications, tomorrow’s case-dispositive data can take nearly any shape.

    Join us for this webinar as we explore the ways novel data sources are reshaping the future of discovery and litigation. Topics to be covered include:

    -- Mobile data: Does BYOD, BYOA and BOYC all add up to Bring Your Own Nightmare?
    -- Redefining TL;DR with ephemeral messaging
    -- Welcome to your quantified life. BTW, it’s all discoverable
    -- The IoT isn’t SciFi. It’s here now and it’s also all discoverable

    It’s an educational, action- and acronym-packed hour you don’t want to miss.
  • Security Champions: Only YOU Can Prevent File Forgery
    Security Champions: Only YOU Can Prevent File Forgery Marisa Fagan, Product Security Lead, Synopsys Aug 22 2018 4:00 pm UTC 60 mins
    If you’re a developer, there will come a time when you realize that you have the power not only to ship awesome features but also to protect them so that no one else can tamper with all your hard work. Every developer is responsible for coding securely, but a brave few among us will take this duty one step further by wearing the mantle of a Security Champion.

    This webinar is your guide to becoming the Security Champion you always wanted to be, in just five easy steps. We’ll also talk about what benefits you’ll get out of it, besides saving the world, and what to do if your company doesn’t have a Security Champions program or even a product security program.
  • Open Banking in Australia - An Open Forum
    Open Banking in Australia - An Open Forum Seshika Fernando, Head of Financial Solutions, WSO2 Aug 23 2018 1:00 am UTC 45 mins
    Project deadlines that span a year or two aren’t usually nerve-racking. But, when it means making a significant change to your business strategy, internal systems and technology infrastructure, it can become a head scratcher. This is probably where the banks in Australia stand. Banks are figuring their way around it and there’s a lot to learn. Regardless, no one wants to fall victim and everyone wants to conquer open banking


    This session covers:


    - A Reality Check - Where banks stand in their open banking journeys

    - The Problem Children - What challenges they are facing

    - The Gold Stars - Critical success factors for a killer open banking strategy

    - A Whole New World - The potential of an open data world
  • Enterprise Security at Scale With IAST
    Enterprise Security at Scale With IAST Asma Zubair, Product Marketing Manager, Synopsys Aug 28 2018 4:00 pm UTC 60 mins
    With all the different application security testing tools available, you may be wondering whether interactive application security testing (IAST) makes sense for you. If you want to equip your developers with everything they need to fix vulnerabilities quickly and accurately in CI/CD workflows, then the answer is yes.

    In this webinar, Asma Zubair, product marketing manager for Seeker, our IAST solution, will show you how to gain unparalleled visibility into the security posture of your web applications and how to identify vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, and CWE/SANS). You’ll also learn how IAST can:

    - Be deployed in existing environments with ease
    - Give you real-time, accurate results
    - Integrate with software composition analysis
  • Litigate or Settle? Info You Need to Make Case Decisions
    Litigate or Settle? Info You Need to Make Case Decisions Doug Austin and Tom O'Connor Aug 29 2018 5:00 pm UTC 75 mins
    People say that fewer and fewer cases go to trial these days. Is that true. Regardless of whether it is or not, what information do you need to know to make an informed decision whether or not to litigate or settle the case and how do you gather that information? This CLE-approved* webcast will discuss how litigation has evolved over the years, how that impacts discovery and what you need to know to decide on the best course of action for each case. Topics include:

    + How Litigation Has Evolved
    + The Importance of Deciding Correctly
    + eDiscovery Considerations
    + Covering Your Bases While You Decide
    + Benefits of Early Data Analysis
    + How Much Each GB Can Cost You
    + Why Number of GBs Isn't All You Need to Know
    + Why You Should Test Searches Before Meet and Confer
    + Other Tips and Tricks to Know for a Successful Outcome

    * MCLE Approved in Selected States

    Presentation Leader: Doug Austin

    Doug is the VP of Products and Professional Services for CloudNine. At CloudNine, Doug manages professional services consulting projects for CloudNine clients. Doug has over 25 years of experience providing legal technology consulting, technical project management and software development services to numerous commercial and government clients.

    Special Consultant to CloudNine: Tom O'Connor

    Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems. Tom’s consulting experience is primarily in complex litigation matters.
  • Why KBA Won’t Survive the Digital Transformation
    Why KBA Won’t Survive the Digital Transformation Scott Hamlin, Product Marketing Manager and Libby Lefanowicz, Innovation Product Manager Sep 5 2018 5:00 pm UTC 60 mins
    What is your mother’s maiden name? What street did you grow up on? We’re all familiar with answering these types of questions to verify ourselves during account opening or access. Knowledge-based authentication, or KBA, has been an industry-standard identity verification / authentication tool for nearly two decades. When initially deployed, it was highly effective and the friction it created was often overlooked because consumer expectations were different. Fast forward to today – its effectiveness has dropped considerably, and the user experience is widely considered egregious because we live in a digital world where instant is the expectation. In this webinar we’ll discuss how the digital transformation is impacting both consumers and enterprises in such a way that KBA can no longer survive. We’ll demonstrate how innovative ID verification helps enterprises reduce their exposure to fraud risk and deliver convenience that meets the expectations of today’s digital consumer.

    5 Key Takeaways:
    - How evolving consumer expectations impact your enterprise
    - What keeps risk managers up at night
    - Why KBA can’t survive the digital transformation
    - The benefits of ID verification in a digital world
    - ID Analytics’ unique approach to better, faster, stronger identity verification
  • Seven Steps to Effective Regulatory Response
    Seven Steps to Effective Regulatory Response EDRM and Zapproved Sep 5 2018 6:00 pm UTC 60 mins
    Learn the seven steps to effective regulatory response and be prepared to respond quickly to ensure compliance.

    Regulatory agencies such as the SEC and CFTC can initiate an investigation into business activity at any time, bringing challenges beyond those of typical ediscovery. Regulatory investigations often relate to unclear charges, make broad and sweeping data requests under unrealistically tight timelines, and bear severe consequences for noncompliance. Organizations need to be prepared to identify, preserve, and analyze relevant information rapidly and accurately.

    In this webinar, Zapproved will discuss seven clear, actionable steps to launch a successful regulatory response. These steps start with strategizing and preserving data before moving into assessing information, negotiating the terms of the request, creating privilege logs, and keeping the lines of communication open.

    Any organization subject to regulatory oversight could be investigated at any time. Prepare today so you can face tomorrow with confidence.
  • Third Party Risk Trends and Predictions
    Third Party Risk Trends and Predictions Moderated by Sam Abadir - Lockpath Sep 12 2018 4:00 pm UTC 60 mins
    What insights can be gleaned from third-party risk management today? What are the top trends to watch out for in 2020? Get guidance from our panel of thought leaders on the leading edge of third-party risk management. Each panelist will answer a series of questions and share their viewpoints on a variety of topics, including:

    •Top trends in third-party risk management
    •Third-party risk ownership in an organization
    •How privacy is affecting third-party relationships
    •Role of continuous monitoring in business resiliency
    •Top predictions for 2020

    Plan now to attend this exclusive webinar. Or forward to risk management professionals tasked with managing third-party risk.

    PRESENTERS:

    -Phil Marshall, Director, Product Marketing, SecurityScorecard

    -James H. Gellert, Chairman and CEO, Rapid Ratings

    -Tom Garrubba, Sr. Director, Santa Fe Group / Shared Assessments Program

    -Eric Dieterich, General Manager – Advisors, Privacy Practice Lead, CISA, CRISC, CIPP/US, Focal Point

    MODERATOR :

    Sam Abadir, VP, Industry Solutions, Lockpath
  • Assessing Cyber Risk - Challenges and Solutions
    Assessing Cyber Risk - Challenges and Solutions Stephen Head, CISSP, CISM, CBCP - Senior Manager, Risk Advisory Services, Experis Finance Sep 12 2018 4:00 pm UTC 60 mins
    Managing cyber risk in today’s digital environment is extremely challenging, whether your organization is public, private or governmental. In response to the growing frequency and severity of cyber-attacks, many organizations have decided it’s time to focus more of their efforts on cyber risk, starting with a cyber risk assessment. This approach to proactively dealing with the risk of cyber-attacks increases the organization’s awareness of the potential impacts and costs, and enables them to take actions that reduce the overall risk to the organization, minimize the impact of cyber-attacks, and more predictably ensure the continuity of essential services.

    This webinar will provide a high-level overview of assessing cyber risk and explore the following:

    •Threats and root causes of breaches
    •The changing regulatory landscape
    •Security frameworks and tools
    •Practical ways to assess your risk and organizational exposure
    •Key elements of a successful cyber risk management program

    Whether or not you have embraced a formal cyber risk management program, this session will provide practical advice on the evolving nature of cyber risk management, how to develop and incorporate an assessment process into your organization’s overall risk management efforts, and how cyber risk management can improve your organization’s ability to withstand a cyber-attack.
  • Cyber Criminals have stepped up their game (1 CPE)
    Cyber Criminals have stepped up their game (1 CPE) Eric Hess Sep 12 2018 5:00 pm UTC 75 mins
    Any firm that has avoided attacks due to social engineering, distributed denial of service, ransomware, evasive malware and e-mail interception can count themselves lucky...but this is the year that may be changing. Cyber criminals have stepped up their game altering the threat landscape for CPA's now and in the years ahead. More than ever, accounting professionals need to keep up to date on the latest threats and adjust their game plan accordingly. This webinar will review the current threat landscape for CPA's, as well as the actions that small to mid-size firms should be taking to mitigate risk on limited budgets.

    Presented by Eric Hess - Eric Hess founded HLC LLC in 2014 to focus on systems compliance and information security consulting. Today, it provides an array of right sized cybersecurity assessment and cybersecurity management services to small to medium sized businesses. HLC’s clients are primarily financial services firms, but HLC is developing a focus on CPA firms and law firms.
  • Using Security Champions to Build a DevSecOps Culture Within Your Organization
    Using Security Champions to Build a DevSecOps Culture Within Your Organization Brendan Sheairs, Associate Managing Consultant, Synopsys Software Integrity Group (SIG) Sep 13 2018 4:00 pm UTC 60 mins
    The security industry has made great strides developing tools and technology to integrate software security into the application development life cycle. However, it’s important not to ignore the people and process aspects of DevSecOps. Building security into application teams’ culture is necessary for DevSecOps to be successful.

    Outside the software security group, Security Champions are the leaders of this cultural change. Embedding knowledgeable champions within development teams to assist with security activities and vulnerability remediation will help your organization see this cultural shift. As a result, you’ll build new features not only faster but also more securely. In this webinar, you’ll learn the foundations of a successful Security Champions program and the challenges you’ll face implementing such a program.
  • Don't Acquire Open Source Risks You're Not Aware Of
    Don't Acquire Open Source Risks You're Not Aware Of Daniel Kennedy, Research Director - Information Security, 451 Research; Phil Odence, GM – Black Duck On-Demand Sep 19 2018 4:00 pm UTC 60 mins
    Modern applications are constructed using open source components. Most organizations understand they’re using open source. What they likely underestimate is its prevalence in their homegrown applications and the potential security and license compliance risks they assume if they’re not continuously monitoring those libraries. When companies merge or are acquired, that unknown risk is transferred, potentially to organizations with greater regulatory exposure. Join Daniel Kennedy, Research Director, Information Security, and Phil Odence, GM, Black Duck On-Demand, for a discussion of these risks and how to address them.
  • Regulatory capital relief: legal framework, expected changes and BRRD impact
    Regulatory capital relief: legal framework, expected changes and BRRD impact Vlad Maly and Oliver Ireland, partners, and Yulia Makarova, of counsel - Morrison & Foerster Sep 24 2018 3:00 pm UTC 90 mins
    In this webinar, we will analyse capital relief driven transactions and structures, focusing on the principle purpose of using this tool, the main structures used in the market and the legal and regulatory framework underpinning the relevant structuring solutions. Among other things, this webinar will cover:
    - the most commonly used capital relief driven structures and why the market choses them, including a comparative summary of the structures used in the EU and the US;
    - the existing legal and regulatory framework and expected changes, including potential impact of different Brexit scenarios;
    - BRRD and its implications: how the rules affect structuring and the mitigating techniques investors may explore.
  • Roadmap to Smarter Operational Risk Management
    Roadmap to Smarter Operational Risk Management Sam Abadir, VP of Industry Solutions, Lockpath Oct 3 2018 6:00 pm UTC 60 mins
    Operational risks are on the rise due to companies increasingly relying on digital processes and third parties. The issue is compounded by the fact that products and services are growing in number and complexity. Traditional operational risk management can't keep up. In this live webinar, Lockpath's Sam Abadir will share the roadmap to smarter operational risk management, including:

    • Critical capabilities for managing digital process and third-party risks
    • Strategies for tying operational risks to business objectives
    • Advantages of managing operational risk using a GRC platform
    • Leveraging the value chain for integrated risk management

    Bring efficiency, effectiveness and agility to operational risk management. Discover the road to smarter operational risk management by attending this educational webinar. Register now!
  • Container Security – What you need to know!
    Container Security – What you need to know! Tanay Sethi, Senior Security Architect, Synopsys Oct 4 2018 5:30 am UTC 75 mins
    Containers are revolutionizing application packaging and distribution. They’re lightweight and easy to build, deploy, and manage. But what about security? Your containers include more than the applications your team builds. They also bundle all the third-party software and open source components those apps depend on. In our webinar “Container Security – What you need to know!”, Tanay Sethi, Senior Security Architect, outline how you can prevent vulnerable code hiding in your containers from compromising your applications and sensitive data and how you can take control in the event when a new vulnerability breaks out for open source component present in your containers.
  • OCTOBER 17! Taming the Demon Weed – Risk Management for Cannabis CPAs
    OCTOBER 17! Taming the Demon Weed – Risk Management for Cannabis CPAs R. Peter Fontaine Oct 17 2018 5:00 pm UTC 75 mins
    A growing number of states are legalizing the medicinal and nonprescription use of marijuana. Nevertheless, the legalized status of cannabis at the state level conflicts with the federal Controlled Substance Act, causing significant legal risk, business uncertainty, and operational challenges for cannabis producers and distributors, as well as their accountants. This webinar will explore how CPAs serving cannabis industry clients can actively manage their business and legal risks through the use of client acceptance and retention criteria, engagement letters and related documentation, engagement planning, staffing and execution, and an understanding of applicable regulations.

    Presented by Peter Fontaine - R. Peter Fontaine is managing partner of NewGate Law, which exclusively serves the legal needs of the accounting profession, including firms with cannabis industry clients.
  • Security in the Golden Age of Cloud
    Security in the Golden Age of Cloud Emma Bickerstaffe, Senior Research Analyst, ISF LTD Oct 23 2018 12:00 pm UTC 45 mins
    Demand for cloud services continues to increase as the benefits of cloud services change the way organisation manage their data and use of IT.

    However, while these services can be implemented quickly and easily, with increased legislation and data privacy, the threat of cyber theft is on the increase and organisations must have a clear understanding of where their information is stored and how reliant these services are.

    In this webinar, Steve Durbin, Managing Director of the ISF will discuss the risks associated with cloud computing and how to manage them, as well as how to maximise the benefits.

    About the presenter

    Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.
  • Fraudulent Wire Transfers in the Accounting Industry (1 CPE)
    Fraudulent Wire Transfers in the Accounting Industry (1 CPE) Ginger Johnson & Michael J Weber Nov 14 2018 6:00 pm UTC 75 mins
    Fraudulent wire transfers scams continue to plaque accounting firms nationwide. The FBI reports that fraudulent wire transfers have doubled since 2016. The new wave of scam e-mails have grown in their sophistication and appearance and no longer resemble clumsy “Nigeria” e-mails.
    Hear directly from the insurance company and lawyers on steps to prevent these fraudulent wire transfer scams and how to deal with a claim if this happens to your firm.

    Presented by Ginger Johnson & Michael J Weber - Michael J Weber Partner at Dinsmore. He focuses his practice on fidelity and surety bond claims/litigation, complex litigation, commercial law, transactional matters, general business matters/litigation and construction law. & Ginger Johnson is Specialty Claim Consultant at The Hanover Insurance Company working with Crime, Fidelity and first party Cybercrime claims up to $10M in the Management Liability Unit.