For many years complying with government standards and industry regulations has been seen as a check box in the lengthy list of IT security tasks. However, most recent changes in the environment and increased cyber security threats have led to a rethinking of this approach. With more than 365 security incidents reported in 2011 affecting over 126 million records, many organizations are rethinking the way they approach security, risk management, and compliance.
Technologies like virtualization, cloud computing, and social networking present companies with major opportunities to develop their businesses. However, it is important to keep one eye firmly fixed on the associated risks and businesses should be prepared for these incidents before they occur. More and more organizations realize that instead of looking at Governance, Risk, and Compliance from a centralized perspective, it is more efficient to let business operations drive these efforts as that 's where the organization's risk knowledge resides. Join this session for insights on:
* The challenges faced by senior executives in managing risk in the changing landscape.
* Successful approaches to tackle risk and its associated controls by business unit.
* Key steps to identify and address emerging risk.
* How to classify and manage unknown risk.
* Pitfalls to avoid when trying to automate risk management efforts.
* Getting the attention of executives to make sure that enough attention is being paid to the risk.
* How Compliance is tied to Risk Management in the context of business.
RecordedOct 3 201262 mins
Your place is confirmed, we'll send you email reminders
Organizations are suffering from volatility across all risk types, and senior management are being pressured to improve enterprise risk management capabilities. An organization’s enterprise risk management (ERM) program can be a powerful management tool for achieving strategic and operational objectives, but it can be difficult to maintain and grow over time. If an ERM program is not moving forward it will stagnate, so executives need to implement a program that evolves with the times. A key factor in consistent ERM program development is evolution in a planned but flexible manner, supported by a common understanding of objectives and defined steps for improving program capabilities.
Implementation has its challenges, however, there are a range of responses that can be effective for each ERM program challenge. In this webinar our experts discuss these responses and address some of the ways to implement and evolving GRC program that gets boardroom backing.
Moderated by Rebecca Herold, The Privacy Professor; Jacqueline Cooney from Booz Allen Hamilton and Chris Griffith from HPE
After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.
While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
Dr Branden Williams; Robert Shields, Informatica; Steve Durbin, VP of the ISF; Farshad Ghazi, HPE Security - Data Security
Over recent years, several organizations have suffered damaging data breaches where sensitive data was stolen.Alarmingly, things seem to be getting worse, and the results can be devastating. With the expanding threat landscape and the rise of the data-centric enterprise, companies must have parallel development of their security architecture to protect their sensitive data. But in the time it’s taken for data security to catch up with the changing environment, organizations have found their compliance and data protection programs vulnerable.
CISOs must take steps to protect data that is expanding in volume, variety and velocity, and adopt security perimeters around identity attributes and data-centric security. Sensitive data must be continuously monitored for situational awareness and risk management, and CISOs should follow policies that encompass all data silos if they are to avoid security chaos. Enterprises must have an understanding of where sensitive data resides, who has access to it, and how it is impacted by new types of threats and vulnerabilities. Armed with these capabilities, CISOs can enhance sensitive data security to stay ahead of the threats, maintain regulatory compliance, and improve operational efficiency.
Attend this panel discussion as we discuss the key issues which CISOs should be addressing today.
Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.
Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.
Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
Robert D. Schneider, Partner at WiseClouds LLC, Reiner Kappenberger, HPE Security - Data Security
The Internet of Things (IoT) is here to stay, and Gartner predicts there will be over 26 billion connected devices by 2020. This is driving an explosion of data which offers tremendous opportunity for organizations to gain business value, and Hadoop has emerged as the key component to make sense of the data and realize the maximum value. On the flip side the surge of new devices has increased potential for hackers to wreak havoc, and Hadoop has been described as the biggest cybercrime bait ever created.
Data security is a fundamental enabler of the IoT, and if it is not prioritised the business opportunity will be undermined, so protecting company data is more urgent than ever before. The risks are huge and Hadoop comes with few safeguards, leaving it to organizations to add an enterprise security layer. Securing multiple points of vulnerability is a major challenge, although when armed with good information and a few best practices, enterprise security leaders can ensure attackers will glean nothing from their attempts to breach Hadoop.
In this webinar we will discuss some steps to identify what needs protecting and apply the right techniques to protect it before you put Hadoop into production.
Moderator: Colin Whittaker, PCI Industry Alumni; George Rice, HPE Security; Mike Urban, Javelin, Miguel Gracia,CardConnect
The face of the threat landscape is becoming increasingly sophisticated and highly targeted. Advanced threats are succeeding in their effort to gain access to payment data of target organizations. CISOs, CXOs, and other executives need to become knowledgeable about the potential impacts of targeted attacks and advanced persistent threats. They need to become actively engaged in developing and implementing effective protective strategies.
During this webinar we will discuss recommendations and best practices to help organizations develop a sustainable security program designed to respond quickly to targeted attacks and minimize the consequences of any data breaches.
Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire
There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.
This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
Rebecca Herold (The Privacy Professor); Duncan Jones, Forrester; Yo Delmar, MetricStream; Neil Hooper, Rsam
In a landscape filled with new threats and regulations managing the risks of 3rd party vendors is vitally important. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential 3rd party risks. They want to see organizations proactively identifying potential risks, verifying that business partners providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents.
During this webcast our panel will specifically address the practical 'how to's' around identifying and reducing the risks of 3rd party vendors, and we will focus on:
- Typical risks resulting from third party relationships
- Common deficiencies of vendor management practices used during the on-boarding process, and the life of the relationship
- Moving from a reactive to a proactive (preventative) vendor management process
- Real world examples will be used to illustrate the key points and recommendations
Dr Branden Williams; Mason Karrer, RSA; Stuart Hince, HPE Data Security, Emma Sutcliffe, PCI SSC
Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.
In a landscape filled with new threats and new regulations, risk management has never been more critical. On this webinar we will look at ways to address the SSL and TLS vulnerabilities by implementing a pragmatic risk migration plan. Join us to learn about innovative data-centric protection technologies that mitigate risk, enable compliance, and are all the more important – especially if potentially insecure transfer methods will continue to be used through mid-2018.
Eric Vanderburg, the "Sheriff of the Internet"; Yo Delmar, MetricStream, Vivek Shivananda, Rsam, and Joe Fantuzzi, RiskVision
In every organization, there are a multitude of applications and devices and a universe of threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements. It is no longer enough to have a handful of diligent security and compliance professionals managing the organization's risk strategies and controls. Their processes must embrace business and mission professionals’ knowledge of risk, who evaluate the causal impact of threats to their operational performance, and participate in decision-making to meet their risk posture goals.
Organizational GRC context is achieved by correlating business criticality, threat reachability, IT controls and vulnerabilities to optimize business performance through prioritized remediation, resulting in the desired risk posture with compliance governance. CIOs and CROs need to holistically integrate threat and vulnerability management processes into the broader IT governance and risk management program. This approach will allow IT organizations to not only deal with cyber-threats effectively, but also manage IT risks and compliance mandates more proactively.
Join this executive panel as we discuss ways to use threat and vulnerability management to enable your IT GRC program.
Moderator: Rebecca Herold (The Privacy Professor) Panel: RSA, HPE Security - Data Security, Booz Allen Hamilton
In 2014 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
Join this educational panel webinar to hear experts discuss how to establish a data protection plan and educate employees to maintain PCI compliance, and enforce basic security best practices and leverage technology solutions to prevent data breaches in 2016.
Brandon Dunlap, Managing Director of Research, BrightFly; Terence Spies, CTO, HP Security Voltage
In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders across all sectors. The growth of data is increasing exponentially, organizations are suffering from volatility across all risk types, and need to re-think their enterprise risk strategy. At the heart of this strategy is the need for a single consistent view of the data, and a data-centric, multi-platform approach to secure valuable customer and corporate data assets, end-to-end.
Join our experts as they discuss a new generation of risk technologies which use a holistic approach to data management and address the risks inherent when data is at rest in storage, in motion on the network, and in use in analytics and business processes.
Drew Wilkinson,Booz Allen Hamilton; Yo Delmar, MetricStream; Vivek Shivananda, Rsam
Managing third-party risk is a big undertaking. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Not only are the risks associated with third-party vendors increasing, but regulators are turning their attention to the need for organizations to manage IT vendor risk more effectively.
Organizations should start by compiling a comprehensive inventory of all partnering third-parties and their associated risks, which will enable management to segment IT vendor risk accordingly and focus efforts by priority. They should also designate a business owner for managing third-party relationships, and provide them with the right decision-making powers to establish a disciplined governance and escalation framework for dealing with incidents that occur.
By implementing such best practice organizations can streamline, automate and integrate IT Vendor governance, risk management, compliance, and audit programs, to build a new, more effective paradigm of supply chain performance. Join this education session as we address these key concepts and challenges for managing third-party risk to strengthen IT vendor governance.
Dr Branden Williams (Moderator); Terence Spies, HP Security Voltage; Chris White, Booz Allen Hamilton; Erez Schwarz, Imperva
Inadequate security and dedicated cyber attackers have led enterprise data breaches to increase at an alarming pace. Staggering numbers of affected customers - and financial losses - are sending shock waves through the business world, and creating a sense of urgency around identifying solutions. Finding a way to ward off cyber intruders has become a critical challenge.
There is a need to create value around company data. One way to do this is to ensure that the workforce knows and understands the threats that are out there and the measures that are in place to protect against them. Data security is not one size fits all, nor is a data security communication plan. Finding the ideal fit for any company may take trial and error, but an educated and mindful workforce will serve to support the mission of IT security teams tasked with keeping confidential information secure. Join this educational panel webinar to hear experts discuss how to realize data security potential across an enterprise.
Eric Kavanagh (Moderator); Paul Quanrud, TCS; Keith Breidt, Booz Allen Hamilton; Yo Delmar, MetricStream
As corporate information technology infrastructure increases in size and complexity, corporations are recognizing the need for a better mechanism for assessing IT's role and alignment to the key corporate initiatives. What began as a series of best practices has evolved into the field known as IT governance.
IT governance is no longer just a theoretical concept, it is a fundamental business necessity, and an iterative process which requires senior management commitment over the long term in order to see results. By implementing a business risk approach to IT governance corporations can deliver immediate benefits to the entire organization.
Join Eric Kavanagh, the Bloor Group; Paul Quanrud, TCS; Keith Breidt, BAH; and Yo Delmar, MetricStream; for this educational session as they address some of the key concepts and challenges with IT governance. They will answer as many questions as we can fit in to the 45 minute Q&A, and will provide research materials for you to takeaway.
If you would like to attend please confirm your position below.
Dr Branden Williams; Stuart Hince, HP Security Voltage; Chris Merritt, Lumension; Merritt Maxim, Forrester
The total number of fraudulent payment card transactions has grown every year since 2006, and experts are calling 2014 "the year of the breach." The Ponemon Institute found that each breach cost the average retailer $8.6 million in related expenses, and the price tag connected with a data breach increased across the board, reaching $20.8 million for financial service firms, $14.5 million for technology companies and $12.7 for communications providers.
With attacks continually on the rise, it's more important than ever that merchants protect themselves from the potentially huge financial losses and damages to their brand and customer loyalty associated with a data breach. Join this educational session to gain insights and some key steps to prevent payment card breaches across your organization.
Having a single system of record of all program, portfolio, and project information reduces costs and allows governmental organizations to quickly snap to and comply with mandates and regulations.
Join this webcast to learn how integrated PPM solutions:
•Bring increased accountability across agency projects
•Facilitate real-time collaboration between project and program managers and their teams
•Reduce redundancy and manual effort
Ransomware and destructive attacks have changed the cybersecurity landscape. Modern business requires enhanced access to data to improve productivity, attract and retain customers, and run efficient supply chains – making the network perimeter more difficult to defend. At the same time, criminals are no longer content to just steal information, instead extorting ransoms after encrypting data or sometimes seeking to cripple organizations by destroying their data.
In this webcast you will learn about:
-Dangerous new threats such as ransomware and hacktivism, and how they differ from traditional threats
-Why new threats require a new focus
-Cybersecurity frameworks and best practices
-Enhancing your data protection and recovery capabilities to improve your cybersecurity defenses
-Why some data protection approaches may not be sufficient for advanced threats and how an Isolated Recovery approach provides a best layer of defense
CMDB Implementation is one of the most complicated of any ITSM programmes an organisation can undertake. The difficulties in creating a toolset, capable of linking hundreds of thousands of interconnected bits of data together in a meaningful manner while also supporting a highly fluid environment with dozens of changes each week, are formidable indeed.
Join Peter Hubbard, Principal ITSM Consultant at Pink Elephant EMEA, as he discusses the Pink Elephant approach to create a CMDB in the real world. He will demonstrate the critical importance of the scoping session and understanding the organisations requirements to ensure the CMDB supports the business. Peter will then show you how to turn those requirements into concrete actions to map and create your CMDB.
Faisal Usmani, Business Development and Strategy Lead for Comms at Cyient EMEA, will build on Peter’s theme; detailing how an effective CMDB implementation forms the basis for ITSM solutions. He will cite a case study that shows how this translates into a real world operational scenario that utilises actionable dashboards and provide valuable insights into your service performance at different levels within your organisation.
At the end of the session you should know the importance of being able to ask your ITSM organisation ‘For our CMDB, do we need a battle tank or body armour?’’
There has always been change in our profession. We originally started by implementing disaster recovery programmes. Soon after that, the businesses realized that the people aspect of recovery was needed as well. The results were the beginning of business continuity programmes. DR and BC have worked together almost two decades now with great success. We are now at a major transformation point again. Business continuity is now sharing more information and interacting more with security and compliance groups.
This session will go over what most of us already have in place, what we will need to add, and how all three groups interface together to provide a new resilience program for your environment. The goal of this session is to show the interactions between risk management, business continuity, security and compliance that form the components of a resilience programme.
58% experienced issues when failing over IT systems! - The State of IT Disaster Recovery in the UK – 2016 Survey
Find out if you’re ahead or behind on IT Disaster Recovery. In a survey commissioned by iland and conducted by Opinion Matters, 250 IT decision makers in the UK were asked about their DR experiences, challenges and strategies. And, we’re sharing the results!
Learn from your peers:
- The frequency of DR testing – how much is enough?
- The impact of IT outages – how disruptive would it be to your business?
- The trade-offs IT leaders make between downtime, cost and security – what trade-offs make sense for you?
Join iland and Zerto as we dig into the survey findings which will be a useful benchmark for your own DR strategies. Don’t miss it.
Avec le degré de maturité et le niveau de menace atteint par les ransomwares au cours de l’an dernier, comment pouvez-vous être sûrs que votre infrastructure IT est réellement protégée et que vous êtes prêt à parer à une attaque ?
Aujourd’hui, les responsables sécurité sont confrontés à :
•un manque de renseignements exploitables sur les menaces, qui leur permettraient de mieux cerner les acteurs et les campagnes susceptibles de viser leurs entreprises
•une carence en analystes de sécurité qualifiés, capables d’identifier le nombre croissant de menaces pénétrant leurs organisations. Par exemple, les cryptoransomwares sont en augmentation constante (+35 % en 2015 ) et il faut encore en moyenne plus de 200 jours à une entreprise pour découvrir qu’elle victime d’une attaque.
•peu d’expertise spécialisée dans les techniques requises pour réagir à des menaces et les neutraliser une fois que celles-ci ont pénétré leur environnement IT
Les gangs de rançonneurs ne cessant d’affiner leurs tactiques, les entreprises ont besoin d’être parfaitement au courant des menaces et des risques qu’elles encourent. Symantec vous donne rendez-vous pour un webcast consacré aux attaques par ransomware. Vous y découvrirez ce qui est arrivé à une société et les mesures qu’elle a prises pour remédier à la menace.
The cyber threat landscape has never been more dynamic, than what we are seeing today. With an expanding surface area for attacks and a cybercriminal ecosystem worth billion of dollars on a global scale, cybercriminals are constantly pursuing new methods to obtain financial funds.
It is no different in the Nordics – a region that is well known for its natural resources, innovations in renewable energy and healthcare, proximity to the Arctic, and emphasis on transparency in government is also a prime target for cybercriminals. These unique attributes make the region a prime target for cyber threat groups looking to capitalize on Nordic countries’ robust economies and distinct geopolitical concerns.
Join Jens Monrad, Senior Intelligence Account Analyst at FireEye, who will discuss:
* The Threat Landscape in the Nordics
* Trends and Insights in Malware detections across the Nordics
* Geopolitical situations which can influence the threat landscape in the Nordics
* How having accurate and enriched threat intelligence can enable organisations to make tactical, operation and strategic decisions.
Register today and learn what tools, processes and information organisations need in order to allow them to fully reconstruct the attack scenario and help make the right decisions based on the attack, as well as prepare for the next one.
El año pasado, el ransomware alcanzó un nivel de peligrosidad y profesionalidad nunca visto hasta ahora: ¿cómo puede estar seguro de que su infraestructura informática está protegida y de que está preparado para gestionar un ataque?
En la actualidad, los líderes de los equipos de seguridad se enfrentan a los siguientes desafíos:
•Una falta de inteligencia procesable sobre amenazas para mejorar su comprensión sobre los ciberdelincuentes y campañas que podrían tener como objetivo a su empresa.
•Muy pocos analistas de seguridad cualificados que puedan identificar el creciente número de amenazas que se infiltran en su organización. Por ejemplo, el uso del ransomware de cifrado como herramienta de ataque por parte de los ciberdelincuentes continuó aumentando en 2015, con un crecimiento del 35 %. Sin embargo, las empresas que sufren un ataque siguen tardando más de 200 días en conocerlo.
•Pocos conocimientos especializados en las técnicas necesarias para responder a las amenazas y repararlas una vez han invadido su entorno informático.
Los grupos de cibercriminales especializados en ransomware continúan evolucionando sus tácticas, por lo que las organizaciones deben ser plenamente conscientes de las amenazas que estos representan. Únase a Symantec en un webinar que se centrará en un ataque de ransomware para conocer más detalles sobre el incidente y sobre las medidas que tomó la empresa para reparar la amenaza.
Lo scorso anno il ransomware ha raggiunto un nuovo livello di evoluzione e pericolosità: come essere certi che l'infrastruttura IT sia protetta e in grado di affrontare un attacco?
Oggi i leader della sicurezza hanno importanti sfide da risolvere:
•Un’intelligence sulle minacce insufficiente a individuare gli aggressori e le campagne che potrebbero attaccare la loro azienda.
•La penuria di analisti di sicurezza competenti in grado di identificare il numero crescente di minacce che penetrano all’interno delle aziende. Nel 2015, ad esempio, l’uso del crypto-ransomware come strumento di aggressione è aumentato del 35%, ma le aziende aggredite impiegano ancora più di 200 giorni per accorgersi del problema.
•Scarsa conoscenza specializzata delle tecniche di incident response e remediation per gli ambienti IT colpiti.
Gli autori dei ransomware continuano ad affinare le proprie tattiche, e le aziende devono imparare a conoscere bene le nuove minacce. Partecipa al webinar Symantec che descrive un attacco di ransomware, le sue conseguenze e la strategia di remediation adottata dall’azienda colpita.
VCE VxRail Appliance with EMC data protection provides simple, fast and efficient protection of data and applications regardless of where they live, against whatever might happen, and at the right service level based on business value.