Hi [[ session.user.profile.firstName ]]

Audit and Compliance

  • An Investor's Guide to Climate Change
    An Investor's Guide to Climate Change Sam Gill Recorded: Oct 18 2018 43 mins
    An introductory guide to climate change and investment, this guide outlines the key trends that every investor should know. We describe relevant climate change drivers and metrics, how to understand a portfolio's climate exposure and the fundamental steps investors must take when formulating an investment response to climate change.

    Join us on the 18th October at 2pm to explore this guide with our CEO, Sam Gill, who will take you through our key findings and answer your questions relating to climate change and investment.
  • OCTOBER 17! Taming the Demon Weed – Risk Management for Cannabis CPAs
    OCTOBER 17! Taming the Demon Weed – Risk Management for Cannabis CPAs Adam Fine Recorded: Oct 17 2018 61 mins
    A growing number of states are legalizing the medicinal and nonprescription use of marijuana. Nevertheless, the legalized status of cannabis at the state level conflicts with the federal Controlled Substance Act, causing significant legal risk, business uncertainty, and operational challenges for cannabis producers and distributors, as well as their accountants. This webinar will explore how CPAs serving cannabis industry clients can actively manage their business and legal risks through the use of client acceptance and retention criteria, engagement letters and related documentation, engagement planning, staffing and execution, and an understanding of applicable regulations.

    Presented by Adam Fine

    Adam D. Fine joined Vicente Sederberg LLC in 2013. As managing partner of the Massachusetts office, Adam represents the firm's growing base of Massachusetts adult use and medical marijuana clients, with a particular emphasis on licensing, corporate, and regulatory matters. Adam has chaired multiple CLE's relating to marijuana law and has testified before numerous municipal and regulatory bodies regarding marijuana policy and compliance. Adam also served as a consultant to Massachusetts Special Senate Committee on Marijuana and on was on the drafting committee for Question 4 which legalized marijuana in Massachusetts. Adam is frequently quoted in the Boston Globe and other local publications on the topic of marijuana legislation and policy and has emerged as a leading voice in the field being named in the 100 Most Influential People in Boston in the Boston Magazine. Before joining Vicente Sederberg, Adam spent a number of years as an associate attorney at a downtown Boston law firm where his practice focused on complex civil and criminal litigation.
  • Effective Policies for Managing and Releasing Open Source Software
    Effective Policies for Managing and Releasing Open Source Software Mark Radcliffe, Partner, DLA Piper/General Counsel OSI; Anthony Decicco, Shareholder, GTC Law Group & Affiliates Recorded: Oct 17 2018 60 mins
    Once you get a handle on what open source your organization has in house and you're through remediating any issues that came up during your code scan, then what? How do you ensure you avoid surprises the next time around and fully leverage your investment?

    Join this webinar with top open source legal experts Mark Radcliffe (partner at DLA Piper and General Counsel for the Open Source Initiative) and Tony Decicco (shareholder, GTC Law Group & Affiliates) as they discuss effective policies for managing and releasing open source in your company:

    - What are key aspects of an effective open source / third-party software policy for both inbound use and outbound contributions?
    - What are key success factors for effectively releasing code as open source?
    - How does this play out in transaction due diligence and integration following an acquisition?
  • Panel Debate: Is Machine Learning & AI ready for mainstream in the data center?
    Panel Debate: Is Machine Learning & AI ready for mainstream in the data center? Bruce Taylor, Data Center Dynamics, James Cribari, Cisco, John E Miller, IBM, Enzo Greco Nlyte Software Recorded: Oct 10 2018 62 mins
    This webinar will take you through how you can learn the reality and benefits of Machine learning and AI in data centers, from companies with significant and critical data center expertise.

    The presenters will address how AI will drive the performance, availability, resiliency and security demanded of modern digital infrastructure.

    Key issues to be addressed include:
    - Are self-diagnosis and self-healing a reality?
    - How will machine learning and AI optimize workload placement?
    - Will AI-enabled "in-stream" analytics drive the megascale cloud data center?

    Speakers:
    - Bruce Taylor, VP, Data Center Dynamics
    - James Cribari, Global Infrastructure Services Delivery Manager, Cisco
    - John E. Miller, STSM –Sr. Technical Staff Member, Infrastructure Support & Datacenter Services, IBM
    - Enzo Greco, Chief Strategy Officer, Nlyte Software
  • Accelerate Open Banking with APIs, Strong Authentication and Risk-Based Security
    Accelerate Open Banking with APIs, Strong Authentication and Risk-Based Security From CA Technologies: Sanjay Tailor, Mehdi Medjaoui, Robert Lindberg, David Chui Recorded: Oct 9 2018 61 mins
    Whether driven by PSD2 compliance, market demand for mobile apps, or fintech competition, open banking is becoming a top priority for financial businesses. Through exclusive research and customer successes, we determined that building a modern application architecture with APIs, microservices and strong authentication is a key success factor in this space. In fact, our latest report shows that fully digital banks enjoy an estimated 25% cost-to-income ratio, versus 60% for traditional institutions.

    For this webcast, we assembled a panel that includes Mehdi Medjaoui, author of Banking APIs: State of the Market, along with experts in API and security capabilities, to introduce the elements of modern application architecture that all digital banking business leaders should know about – API management, microservices, strong authentication and risk-based security. You’ll learn about:

    * The current state of open banking, and what your peers are doing

    * How to invest in modern application architecture to improve your open banking projects

    * How to align better with IT to accelerate your time-to-market

    All registrants will also benefit from a complimentary copy of our Banking APIs: State of the Market report.
  • TAG Cyber Interview: The Future of Penetration Testing
    TAG Cyber Interview: The Future of Penetration Testing Jay Kaplan, CEO, Synack& Ed Amoroso, Tag Cyber Recorded: Oct 8 2018 23 mins
    Synack Co-Founder and CEO Jay Kaplan talks about the past, present, and future of the company with Ed Amoroso of Tag Cyber.
  • How to Make Third-Party Risk Management Less Painful
    How to Make Third-Party Risk Management Less Painful Amy Hayenhjelm and Neil Isherwood Recorded: Oct 8 2018 52 mins
    Managing a compliance program can be extremely disruptive to an organisation. Firms must not only run checks on potential customers, but also ensure that third-party risk is a key part of their comprehensive compliance program, to avoid exposure to bribery and corruption and the associated reputational ramifications.

    Dun & Bradstreet’s Amy Hayenhjelm and Neil Isherwood discuss “How to make third-party risk management less painful”, in this latest webinar, as part of the International Compliance Assocation's (ICA) #BigCompConvo webinar series. Watch this video to hear practical recommendations for faster & efficient onboarding and the successful management of third party compliance.
  • Container Security – What you need to know!
    Container Security – What you need to know! Olli Jarva, Managing Consultant, Synopsys Recorded: Oct 4 2018 45 mins
    Containers are revolutionizing application packaging and distribution. They’re lightweight and easy to build, deploy, and manage. But what about security? Your containers include more than the applications your team builds. They also bundle all the third-party software and open source components those apps depend on. In our webinar “Container Security – What you need to know!”, Olli Jarva, Managing Consultant & Security Architect, outline how you can prevent vulnerable code hiding in your containers from compromising your applications and sensitive data and how you can take control in the event when a new vulnerability breaks out for open source component present in your containers.
  • Roadmap to Smarter Operational Risk Management
    Roadmap to Smarter Operational Risk Management Sam Abadir, VP of Industry Solutions, Lockpath Recorded: Oct 3 2018 47 mins
    Operational risks are on the rise due to companies increasingly relying on digital processes and third parties. The issue is compounded by the fact that products and services are growing in number and complexity. Traditional operational risk management can't keep up. In this live webinar, Lockpath's Sam Abadir will share the roadmap to smarter operational risk management, including:

    • Critical capabilities for managing digital process and third-party risks
    • Strategies for tying operational risks to business objectives
    • Advantages of managing operational risk using a GRC platform
    • Leveraging the value chain for integrated risk management

    Bring efficiency, effectiveness and agility to operational risk management. Discover the road to smarter operational risk management by attending this educational webinar. Register now!
  • Automate the Dreaded Task of Software Asset Management
    Automate the Dreaded Task of Software Asset Management Gary Paquette, CTO, Mike Schmitt, Sr Director Product Marketing, Karen Hutton, Sr Director of Marketing, at Nlyte Recorded: Oct 3 2018 31 mins
    Nlyte’s Gary Paquette uncovers how you can automate discovery, management, and reporting with Nlyte Software Optimizer agentless software.

    What you will learn from the webinar:

    - Organic installation and distribution of software
    - Lack of visibility in current and new deployments
    - Matching databases to physical and virtual
    - Reconciliation between required services versus installed
    - Inaccurate systems, too many systems and files
  • SISCIN | FILE ANALYSIS, ARCHIVING  AND FILE SEARCHING SOLUTION
    SISCIN | FILE ANALYSIS, ARCHIVING AND FILE SEARCHING SOLUTION Waterford Technologies Recorded: Oct 3 2018 4 mins
    SISCIN from Waterford Technologies allows the creation of policies based on data profile for retention, deduplication or archiving, enabling full control in managing your file data. With flexible storage control to archive directly to the Cloud or locally. Giving organisations the performance and scalability of the Cloud with their existing server infrastructure.
  • How Banco Santander Uses Hacker Powered Security Testing and Manages Risk
    How Banco Santander Uses Hacker Powered Security Testing and Manages Risk Dave Sheridan, UK CISO, Santander Recorded: Oct 2 2018 4 mins
    Dave Sheridan, Banco Santander (UK) CISO, talks about his journey with Synack and how Synack helps him find unknown vulnerabilities and manage the organization's cyber risk.
  • CloudNine Training Snapshot: Concordance Desktop Updating Image Bases
    CloudNine Training Snapshot: Concordance Desktop Updating Image Bases Travis Ballenger, Solutions Consultant Recorded: Oct 1 2018 6 mins
    A snapshot demonstration of the process required to update an image base within Concordance Desktop.

    Some of the various ways in which to update a Concordance Desktop image base are renaming media paths and folders, editing or deleting media keys and calculating and updating the page count for an image base. Use Concordance Desktop’s Image Base Management feature to accomplish each of these tasks.
  • CloudNine Electronic Discovery Loader Settings Overview
    CloudNine Electronic Discovery Loader Settings Overview Terry Leang, CloudNine Solutions Consultant Recorded: Oct 1 2018 8 mins
    An overview of the configurable settings in the LAW PreDiscovery Electronic Discovery Loader, that are specific to the type of source you’re importing. Based on policies and project specifications, the settings tab is used to determine how specific file types will be handled during the import process, such as extracting the contents of an archive or detecting duplicate files, as well as how the files will be organized in the folder view of LAW PreDiscovery.
  • Law Prediscovery Electronic Discovery Loader
    Law Prediscovery Electronic Discovery Loader Terry Leang, CloudNine Solutions Architect Recorded: Oct 1 2018 6 mins
    A snapshot demonstration of an introduction to the LAW PreDiscovery Electronic Discovery Loader.
  • MAILMETER EMAIL ARCHIVING AND COMPLIANCE | WATERFORD TECHNOLOGIES
    MAILMETER EMAIL ARCHIVING AND COMPLIANCE | WATERFORD TECHNOLOGIES Waterford Technologies Recorded: Oct 1 2018 1 min
    MailMeter solves multiple business problems for organisations that need to retain and retrieve email records, are suffering from overwhelming email volumes, or that recognise the importance of email as a critical asset and source of business intelligence.

    We provide both on-premise and fully hosted solutions.
  • Bringing Hacker-Powered Security Testing to DevOps SDLC
    Bringing Hacker-Powered Security Testing to DevOps SDLC Andy Condliffe, Solution Architect EMEA, Synack Recorded: Sep 27 2018 51 mins
    DevOps allows organizations to bring web, mobile, and IoT applications to life faster than traditional SDLC models. However, continuous releases and updates introduce new risks by the way of exploitable vulnerabilities that are introduced and left undetected and unresolved/unpatched in the production stream.

    Traditional point-in-time penetration tests can’t keep up with the frequency and short deployment cycles of the modern DevOps organization. Traditional pen tests are usually conducted through checklist-based activities that lack the comprehensiveness to mimic and defend against sophisticated cyber attacks. The result? An increase in serious, exploitable vulnerabilities in live applications and a slew of high-profile breaches..

    Leading enterprise organizations are utilizing a crowdsourced security testing platform that combines continuous vulnerability scanning tools with manual, crowdsourced human security testing. This model of offensive and adversarial-based testing delivers realistic attack traffic on customers’ applications, resulting in effective vulnerability discovery and management and “smart” security intelligence without compromising security and control. Scalable and controlled crowdsourced testing at a continuous cadence is the answer for secure DevOps SDLC.

    Join this session by Andy Condliffe of Synack EMEA as he shares how Synack can help lower the risks of dynamic deployments with a continuous, human, offensive security testing model that’s better suited for the modern DevOps organization
  • Preparing for Litigation Before it Happens
    Preparing for Litigation Before it Happens Doug Austin and Tom O'Connor Recorded: Sep 26 2018 62 mins
    Information Governance (IG) has always been part of the eDiscovery landscape and it has always been important for reducing the population of potentially responsive electronically stored information (ESI) that might be subject to litigation by helping organizations adopt best practices for keeping their information “house in order”. But now with an increased concentration on the two-fold concerns of privacy and security, IG has become more important than ever. This CLE-approved* webcast will explore the implementation of Information Governance best practices to help organizations better prepare for litigation before it happens. Topics include:

    + Minority Report: Pre-Case for Litigation Avoidance
    + What Information Governance is and What it Isn't
    + General Principles for Information Governance
    + Who Uses Information Governance?
    + IG Considerations and Issues
    + Basic Information Governance Solutions
    + Information Governance vs. Analytics
    + How Privacy/Security Has Impacted the Importance of an IG Program
    + Recommendations for Implementing an IG Program

    * MCLE Approved in Selected States

    Presentation Leader: Doug Austin

    Doug is the VP of Products and Professional Services for CloudNine. At CloudNine, Doug manages professional services consulting projects for CloudNine clients. Doug has over 25 years of experience providing legal technology consulting, technical project management and software development services to numerous commercial and government clients.

    Special Consultant to CloudNine: Tom O'Connor

    Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems. Tom’s consulting experience is primarily in complex litigation matters.
  • Improve asset security with the Blacklight configuration compliance platform
    Improve asset security with the Blacklight configuration compliance platform Lockpath Recorded: Sep 26 2018 2 mins
    Blacklight is a configuration analysis and asset discovery solution that surfaces and provides context to unseen risks. It consists of a cloud-based management portal, and on-premise agents that analyzes asset configuration states, reports how configurations differ from established benchmarks, and provides misconfiguration risk scores in real-time.
  • The Complete Guide to Responsible Disclosure Programs
    The Complete Guide to Responsible Disclosure Programs Rajesh Krishnan, Product Marketing, Synack. Recorded: Sep 25 2018 28 mins
    To beat criminal hackers, it helps to have ethical ones on your side. Responsible Disclosure Programs - where companies invite suspected security vulnerability reports from the public - have been on the rise in the past few years. Should your company consider Responsible Disclosure? Learn more about the ins and outs of these types of programs and how they can differ in the level of liability and management incurred. Technical. Social, Legal, and other indicators will all be raised.
  • Cumplimiento Corporativo en Latinoamérica: principales retos y oportunidades
    Cumplimiento Corporativo en Latinoamérica: principales retos y oportunidades Leila Szwarc & Paola Fonseca TMF Group and Yoab Bitran, LRN Recorded: Sep 25 2018 61 mins
    Acerca de este webinario:

    Enfrentando el desafío global de evolucionar en cumplimiento Corporativo
    Los principales temas a discutir incluirán:

    1.Visión general del Índice de Complejidad de Cumplimiento Corporativo 2018 - tendencias clave a nivel global, países más y menos complejos

    2.Perspectivas sobre los principales desafíos en Latinoamérica

    - Países con mayor índice de complejidad en las Américas.
    - Cumplimiento y principales desarrollos regulatorios en América Latina

    3.Tips acerca de cómo las empresas deben prepararse para enfrentar los desafíos
  • Could millennials be the key to ending the productivity crisis?
    Could millennials be the key to ending the productivity crisis? Mark Elwood, Marketing Director, TeleWare Recorded: Sep 25 2018 50 mins
    By 2025, it is estimated that 75% of the workforce will be millennials. With rapidly changing expectations on how, when and where employees want to work, technology is going to play an increasingly important role in attracting and retaining talent.

    Join our discussion to find out how the millennial demand for mobility in the workplace could help solve the productivity crisis. Our panel of experts will share their views on:

    • Understanding the needs of the millennial worker
    • The key steps to providing the right technology within your digital transformation programme
    • Why mobility and flexible working is the key to hiring and retaining a millennial workforce
    • Demonstrating the proven link between mobility and productivity

    This webinar will be hosted by Mark Elwood, Marketing Director, TeleWare. Panellists will include Andrew Fawcett, product manager, TeleWare and guest experts, Dr Lucy Green from Larato and Vicky Ryder from Microsoft
  • Regulatory capital relief: legal framework, expected changes and BRRD impact
    Regulatory capital relief: legal framework, expected changes and BRRD impact Vladimir Maly, partner, Oliver Ireland, senior counsel, and Yulia Makarova, of counsel - Morrison & Foerster Recorded: Sep 24 2018 62 mins
    In this webinar, we will analyse capital relief driven transactions and structures, focusing on the principle purpose of using this tool, the main structures used in the market and the legal and regulatory framework underpinning the relevant structuring solutions. Among other things, this webinar will cover:
    - the most commonly used capital relief driven structures and why the market choses them, including a comparative summary of the structures used in the EU and the US;
    - the existing legal and regulatory framework and expected changes, including potential impact of different Brexit scenarios;
    - BRRD and its implications: how the rules affect structuring and the mitigating techniques investors may explore.
  • GDPR Compliance for Contact Centers: Using PCI DSS as a Proven Framework
    GDPR Compliance for Contact Centers: Using PCI DSS as a Proven Framework Jay Trinckes, Principal Security Consultant for Risk Management & Governance, NCC; Aaron Lumnah, Semafone Recorded: Sep 20 2018 47 mins
    On May 25, 2018, the European Union's General Data Protection Regulation (GDPR) went into effect, becoming the world's strictest and most comprehensive data protection legislation. Companies around the world, regardless of whether they are physically located within EU borders, had to meet compliance requirements if they process the data of EU citizens, creating a huge headache for any organization running a call or contact center.

    For contact centers that have troves of sensitive customer information, GDPR compliance can easily become a massive undertaking. However, using preexisting tried-and-true frameworks like the PCI DSS, companies can relieve the burden of meeting compliance obligations.

    Join Semafone and NCC for this informative session, where you'll learn:
    - How to achieve GDPR compliance in your call or contact center
    - How to use existing data security frameworks like the PCI DSS to simplify compliance efforts
    - How to improve data security inside your contact center while enabling a more seamless customer experience

    Additionally, registrants will receive a free copy of Semafone's GDPR Guide for Contact Centers.

    Reserve your space now!

    About Jay Trinckes:

    John ‘Jay’ Trinckes, Jr., CISSP, CISM, CRISC, HITRUST CSF Practitioner leads NCC Group’s healthcare practice by assisting clients in managing their IT risk to ensure they are not subject to cyber-attack along with helping them validate their compliance with IT regulations such as HIPAA. Jay is the author of three books, “How Healthcare Data Privacy Is Almost Dead…and What Can Be Done to Revive It! (2017), "The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules" (2012), and "The Executive MBA in Information Security" (2009), and has a wide range of experience in computer networks, vulnerability and penetration testing, security, compliance, and risk assessment.
  • Don't Acquire Open Source Risks You're Not Aware Of
    Don't Acquire Open Source Risks You're Not Aware Of Daniel Kennedy, Research Director - Information Security, 451 Research; Phil Odence, GM – Black Duck On-Demand Recorded: Sep 19 2018 49 mins
    Modern applications are constructed using open source components. Most organizations understand they’re using open source. What they likely underestimate is its prevalence in their homegrown applications and the potential security and license compliance risks they assume if they’re not continuously monitoring those libraries. When companies merge or are acquired, that unknown risk is transferred, potentially to organizations with greater regulatory exposure. Join Daniel Kennedy, Research Director, Information Security, and Phil Odence, GM, Black Duck On-Demand, for a discussion of these risks and how to address them.
  • Automate the Dreaded Task of Software Asset Management
    Automate the Dreaded Task of Software Asset Management Gary Paquette, CTO, Mike Schmitt, Sr Director Product Marketing, Karen Hutton, Sr Director of Marketing, at Nlyte Oct 23 2018 9:00 am UTC 31 mins
    Nlyte’s Gary Paquette uncovers how you can automate discovery, management, and reporting with Nlyte Software Optimizer agentless software.

    What you will learn from the webinar:

    - Organic installation and distribution of software
    - Lack of visibility in current and new deployments
    - Matching databases to physical and virtual
    - Reconciliation between required services versus installed
    - Inaccurate systems, too many systems and files
  • Security in the Cloud: Identity Management, Access Control and Authentication
    Security in the Cloud: Identity Management, Access Control and Authentication Emma Bickerstaffe, Senior Research Analyst and Benoit Heynderickx, Principal Analyst, ISF LTD Oct 23 2018 12:00 pm UTC 45 mins
    Organisations increasingly rely on cloud services, motivated by the benefits of scalability, accessibility, flexibility, business efficiencies and reduced IT costs. However, there are several security implications that organisations need to address, including the challenge of verifying identity and managing access to cloud services.

    Cloud services bring added complexity to identity and access management, exacerbated by the distribution of data across a myriad of applications accessed by users from multiple devices and locations. Failure to adequately implement user authentication and access control in the cloud can be exploited by attackers to gain access to users’ credentials, manipulate systems and compromise data.

    In this webinar, Senior Research Analyst Dr Emma Bickerstaffe and Principal Analyst Benoit Heynderickx will discuss identity management, access control and user authentication in the cloud environment, and consider how organisations can effectively tackle this security concern.
  • Data Center Due Diligence:  Assessing Risk in Your Critical Infrastructure
    Data Center Due Diligence: Assessing Risk in Your Critical Infrastructure Matt Stansberry, Vice President - North America, Uptime Institute Oct 24 2018 4:00 pm UTC 60 mins
    Whether you are considering an expansion of existing facilities, consolidation of multiple data center sites, or an acquisition or divestiture of data center assets, this session will cover some key points to mitigate risk, identify the infrastructure and operational health of assets, management and operations, lifecycle considerations, and the overall resiliency of key data center assets.
  • GRC & IT Series: Using a NIST Based Approach to Align Cyber & Compliance
    GRC & IT Series: Using a NIST Based Approach to Align Cyber & Compliance Paul Schoeny, VP Cybersecurity, BAP Oct 24 2018 6:30 pm UTC 30 mins
    Join the GRC & IT Webinar Series for byte-sized sessions aimed at making federal regulations understandable and actionable.The NIST Cybersecurity Framework is quickly becoming the flagship program for managing cybersecurity risk. However, complying with the security standards can be a complicated process. Join us to take the guesswork out of NIST and learn:

    -To understand the security management provisions found in the NIST Framework
    -How to view the controls set forth in the Framework
    -How to measure your security success
    -To understand your IT risk tolerance
    -What teams should be involved and have responsibility?
  • Panel debate:Is Machine Learning and AI ready for mainstream in the data center?
    Panel debate:Is Machine Learning and AI ready for mainstream in the data center? Bruce Taylor, Data Center Dynamics, James Cribari, Cisco, John E Miller, IBM, Enzo Greco Nlyte Software Oct 30 2018 10:00 am UTC 62 mins
    This webinar will take you through how you can learn the reality and benefits of Machine learning and AI in data centers, from companies with significant and critical data center expertise.

    The presenters will address how AI will drive the performance, availability, resiliency and security demanded of modern digital infrastructure.

    Key issues to be addressed include:

    - Are self-diagnosis and self-healing a reality?
    - How will machine learning and AI optimize workload placement?
    - Will AI-enabled "in-stream" analytics drive the megascale cloud data center?

    Speakers:

    - Bruce Taylor, VP, Data Center Dynamics
    - James Cribari, Global Infrastructure Services Delivery Manager, Cisco
    - John E. Miller, STSM –Sr. Technical Staff Member, Infrastructure Support & Datacenter Services, IBM
    - Enzo Greco, Chief Strategy Officer, Nlyte Software
  • How Effective is Your Internal Audit Function?
    How Effective is Your Internal Audit Function? Alec Arons, Ed Williams, CIA, CRMA, Christine Dobrovich, CRMA, and C. Michael Baron, CIA, CISA, CFSA, AMLP of Experis Finance Oct 30 2018 4:00 pm UTC 60 mins
    Experis Finance is pleased to announce the third webinar in our Hot Topics series. Our goal is to provide you with a series of webinars that provide practical insights on topics of interest to internal audit, risk and compliance professionals, audit committees, and board members.

    Our third session covers Internal Audit Function Effectiveness.

    In this webinar, a panel of seasoned Internal Audit practitioners from Experis Finance will share their insights, experiences and recommendations on how Internal Audit functions can assess the effectiveness of their activities. With different drivers and many available possibilities, this is a classic “one size does not fit all” scenario. This session will help Internal Audit leaders understand the available options in order to determine the approach and methodology that best suits their individual situation and relevant stakeholders.

    During this webinar, we will address the following topics:
    •How is Internal Audit effectiveness defined and how can Internal Audit manage the competing expectations of their stakeholders (Senior Management, the Board, the Audit Committee, Regulators, External Auditors, etc.)?
    •What are the elements of the Quality Assurance and Improvement Program (QAIP) as defined by the IIA’s International Standards for the Professional Practice of Internal Auditing? Are there different options and possibilities for assessing Internal Audit effectiveness?
  • Get a “Clue” Regarding Your eDiscovery Process
    Get a “Clue” Regarding Your eDiscovery Process Doug Austin, Tom O'Connor, and Mike Quartararo Oct 31 2018 5:00 pm UTC 75 mins
    As evidenced by some high-profile recent eDiscovery disasters, managing eDiscovery projects is more complex than ever. Not only have the volume and variability of ESI data sources increased dramatically, but there are often more stakeholders in eDiscovery projects today than characters on the board game Clue©. Successful eDiscovery today means not only meeting your obligations, but also making sure that each stakeholder in the process succeeds as well. This CLE-approved* webcast will discuss the various participants in the eDiscovery process, what motivates each of them, and best practices on how to avoid becoming the next high-profile eDiscovery disaster. Topics include:

    + The Process: Managing the Project from Initiation to Close
    + The Phases: Managing the Flow of ESI Before and During the Process
    + The Players: Goals and Objectives of Each eDiscovery Stakeholder
    + Whodunnit?: Lessons Learned from a Large Financial Institution’s Mistakes
    + Whodunnit?: Lessons Learned from a Government Entity’s Mistakes
    + Whodunnit?: Lessons Learned from a Medical Center’s Mistakes
    + Recommendations for Avoiding Your Own Mistakes
    + Resources for More Information

    Presentation Leaders:

    Doug Austin is the VP of Products and Professional Services for CloudNine where he manages professional services consulting projects for CloudNine clients. Doug has over 25 years of experience providing legal technology consulting, technical project management and software development services to numerous commercial and government clients.

    Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems. Tom’s consulting experience is primarily in complex litigation matters.

    Mike Quartararo is the founder and managing director of eDPM Advisory Services. He is also the author of the 2016 book Project Management in Electronic Discovery, the only book to merge project management principles and best practices in electronic discovery.
  • Roadmap to Smarter Health and Safety Management
    Roadmap to Smarter Health and Safety Management Sam Abadir, VP of Industry Solutions, Lockpath Nov 1 2018 4:00 pm UTC 60 mins
    Safety is job number one in many organizations and employee health is an ongoing concern for firms. Both highlight the vital importance of health and safety management and its impact on operational risk. If workers are injured, are exposed to dangers, or are absent, they can't do their jobs and it impacts margins and goals. In this live webinar, Lockpath's Sam Abadir will share the roadmap to smarter health and safety, including:

    • Critical capabilities required for health and safety management
    • Strategies for streamlining OSHA compliance and reporting
    • Approaches for increasing accountability
    • Ideas for leveraging data for operational risk management

    Making health and safety management a higher priority at your company is possible. Discover the road to smarter health and safety by attending this educational webinar. Register now!
  • Offensive Security Testing for SAP HANA and Fiori; why you are at risk ...
    Offensive Security Testing for SAP HANA and Fiori; why you are at risk ... Ron Peeters, Synack; Uemit Uezdurmus; SAP; Holger Stumm, CEO of LOG2 Nov 6 2018 9:00 am UTC 60 mins
    SAP HANA environments have complex architectures with large attack surfaces and many potential breach points. They are often exposed and external facing to a large extent i.e. SAP FIORI applications. Traditional compliance-based pen tests and vulnerability scanning simply aren’t able to mimic sophisticated cyber attacks in order to find and fix exploitable vulnerabilities. This puts your organization at great risk of being compromised, data breaches and GDPR violations. So what are the options?

    Join this session as we outline the need for a smarter security testing solution that is offensive, mimics attacker behaviour, reduces your attack surface, and lowers vulnerabilities against sophisticated attacks. We will cover:

    How a crowd of elite security testers can be deployed rapidly to uncover serious vulnerabilities in your external facing SAP applications
    How a continuous offensive security approach to your SAP landscape is needed in support of modern agile SDLC / DevOps environments
  • Regulating financial benchmarks for European transactions
    Regulating financial benchmarks for European transactions Jeremy Jennings-Mares, partner and Peter Green, senior of counsel, Morrison & Foerster Nov 7 2018 4:00 pm UTC 60 mins
    The EU Benchmark Regulation came into force in June 2016 and most of its provisions came into effect at the start of 2018. It establishes a new regime for the authorisation and supervision of administrators (including non-EU administrators) of financial benchmarks that are used in the EU. We will consider the likely impact of the Regulation in the EU financial markets and look in detail at certain issues raised by market participants including:
    · Timetable for benchmark administrators to be authorised under the regulation and the extent to which administrators of pre-existing benchmarks can rely on 'grandfathering' relief up until 2020.
    · What indices are within the scope of the Regulation and when will an index be regarded as 'available to the public'?
    · What is meant by 'use' of a benchmark in the EU?
    · Are there any regulatory obligations on entities that contribute benchmark data?
    · What is the impact of Brexit on UK benchmark administrators?
  • GRC and IT Security Series: Addressing GDPR Security Provisions
    GRC and IT Security Series: Addressing GDPR Security Provisions Jeffrey Lush, CEO & Co-Founder, BAP Nov 7 2018 7:00 pm UTC 30 mins
    Join the GRC & IT Webinar Series for byte-sized sessions aimed at making federal regulations understandable and actionable. The European Union’s General Data Protection Regulation (GDPR) has been active for several months. Organizations find themselves building or refining a repeatable and scalable infrastructure to manage GDPR security controls. Join us to learn:
    -GDPR’s impact on Security, Data Protection and Compliance Programs
    -Key importance of continuous monitoring to demonstrate ROPA and to reduce risk of fines
    -The steps for implementing and maintain GDPR within your organization
    -How to align active threats with GDPR standards to know real-time if your organization is secure
    -Understand how continuous monitoring of GDPR control health can eradicate fines and failing GDPR assessment reports.
    -How to align the security objectives with NIST 800-53 security controls and map them to events, giving you complete accountable security.
  • Corporate Monitorship Policy Update
    Corporate Monitorship Policy Update Neil Keenan, Partner, and Mike Trahar, Director, Forensic Risk Alliance Nov 14 2018 4:00 pm UTC 75 mins
    DOJ Issues New Guidance on Corporate Monitors - How Can Your Company Prepare To Benefit?

    On October 11, DOJ issued guidance to clarify its existing policy for the appointment of monitors on companies that resolve criminal investigations. In evaluating the benefits of a monitor, DOJ will consider the underlying misconduct, whether the misconduct was pervasive and/or approved by senior management, the corporation's investment in compliance and internal controls improvements, and whether remedial improvements have been tested to demonstrate they would prevent or detect future misconduct. DOJ also will weigh the burdens of imposing a monitor, including the cost to the company and "whether the proposed scope of a monitor's role is appropriately tailored to avoid unnecessary burdens" to the company.

    FRA, which has been appointed to numerous corporate monitor roles, will discuss the practical implications of DOJ's guidance, including how a company in the midst of an investigation can prepare to argue against or narrowly tailor the scope of a corporate monitor.

    FRA will discuss its first-hand experience seeing the impact of a monitor on companies that have prepared well and those that have prepared poorly, including: coping with institutional fatigue; integrating disruptive changes in management, policies, and controls; and re-training employees.

    FRA will share best practices during an investigation to avoid a subsequent monitor, as well as suggest how to limit the scope of an appointed monitor, both temporally and with respect to the affected business units.
  • Fraudulent Wire Transfers in the Accounting Industry (1 CPE)
    Fraudulent Wire Transfers in the Accounting Industry (1 CPE) Ginger Johnson & Michael J Weber Nov 14 2018 6:00 pm UTC 75 mins
    Fraudulent wire transfers scams continue to plaque accounting firms nationwide. The FBI reports that fraudulent wire transfers have doubled since 2016. The new wave of scam e-mails have grown in their sophistication and appearance and no longer resemble clumsy “Nigeria” e-mails.
    Hear directly from the insurance company and lawyers on steps to prevent these fraudulent wire transfer scams and how to deal with a claim if this happens to your firm.

    Presented by Ginger Johnson & Michael J Weber - Michael J Weber Partner at Dinsmore. He focuses his practice on fidelity and surety bond claims/litigation, complex litigation, commercial law, transactional matters, general business matters/litigation and construction law. & Ginger Johnson is Specialty Claim Consultant at The Hanover Insurance Company working with Crime, Fidelity and first party Cybercrime claims up to $10M in the Management Liability Unit.
  • Not All Background Checks Are Created Equal
    Not All Background Checks Are Created Equal Nathan Rowe, Chief Technology Officer & Co-Founder , Evident Nov 14 2018 9:00 pm UTC 45 mins
    "Why Background Checks Should Be a Part of Your IT Security Program"

    The term “background check” is not particularly well-defined –– it can mean many different things to different companies, and can also vary from type to type (and from vendor to vendor), but ultimately, having the right background checks in place can help organizations avoid serious IT and cyber security issues.

    Those who have never purchased background checks can be understandably confused and overwhelmed by the broad range of options, when selecting the right check can be as simple as evaluating them based on a few key factors: cost, scope, diligence, and regulatory compliance.

    Determining the best checks for your specific business needs can be a challenging undertaking. Some companies require background checks that are more comprehensive, while others may opt for checks that are less detailed and less costly.

    In this webinar, we’ll discuss the most common background checks available today, how they support a comprehensive IT cyber security program, and their applications in several different use cases, ranging from small businesses to enterprise-level organizations.

    Key takeaways:
    - Complete summary of all primary background check types
    - How background checks support a comprehensive (and compliant) cyber security program
    - Examples of which background checks work for specific company and industry use cases
    - Learn how automating background checks can minimize friction and reduce liability
  • GDPR Compliance - Getting it right now, and in the future
    GDPR Compliance - Getting it right now, and in the future Nathalie Semmes, KPMG and Guy Mettrick, Appian Nov 15 2018 2:00 pm UTC 45 mins
    Webinar presented by Appian and KPMG - 15 November 2018 2pm GMT.

    Following the GDPR deadline on the 25th May, organisations are still very unprepared for GDPR compliance, some have gone as far as to do a data cleanse and conduct consent campaigns, but very little has been done to operationalise GDPR compliance for the long term.

    Appian and KPMG have simplified the ability to comply with GDPR with a solution built to address the current state of GDPR and adapt to future requirements. Appian and KPMG provide the power and peace of mind enterprises require to ensure compliance, protect customer data - as well as reputations - in order to stay competitive and win.

    Appian’s digital transformation platform has been used by KPMG to create five GDPR compliance privacy modules that are marketed and sold as an out-of-the-box solution. Existing and future Appian customers thus have the choice between using the proven Appian capabilities to deliver their own GDPR technology enablement or to license the KPMG solution.

    The campaign is designed to increase Appian brand awareness in Financial Services & Insurance and drive ABM inbound leads. Whilst the majority of content will be directed more so in the direction of financial services and insurance, there is still significant relevance for broad market customers due the encompassing nature of GDPR.
  • GRC & IT Security Series: The Risk Management Framework forToday's GRC Concerns
    GRC & IT Security Series: The Risk Management Framework forToday's GRC Concerns Paul Schoeny, VP Cybersecurity, BAP Nov 28 2018 7:00 pm UTC 30 mins
    Join the GRC & IT Webinar Series for the byte-sized sessions aimed at making federal regulations understandable and actionable. What is the NIST Risk Management Framework (RMF)? Simply put: The RMF provides steps/activities to manage your organizations risk and to develop an effective information security program applied to legacy and new systems. Join BAP as we breakdown the six steps identified in the RMF and:
    -Understand what is your cyber policy
    -Break down the six steps found within RMF
    -Establish a baseline of control policies
    -Gain tips for accelerating your control and policy management needs
    -Automate Continuous Monitoring
    -Understand how continuous monitoring of NIST and RMF control health can eradicate failing health scores.
  • GRC & IT Security Series: Financial & Banking Service Regulations: SEC, PII, PCI
    GRC & IT Security Series: Financial & Banking Service Regulations: SEC, PII, PCI Jeffrey Lush, CEO & Co-Founder, BAP Dec 12 2018 7:00 pm UTC 30 mins
    Join the GRC & IT Webinar Series for byte-sized sessions aimed at making federal regulations understandable and actionable. Often understanding the interpretation of SEC Cybersecurity Guidance, PII and PCI can be difficult and is often more of an art than a science. The objective of every organization is to provide cybersecurity protection and compliance with the standards established within these regulations. Join us to discover the steps you need to develop your cyber strategy and:

    -Understand the SEC, PII and PCI regulations
    -Focus on the security objectives all regulations are hoping to achieve
    -Learn how to leverage your existing cyber investment, augment the tools you already have for real-time threat detection
    -Understand how continuous monitoring of Policy control health can eradicate failing scores.
    -Automate cyber standards, policy, and compliance
    -Learn how to build and discover your cyber standard needs
    -Analyze and validate the implementation of those standards
  • GRC & IT Security Series: Healthcare Compliance & Security: Understanding HIPAA
    GRC & IT Security Series: Healthcare Compliance & Security: Understanding HIPAA Paul Schoeny, VP Cybersecurity, BAP Jan 9 2019 7:00 pm UTC 30 mins
    Join the GRC & IT Webinar Series for byte-sized sessions aimed at making federal regulations understandable and actionable.HIPAA compliance remains critical for all healthcare organizations to combat security breaches. It is no surprise that the Healthcare industry remains one of the top targets for cyber-attacks. To avoid hefty fines and to gain the eagle eye view of the overall health of the organizations, GRC, IT Security and Compliance teams are quickly developing strategies to mitigate security breaches and achieve compliance to HIPAA. Join this bite-sized webinar to learn how organizations are tackling HIPAA.
    -Understand the policies and controls set forth in HIPAA
    -Understand how traditional compliance methods invite risk
    -Understand how continuous monitoring of HIPAA control health can eradicate failing health scores.
    -Discuss the innovations happening to drive automation of security breach policy and policy health oversight
    -See checks and balances to confirm implementation and policy health.
  • GRC & IT Security Series: Tips and Tricks for FISMA, HIPAA, PCI, PII
    GRC & IT Security Series: Tips and Tricks for FISMA, HIPAA, PCI, PII Jeffrey Lush, CEO & Co-Founder, BAP Jan 23 2019 7:00 pm UTC 30 mins
    Join the GRC & IT Webinar Series for byte-sized sessions aimed at making federal regulations understandable and actionable. The challenge: achieving compliance against regulations such as FISMA, HIPAA, CCPA, GDPR, PCI and PII, among others. In this webinar quickly learn best practices in Information Assurance to automate regulation and compliance to achieve accountable security using controls, policies and more than check-the-box actions.
    -Techniques to adopt to automate policy and control mapping
    -Steps to improve your ability to see the over health of your environment