Hi [[ session.user.profile.firstName ]]

Social media in your business: The Risks vs. The Opportunities

Agenda.

1. THE NEED FOR STRATEGIES AND POLICIES
The widespread private use by employees is embraced by many businesses in their communications.

2. SOCIAL MEDIA COMPLIANCE POLICIES - some case studies

3. PROTECTION OF (FAIR USE OF) INTELLECTUAL PROPERTY:
The policies and procedures on the proper business use of social media should address the protection of intellectual property, but also consider and respect the interest of preserving the public domain and fair use/dealing, of stimulating fair competition and innovation.

4. REGULATORY REQUIREMENTS ON THE USE OF SOCIAL MEDIA
Following the distinction in legal cultures, every regulator of financial markets and services providers has its own, separate compliance framework. Nevertheless, many regulators expect or even require that parties under regulation have supervisory policies, procedures, systems and internal controls to monitor all electronic communications technology used by the party and its associated persons to conduct the business of the party.
Recorded Apr 13 2011 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Boris Agranovich, Founder of GlobalRisk Consult
Presentation preview: Social media in your business: The Risks vs. The Opportunities

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Data-centric Security with Classification, Encryption, & File Protection Jun 27 2017 5:00 pm UTC 60 mins
    HPE Security - Data Security
    Launching Data-centric Security with Classification, Encryption, and File Protection
  • Key Steps to Implement & Maintain PCI DSS Compliance in 2017 Feb 28 2017 6:00 pm UTC 60 mins
    HPE Security - Data Security
    Key Steps to Implement & Maintain PCI DSS Compliance in 2017
  • Advancing Business Performance: Align IT Vendor Risk to ERM Jan 24 2017 6:00 pm UTC 60 mins
    Scott Roller 3WP; Yo Delmar, MetricStream, HPE Security -Data Security
    Growing exposure to IT risks has made organizations across industries volatile. Recent IT vendor incidents like data and security beaches, violation of privacy guidelines, which caused substantial fines, penalties, brand value, highlight that IT vendor risks are business risks and require focus from the leadership. An immature ITVRM programs limits the insights which are necessary for strengthening vendor relationships and building a robust ERM program. Rather than treating each risk in isolation, organizations need to have an integrated approach to manage risks holistically and in line with their business operations and objectives. With the growing dependency on IT and IT vendors, organizations need align enterprise and IT VRM objectives to build a resilient framework suitable for today’s environment.

    During the session, panelists will discuss how organizations can strengthen vendor management in the current landscape and improve business performance.

    - Causes of Vendor Risks incidents and the impact on the enterprise
    - Best approach to align IT vendor risk to enterprise risk
    - Building mature VRM Program
    - Role of technology in integrating Vendor risk to Enterprise risk management
  • Evolving an Enterprise Risk Management Program Recorded: Nov 17 2016 76 mins
    Colin Whittaker, Russell McGuire, Riskonnect; Yo Delmar, MetricStream; Albert Biketi, HPE; and Marshall Toburen, RSA
    Organizations are suffering from volatility across all risk types, and in every organization, there are a multitude of applications and devices with threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements, and senior management are being pressured to improve enterprise risk management capabilities.

    An organization’s enterprise risk management (ERM) program can be a powerful management tool for achieving strategic and operational objectives, but it can be difficult to maintain and grow over time. If an ERM program is not moving forward it stagnates, so executives need to implement a program that evolves with the times. Implementation has its challenges but there are a range of responses that can be effective for each ERM program challenge. In this webinar our experts discuss these responses and address some of the ways to implement an evolving GRC program that gets boardroom backing.
  • IT Security & Privacy Governance in the Cloud Recorded: Oct 18 2016 61 mins
    Moderated by Rebecca Herold, The Privacy Professor; Jacqueline Cooney, BAH, Daniel Catteddu, CSA, Chris Griffith from HPE
    After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.

    While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
  • Data-Centric Security: Staying Ahead of the Threat Curve Recorded: Sep 21 2016 60 mins
    Dr Branden Williams; Robert Shields, Informatica; Steve Durbin, VP of the ISF; Farshad Ghazi, HPE Security - Data Security
    Over recent years, several organizations have suffered damaging data breaches where sensitive data was stolen.Alarmingly, things seem to be getting worse, and the results can be devastating. With the expanding threat landscape and the rise of the data-centric enterprise, companies must have parallel development of their security architecture to protect their sensitive data. But in the time it’s taken for data security to catch up with the changing environment, organizations have found their compliance and data protection programs vulnerable.

    CISOs must take steps to protect data that is expanding in volume, variety and velocity, and adopt security perimeters around identity attributes and data-centric security. Sensitive data must be continuously monitored for situational awareness and risk management, and CISOs should follow policies that encompass all data silos if they are to avoid security chaos. Enterprises must have an understanding of where sensitive data resides, who has access to it, and how it is impacted by new types of threats and vulnerabilities. Armed with these capabilities, CISOs can enhance sensitive data security to stay ahead of the threats, maintain regulatory compliance, and improve operational efficiency.

    Attend this panel discussion as we discuss the key issues which CISOs should be addressing today.
  • The GRC Evolution of Digital Enterprises with Convergence of ERM & Cybersecurity Recorded: Aug 25 2016 62 mins
    Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
    Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.

    Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.

    Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
  • Delivering Data Security with Hadoop and the IoT Recorded: Aug 9 2016 62 mins
    Robert D. Schneider, Partner at WiseClouds LLC, Reiner Kappenberger, HPE Security - Data Security
    The Internet of Things (IoT) is here to stay, and Gartner predicts there will be over 26 billion connected devices by 2020. This is driving an explosion of data which offers tremendous opportunity for organizations to gain business value, and Hadoop has emerged as the key component to make sense of the data and realize the maximum value. On the flip side the surge of new devices has increased potential for hackers to wreak havoc, and Hadoop has been described as the biggest cybercrime bait ever created.

    Data security is a fundamental enabler of the IoT, and if it is not prioritised the business opportunity will be undermined, so protecting company data is more urgent than ever before. The risks are huge and Hadoop comes with few safeguards, leaving it to organizations to add an enterprise security layer. Securing multiple points of vulnerability is a major challenge, although when armed with good information and a few best practices, enterprise security leaders can ensure attackers will glean nothing from their attempts to breach Hadoop.

    In this webinar we will discuss some steps to identify what needs protecting and apply the right techniques to protect it before you put Hadoop into production.
  • Combating Targeted Attacks to Protect Payment Data and Identify Threats Recorded: Jun 22 2016 61 mins
    Moderator: Colin Whittaker, PCI Industry Alumni; George Rice, HPE Security; Mike Urban, Javelin, Miguel Gracia,CardConnect
    The face of the threat landscape is becoming increasingly sophisticated and highly targeted. Advanced threats are succeeding in their effort to gain access to payment data of target organizations. CISOs, CXOs, and other executives need to become knowledgeable about the potential impacts of targeted attacks and advanced persistent threats. They need to become actively engaged in developing and implementing effective protective strategies.

    During this webinar we will discuss recommendations and best practices to help organizations develop a sustainable security program designed to respond quickly to targeted attacks and minimize the consequences of any data breaches.
  • PCI DSS: Preventing Costly Cases of Non Compliance Recorded: May 24 2016 62 mins
    Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • How to Identify and Reduce the Risks of 3rd Party Vendors Recorded: Apr 12 2016 60 mins
    Rebecca Herold (The Privacy Professor); Duncan Jones, Forrester; Yo Delmar, MetricStream; Neil Hooper, Rsam
    In a landscape filled with new threats and regulations managing the risks of 3rd party vendors is vitally important. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential 3rd party risks. They want to see organizations proactively identifying potential risks, verifying that business partners providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents.

    During this webcast our panel will specifically address the practical 'how to's' around identifying and reducing the risks of 3rd party vendors, and we will focus on:

    - Typical risks resulting from third party relationships
    - Common deficiencies of vendor management practices used during the on-boarding process, and the life of the relationship
    - Moving from a reactive to a proactive (preventative) vendor management process
    - Real world examples will be used to illustrate the key points and recommendations
  • Implementing a Risk Migration Plan for PCI DSS 3.1 Recorded: Mar 22 2016 61 mins
    Dr Branden Williams; Mason Karrer, RSA; Stuart Hince, HPE Data Security, Emma Sutcliffe, PCI SSC
    Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.

    In a landscape filled with new threats and new regulations, risk management has never been more critical. On this webinar we will look at ways to address the SSL and TLS vulnerabilities by implementing a pragmatic risk migration plan. Join us to learn about innovative data-centric protection technologies that mitigate risk, enable compliance, and are all the more important – especially if potentially insecure transfer methods will continue to be used through mid-2018.
  • Threat and Vulnerability Management: A Key Enabler of Your IT GRC Program Recorded: Feb 24 2016 62 mins
    Eric Vanderburg, the "Sheriff of the Internet"; Yo Delmar, MetricStream, Vivek Shivananda, Rsam, and Joe Fantuzzi, RiskVision
    In every organization, there are a multitude of applications and devices and a universe of threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements. It is no longer enough to have a handful of diligent security and compliance professionals managing the organization's risk strategies and controls. Their processes must embrace business and mission professionals’ knowledge of risk, who evaluate the causal impact of threats to their operational performance, and participate in decision-making to meet their risk posture goals.

    Organizational GRC context is achieved by correlating business criticality, threat reachability, IT controls and vulnerabilities to optimize business performance through prioritized remediation, resulting in the desired risk posture with compliance governance. CIOs and CROs need to holistically integrate threat and vulnerability management processes into the broader IT governance and risk management program. This approach will allow IT organizations to not only deal with cyber-threats effectively, but also manage IT risks and compliance mandates more proactively.

    Join this executive panel as we discuss ways to use threat and vulnerability management to enable your IT GRC program.
  • Best Practices to Prevent Data Breaches in 2016 Recorded: Dec 10 2015 64 mins
    Moderator: Rebecca Herold (The Privacy Professor) Panel: RSA, HPE Security - Data Security, Booz Allen Hamilton
    In 2014 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.

    Join this educational panel webinar to hear experts discuss how to establish a data protection plan and educate employees to maintain PCI compliance, and enforce basic security best practices and leverage technology solutions to prevent data breaches in 2016.
  • Enterprise Risk – Taming the Devil in the Data Recorded: Nov 12 2015 60 mins
    Brandon Dunlap, Managing Director of Research, BrightFly; Terence Spies, CTO, HP Security Voltage
    In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders across all sectors. The growth of data is increasing exponentially, organizations are suffering from volatility across all risk types, and need to re-think their enterprise risk strategy. At the heart of this strategy is the need for a single consistent view of the data, and a data-centric, multi-platform approach to secure valuable customer and corporate data assets, end-to-end.

    Join our experts as they discuss a new generation of risk technologies which use a holistic approach to data management and address the risks inherent when data is at rest in storage, in motion on the network, and in use in analytics and business processes.
Empowering the GRC Community
The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Social media in your business: The Risks vs. The Opportunities
  • Live at: Apr 13 2011 4:00 pm
  • Presented by: Boris Agranovich, Founder of GlobalRisk Consult
  • From:
Your email has been sent.
or close