Understanding and complying with the PCI Data Security Standard (PCI DSS) can be a daunting task - especially if your organization has limited time and resources. The new PCI DSS 2.0 standard, which took effect Jan. 1, requires testing a virtualized environment to ensure that if you put multiple acc
Understanding and complying with the PCI Data Security Standard (PCI DSS) can be a daunting task - especially if your organization has limited time and resources. The new PCI DSS 2.0 standard, which took effect Jan. 1, requires testing a virtualized environment to ensure that if you put multiple accounts onto a single processor, there is still segregation of data and all the data is protected.
Many organizations have already gone forward with virtualization products and strategies without first establishing standards or ensuring they have the proper tools in place. With such strict requirements now in operation, these organizations risk failing PCI audits if they don't pay close attention to the new updates and implement the correct procedure..
In this discussion we will address the challanges and opportunities companies face under the new standard. Our expert panel will discuss PCI compliance best practices, and we will take a QSA's look at specific virtualization security recommendations.
Attendees will learn how taking a risk-based approach to the security assessment process will help you achieve PCI DSS 2.0 compliance.
RecordedMar 10 201158 mins
Your place is confirmed, we'll send you email reminders
Between constraints of IT security skills and the rise of cloud adoption it is increasingly difficult to control security policies across the heterogeneous network. Network security and operations teams are expected to ensure and initiate connectivity while protecting the attack surface from the next cyber threat and complying with internal policies and industry regulations. Join us for a Webinar session with ESG senior principal analyst Jon Oltsik, as he reviews the latest findings of a recent survey on how cloud adoption is transforming network security operations. In this session we will also examine how security policy orchestration can help address some of the key challenges of managing security and connectivity in the cloud, and across hybrid cloud and physical networks.
No registration required – EMC World 2016 is under way and StorageSwiss is there. Join me as I sit down with George Crump, Lead Analyst at Storage Switzerland. In this live podcast we will do more than just give you the news, we will give you our analysis of what the news means for EMC and for your organization.
Join us live on May 3rd at 9am ET or on-demand afterward. No registration required.
This event is designed for Heads of ERM, ERM Directors, ERM Managers, and other direct reports of the Chief Risk Officer. It is designed to teach the basics and also best practices of conducting a successful risk assessment workshop plus tactics for impactful workshop facilitation. Participants will learn a number of tactical ERM practices that can be implemented immediately.
Los datos no estructurados de la empresa son cada vez más un activo imprescindible para los servicios y procesos de negocio. Sin embargo, su crecimiento exponencial hace que las tecnologías tradicionales de protección de este tipo de datos sean no solo ineficientes sino incapaces de responder a las necesidades de disponibilidad en entornos empresariales.
En este webinar veremos tres áreas de innovación de Commvault que permiten responder a las necesidades de protección de datos no estructurados:
-En la primera parte, expondremos las novedades en la tecnología IntelliSnap, que permite la integración con nuevos fabricantes y la gestión de réplicas de volúmenes; asimismo hablaremos de la nueva tecnología de captura de bloques que extiende el concepto de protección continua y consistente a cualquier tipo de sistema de ficheros y base de datos, para disponer de un número ilimitado de puntos de recuperación de acceso nativo.
-En la segunda, revisaremos cómo la nueva versión del software de Commvault expande sus capacidades a entornos de Big Data. De acuerdo con Gartner, más de tres cuartas partes de las empresas tienen iniciativas de Big Data, y por lo tanto la necesidad de gestionar la disponibilidad de estos datos es un reto que debe resolverse a corto plazo.
-Por último, repasaremos cómo las soluciones NAS hiperescalables exigen de tecnologías innovadoras para poder garantizar la protección y acceso a los datos que almacenan.
Únase a nosotros para conocer cómo la Plataforma de Gestión de Datos de Commvault le permite cumplir sus SLA de disponibilidad de datos no estructurados, independientemente de la tecnología que elige para almacenar y gestionar estos activos de su negocio.
Like many organisations, Prudential has to ensure it protects sensitive data. Getting it right results in satisfied customers, regulators and shareholders and avoids the reputational damage and legal penalties associated with a data breach. With the forthcoming EU General Data Protection Regulation now agreed for implementation, we think now is the right time for organisations to review their data governance and protection requirements. During this webinar we will cover today’s challenges in ensuring good data governance and enter into a panel discussion with Prudential about their approach and lessons learned, including their implementation of Symantec Data Loss Prevention and Boldon James data classification technology. There will also be an opportunity to engage in a Question and Answer session.
So if you want to give your data governance program a head start, register today.
High Availability doesn’t trump Disaster Recovery and there is nothing simple about creating a recovery capability for your business – unless you have a set of data protection and business continuity services that can be applied intelligently to your workload, managed centrally, and tested non-disruptively. The good news is that developing such a capability, which traditionally required the challenge of selecting among multiple point product solutions then struggling to fit them into a coherent disaster prevention and recovery framework, just got a lot easier.
Join us and learn how DataCore’s Software-Defined Storage platform provides the tools you need and a service management methodology you require to build a fully functional recovery strategy at a cost you can afford.
The emergence of Big Data has driven the need for a new data platform within the enterprise. Apache Hadoop has emerged as the core of that platform and is driving transformative outcomes across every industry.
Attend this webcast to understand:
•How you could leverage the unique advantages of Open Enterprise Apache Hadoop with an overview of the technology
•How it fits within the enterprise, and gain insight into some of the key initial use cases that are driving these transformations
•How Microsoft Azure provides a first-class support for your Linux-based Apache Hadoop applications
•How easy it is to create a HDP cluster in Microsoft Azure and data movement automation for disaster recovery scenarios between your on-premises HDP cluster and your HDP cluster running in Azure
Mathieu Gorge, VigiTrust; Terence Spies, HPE Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire
There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.
This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
Rebecca Herold (The Privacy Professor); Duncan Jones, Forrester; Yo Delmar, MetricStream; Neil Hooper, Rsam
In a landscape filled with new threats and regulations managing the risks of 3rd party vendors is vitally important. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential 3rd party risks. They want to see organizations proactively identifying potential risks, verifying that business partners providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents.
During this webcast our panel will specifically address the practical 'how to's' around identifying and reducing the risks of 3rd party vendors, and we will focus on:
- Typical risks resulting from third party relationships
- Common deficiencies of vendor management practices used during the on-boarding process, and the life of the relationship
- Moving from a reactive to a proactive (preventative) vendor management process
- Real world examples will be used to illustrate the key points and recommendations
Dr Branden Williams; Mason Karrer, RSA; Stuart Hince, HPE Data Security, Emma Sutcliffe, PCI SSC
Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.
In a landscape filled with new threats and new regulations, risk management has never been more critical. On this webinar we will look at ways to address the SSL and TLS vulnerabilities by implementing a pragmatic risk migration plan. Join us to learn about innovative data-centric protection technologies that mitigate risk, enable compliance, and are all the more important – especially if potentially insecure transfer methods will continue to be used through mid-2018.
Eric Vanderburg, the "Sheriff of the Internet"; Yo Delmar, MetricStream, Vivek Shivananda, Rsam, and Joe Fantuzzi, RiskVision
In every organization, there are a multitude of applications and devices and a universe of threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements. It is no longer enough to have a handful of diligent security and compliance professionals managing the organization's risk strategies and controls. Their processes must embrace business and mission professionals’ knowledge of risk, who evaluate the causal impact of threats to their operational performance, and participate in decision-making to meet their risk posture goals.
Organizational GRC context is achieved by correlating business criticality, threat reachability, IT controls and vulnerabilities to optimize business performance through prioritized remediation, resulting in the desired risk posture with compliance governance. CIOs and CROs need to holistically integrate threat and vulnerability management processes into the broader IT governance and risk management program. This approach will allow IT organizations to not only deal with cyber-threats effectively, but also manage IT risks and compliance mandates more proactively.
Join this executive panel as we discuss ways to use threat and vulnerability management to enable your IT GRC program.
Moderator: Rebecca Herold (The Privacy Professor) Panel: RSA, HPE Security - Data Security, Booz Allen Hamilton
In 2014 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
Join this educational panel webinar to hear experts discuss how to establish a data protection plan and educate employees to maintain PCI compliance, and enforce basic security best practices and leverage technology solutions to prevent data breaches in 2016.
Brandon Dunlap, Managing Director of Research, BrightFly; Terence Spies, CTO, HP Security Voltage
In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders across all sectors. The growth of data is increasing exponentially, organizations are suffering from volatility across all risk types, and need to re-think their enterprise risk strategy. At the heart of this strategy is the need for a single consistent view of the data, and a data-centric, multi-platform approach to secure valuable customer and corporate data assets, end-to-end.
Join our experts as they discuss a new generation of risk technologies which use a holistic approach to data management and address the risks inherent when data is at rest in storage, in motion on the network, and in use in analytics and business processes.
Drew Wilkinson,Booz Allen Hamilton; Yo Delmar, MetricStream; Vivek Shivananda, Rsam
Managing third-party risk is a big undertaking. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Not only are the risks associated with third-party vendors increasing, but regulators are turning their attention to the need for organizations to manage IT vendor risk more effectively.
Organizations should start by compiling a comprehensive inventory of all partnering third-parties and their associated risks, which will enable management to segment IT vendor risk accordingly and focus efforts by priority. They should also designate a business owner for managing third-party relationships, and provide them with the right decision-making powers to establish a disciplined governance and escalation framework for dealing with incidents that occur.
By implementing such best practice organizations can streamline, automate and integrate IT Vendor governance, risk management, compliance, and audit programs, to build a new, more effective paradigm of supply chain performance. Join this education session as we address these key concepts and challenges for managing third-party risk to strengthen IT vendor governance.
Dr Branden Williams (Moderator); Terence Spies, HP Security Voltage; Chris White, Booz Allen Hamilton; Erez Schwarz, Imperva
Inadequate security and dedicated cyber attackers have led enterprise data breaches to increase at an alarming pace. Staggering numbers of affected customers - and financial losses - are sending shock waves through the business world, and creating a sense of urgency around identifying solutions. Finding a way to ward off cyber intruders has become a critical challenge.
There is a need to create value around company data. One way to do this is to ensure that the workforce knows and understands the threats that are out there and the measures that are in place to protect against them. Data security is not one size fits all, nor is a data security communication plan. Finding the ideal fit for any company may take trial and error, but an educated and mindful workforce will serve to support the mission of IT security teams tasked with keeping confidential information secure. Join this educational panel webinar to hear experts discuss how to realize data security potential across an enterprise.
Eric Kavanagh (Moderator); Paul Quanrud, TCS; Keith Breidt, Booz Allen Hamilton; Yo Delmar, MetricStream
As corporate information technology infrastructure increases in size and complexity, corporations are recognizing the need for a better mechanism for assessing IT's role and alignment to the key corporate initiatives. What began as a series of best practices has evolved into the field known as IT governance.
IT governance is no longer just a theoretical concept, it is a fundamental business necessity, and an iterative process which requires senior management commitment over the long term in order to see results. By implementing a business risk approach to IT governance corporations can deliver immediate benefits to the entire organization.
Join Eric Kavanagh, the Bloor Group; Paul Quanrud, TCS; Keith Breidt, BAH; and Yo Delmar, MetricStream; for this educational session as they address some of the key concepts and challenges with IT governance. They will answer as many questions as we can fit in to the 45 minute Q&A, and will provide research materials for you to takeaway.
If you would like to attend please confirm your position below.
Dr Branden Williams; Stuart Hince, HP Security Voltage; Chris Merritt, Lumension; Merritt Maxim, Forrester
The total number of fraudulent payment card transactions has grown every year since 2006, and experts are calling 2014 "the year of the breach." The Ponemon Institute found that each breach cost the average retailer $8.6 million in related expenses, and the price tag connected with a data breach increased across the board, reaching $20.8 million for financial service firms, $14.5 million for technology companies and $12.7 for communications providers.
With attacks continually on the rise, it's more important than ever that merchants protect themselves from the potentially huge financial losses and damages to their brand and customer loyalty associated with a data breach. Join this educational session to gain insights and some key steps to prevent payment card breaches across your organization.
With the increased regulation and scrutiny of the past decade, it is important for organizations to implement best practices in order to maintain control and achieve compliance with evolving regulatory requirements.
Compliance teams of the brave new world are set up to discuss risks with the key business leaders, and have sufficient resources to ensure company compliance programs are implemented effectively. Their software applications for managing enterprise governance, risk management, and compliance (eGRC) continue to mature with impressive features and functions, and they are making notable strategic advances by linking these three business functions for more informed decision-making, to reduce risk exposure, lower audit costs, and demonstrate compliance.
To replicate similar success in your eGRC program, you will need to focus on selling GRC value, practicing good GRC project management, and embedding GRC into corporate culture. Join this educational panel webinar as our experts delve deeper into this, and identify the best practices for implementing an eGRC program in 2015.
Moderator: Branden Williams. Panel: Ralph Spencer Poore, PCI SSC; Terence Spies, HP Voltage; Scott Carcillo, Merchant Link
Data breaches are a widespread problem with over 1.1 billion records compromised in the last 10 years. According to the Verizon 2014 Data Breach Investigations Report, the vast majority of breaches occurred against small to mid-sized companies.
As a result many retailers are focused on bolstering payment security and reducing fraud by implementing solutions such us EMV, End-to-end encryption (E2EE), and Tokenization. These solutions can work in tandem to protect merchants, and enable them to exceed regulatory requirements by securing card data across all payment environments.
In this session our experts will present and define the three technologies, address the drivers that are leading the United States to implement EMV, and explain the complementary role of Tokenization with respect to EMV and End-to-end encryption.
Moderated by Branden Williams. Emma Sutcliffe, PCI SSC; Terence Spies, Voltage Security; Matt Getzelman, Coalfire
* On this webcast we're giving away a pass ($2,490 value) to our partner event: The 3rd Annual Stress Testing USA Congress being held in NYC on March 18-19, 2015. All attendees will be included in the draw.
The clock is ticking for enterprises that have not yet upgraded their payment card processing systems to be compliant with Payment Card Industry Data Security Standard (PCI DSS) 3.0. Since Jan. 1, 2015 , there is increasing urgency to not only understand the most important changes in PCI DSS 3.0, but also to be ready for a rigorous QSA assessment against those changes. Since PCI 3.0 is bigger, harder and more expensive than the previous iteration, merchants have their work cut out for them.
PCI DSS founding member, Visa Inc. recently changed its policy on compliance assessments for the PCI DSS. More specifically, Visa decided that merchants who meet a stringent set of criteria including processing 75% of transactions using "Chip and PIN" enabled terminals, may be able to apply for an exemption from PCI DSS assessment requirements. Unfortunately, not all merchants are aware of the change, and fewer understand what it means.
In this special presentation, our expert panel will explain the changes and their implications, and offer a detailed review of PCI DSS 3.0 to help enterprises prepare for assessments and make PCI compliance a whole lot easier.
Brandon Dunlap, Brightfly; Vidya Phalke, MetricStream; Sudeep Venkatesh, Voltage; Rebecca Herold, The Privacy Professor
In 2015 the size of the digital universe will be tenfold what it was in 2010. Large-scale data breaches are on the rise across all sectors, and enterprise data security initiatives must evolve to address new and growing threats. Consumer transactions, personally identifiable information, customer records, and the like, all flowing together into the Hadoop ‘data lake’, will enable critical business insights but also means Hadoop installations will be a rich target for cyber-crime.
Organizations are now faced with more stringent and expanding regulations, and must implement better governance, more effective risk management policies, and smarter data management approaches to enable them to do a much better job of controlling their business through the information explosion. As companies look at GRC technology, they should assess the capability of these solutions to deliver continuous monitoring of controls, key risk and security indicators, policies, and ensure they are natively integrated with critical business systems.
We invite you to attend this round-table webinar as our panel of experts will discuss top guidelines for Hadoop security and governance in 2015, and provide guidance for assessing new technology solutions to ensure they will achieve your objectives.
Branden Williams, Moderator; Ralph Spencer Poore, PCI SSC; Terence Spies; David Tushie; and Rajesh Sharma
More than 100 million Americans have lost personal information in a data breach over the last year, and identity theft is the fastest growing crime in the US. As a result, President Obama has launched a government initiative to support the US migration to EMV and improve information sharing on cyberfraud threats, and nearly half of US merchant terminals are expected to accept EMV cards by the end of next year.
As of October 1 of 2015, merchants and acquirers—not card issuers—will bear the financial burden resulting from fraudulent use of counterfeit, lost and stolen cards. It's a risk that's only mitigated by demonstration and documentation of EMV compliance. Beyond the liability shift, EMV holds promise as an enabler of secure mobile and e-commerce payments, with attractive PCI (Payment Card Industry) Security Standards-related benefits for merchants. Those who implement EMV contact- and contactless-enabled POS devices may be excused from PCI audits and the costs associated with them, creating further incentive to adopt EMV.
In this webinar, we'll discuss the details behind the migration to EMV, how the technology works, and some top security guidelines for EMV and Mobile Payments in 2015.