Browse communities
Browse communities
Presenting a webinar?

Enterprise-Wide Risk Management

Ronald S. Ross; NIST Fellow
For decades, organizations have managed risk at the information systems level. This information system focus provided a very narrow perspective that constrained risk-based decisions by senior leaders/executives to the tactical level—devoid, in many cases, of any direct linkage or traceability to the important organizational missions/business functions being carried out by enterprises. The concentration on information systems security by organizations resulted in a focus on vulnerability management at the expense of strategic risk management that is applied across enterprises. NIST Special Publication 800-39 introduces a three-tiered risk management approach that allows organizations to focus, initially, on establishing an enterprise-wide risk management strategy as part of a mature governance structure involving senior leaders/executives and a robust risk executive (function). The risk management strategy addresses some of the fundamental issues that organizations face in how risk is assessed, responded to, and monitored over time in the context of critical missions and business functions. The strategic focus of the risk management strategy allows organizations to influence the design of key mission and business processes—making these processes risk aware. Risk-aware mission/business processes drive enterprise architecture decisions and facilitate the development and implementation of effective information security architectures that provide roadmaps for allocating safeguards and countermeasures to information systems and the environments in which those systems operate.
Feb 3 2011
41 mins
Enterprise-Wide Risk Management
IT Security Risk NIST
  • Channel
  • Channel profile
  • IDS for Security Analysts: How to Get Actionable Insights from your IDS May 19 2015 5:00 pm UTC 45 mins
    Joe Schreiber, AlienVault; Grant Leonard, Castra Consulting; Tony Simone, Castra Consulting
    The fun with IDS doesn't stop after installation, in fact, that's really where the fun starts. Join our panel of IDS experts for an educational discussion that will help you make sense of your IDS data, starting from Day 1. We will discuss signature manipulation, event output, and the three "P's" - policy, procedure and process. We won't stop there either! You'll find out the meaning behind the terms all the cool kids are using like "False Positives" and "Baselining". We'll round it out with more information about how IDS interacts with the rest of your IT applications and infrastructure. If you installed an IDS and are wondering what to do next then signup now!Asset Discovery - creating an inventory of running instances
    Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks
    Change Management - detect changes in your AWS environment and insecure network access control configurations
    S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance
    CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior
    Windows Event Monitoring - Analyze system level behavior to detect advanced threats
    We'll finish up with a demo of AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.
  • Key Security Insights: Examining 2014 to predict what's coming in 2015 May 14 2015 5:00 pm UTC 60 mins
    Ken Dang, Product Marketing Manager, Dell Security
    It’s clear that cyber-crimes are alive and well on the global stage and will only continue to be pervasive as long as organizations prolong taking the necessary defense measures to stop threats from slipping through the cracks. In this Dell Security Annual Threat webcast, we’ll present the most common attacks Dell SonicWALL observed in 2014 and the ways we expect emergent threats to affect small and medium businesses, as well as large enterprises, throughout 2015. Our goal is not to frighten, but to inform and provide organizations of all sizes with practical advice that will help them adjust their practices to more effectively prepare for and prevent attacks, even from threat sources that have yet to emerge.
  • Cloud Access Security—Keep Sensitive Data Safe and Compliant in the Cloud May 14 2015 4:00 pm UTC 45 mins
    Albert Biketi, VP and general manager of HP Atalla and HP Security Voltage
    The exploding use of cloud applications like Office 365, Google Apps, and SalesForce CRM is giving enterprises unprecedented agility. But it also brings new challenges in ensuring data security and demonstrating compliance. In this webinar HP Atalla shows why many enterprises are turning to HP Cloud Access Security Protection platform to protect sensitive data in SaaS cloud deployments.
  • Do You Even CISO? May 14 2015 4:00 pm UTC 45 mins
    Eric Cowperthwaite, VP of Advanced Security and Strategy and Todd Harris, Director of Product Marketing, Core Security
    Being a CISO (Chief Information Security Officer) is hard. Endless responsibilities, never ending demands, restless nights’ sleep, and always playing catchup. Come hear a former CISO tell stories of some of his more interesting experiences, challenges, successes and complete failures.
  • The Factors & Technologies that Drive Data Security Confidence in UK Firms May 14 2015 1:00 pm UTC 45 mins
    Bob Tarzey, Analyst and Director, Quocirca
    What are the factors and technologies that engender UK Firms with the highest levels of confidence in their data security measures?

    Attend this webinar with Bob Tarzey, Analyst and Director at Quocirca, as he reviews new research that examines:

    - The confidence levels amongst UK businesses about the security of their sensitive business data
    - The three key factors that drive the highest confidence levels
    - The security technologies that help deliver these high confidence level - with the specific technologies that enable the management of complex information supply chains
    - The measures firms at the bleeding edge take to make sharing data in the cloud more secure
  • Large Scale, High Performance Visibility Plane for Cloud and Web Service May 13 2015 6:00 pm UTC 45 mins
    Gordon Beith, Director of Product Management
    This webinar will describe the challenges faced by cloud and web service providers when attempting to monitor, manage, and troubleshoot across large data centers and networks, whether fully owned or hosted. It will describe the benefits of using a unified visibility plane as the solution to address these challenges, in a cost-effective and streamlined manner, whether it is for security, performance, and/or troubleshooting purposes.
  • Security Ratings by the Numbers: Taking Mountains of Data to Create Risk Metrics May 13 2015 5:00 pm UTC 45 mins
    Mike Woodward, Program Director of Data, BitSight
    Every day BitSight processes and synthesizes tens of billions of events into easy-to-understand, high-quality security ratings. These ratings empower organizations to confidently assess and manage their security performance and that of peers, vendors, insureds, and acquisition targets.

    Join Mike Woodward, BitSight’s Program Director of Data, to learn how the data scientists and researchers at BitSight collect, analyze, and process all of this data to produce actionable and insightful Security Ratings.

    Attendees will also learn:

    How BitSight calculates ratings using a wide variety of risk vectors including security events, diligence factors and user behaviors

    The importance of comprehensive network footprint maps in producing industry standard security ratings

    Why monitoring performance over time can be beneficial for identifying trends and new risk indicators

    The ways customers are using Security Ratings to manage third party risk, benchmark security performance, assess and negotiate cyber insurance premiums, and remediate security risk involved in mergers and acquisitions.
  • Five Approaches to Increase Visibility and Control in Modern Data Center Network May 13 2015 4:00 pm UTC 45 mins
    Warren Wu, Sr Director, Product Marketing, Data Center
    Data centers are rapidly consolidating infrastructure for greater efficiency, while evolving to deliver greater agility and scale for the business. At the same time, advanced threats are breaching the perimeter and roaming freely, putting more data at risk. In this webinar we compare five different architectures for pushing security from the edge deeper into the network, and review the corresponding requirements for network security solutions to properly secure next-generation data centers, cloud, and software-defined networking (SDN) environments.
  • Selecting a SIEM: Experiences from the Trenches May 13 2015 3:00 pm UTC 60 mins
    Justin Everett: Williams Companies Dave Wiseman: Saint Luke's Health System.VP and Chief Information Security Officer:
    Today’s cyber threat landscape demands a fresh look at security intelligence. Whether you have a first generation SIEM (e.g., ArcSight, enVision, Q1 Labs, etc.) in place today and are concerned about blind spots or are overwhelmed by its complexity, or you’re considering deploying a SIEM for the first time, this panel discussion will give you practical insights from SIEM veterans that will help you refine your security intelligence strategy.

    Watch a moderated panel discussion featuring security experts who will discuss:

    -Cyber security dynamics fueling the need for improved Security Intelligence
    -Visibility and functional gaps to be aware of in first generation SIEMs
    -Selecting a SIEM: Key considerations and requirements
    -Migration considerations when moving to a new SIEM
    -Assessing the staffing requirements for a new SIEM deployment

    Justin Everett: Security Analyst, Williams Companies
    Dave Wiseman: Director of Information Security, Saint Luke's Health System
    VP and Chief Information Security Officer, Fortune 500 Healthcare Services Company"
  • New Thinking About Identity Management May 12 2015 4:00 pm UTC 45 mins
    Penny Crossman, Banking Technology News, Stephen Lange Ranzini, University Bank, Thomas Hardjono
    From massive security breaches to redundant entering of information to the privacy concerns raised by data brokers, it is clear that today's identity infrastructure is ill-suited for the digital age.

    How can identity management be retooled to serve the (sometimes conflicting) imperatives of security, privacy, convenience and compliance?

    Hear from FinTech industry experts from American Banker and learn:
    - What it will take to cross the digital chasm 
    - What role can and should financial service providers play in the transformation

    Find out how to retool your identity management by registering for this live webinar.
  • CyberTECH Securing the Internet of Things Forum San Francisco - Part 2 May 6 2015 6:00 pm UTC 60 mins
    Expert Panel
    This panel of security experts will discuss the internet of things and what's keeping them up at night when they think about security in 2015. After an in-depth discussion, there will be live Q&A from the audience.

    This week's panelists include:
    Ron Gula, CEO and Founder, Tenable Network Security
  • The Mobile Security Problem for Small Businesses May 6 2015 5:00 pm UTC 60 mins
    Cameron Camp, Security Researcher
    Mobility can be a challenge for small businesses, especially when it comes to managing various devices and keeping them secure. ESET Security Researcher, Cameron Camp, explores mobile device management, BYOD and other challenges discussed during National Small Business Week.
  • Rethinking Remote Office Backup May 6 2015 5:00 pm UTC 45 mins
    Nick Kotterman, Product Marketing
    Remote office backup presents numerous challenges, including ever-increasing data volumes, network bandwidth constraints, overtaxed IT administrators and complicated, time-consuming backup processes. Compounding all this is a reliance on older technologies that are inefficient and costly. And the more sites your organization has, the challenges multiply.

    It's time for businesses to rethink remote office backup; one that meets data and regulatory retention requirements, is easy to deploy and maintain, and is secure and cost effective. Its time to look to the cloud.

    Join backup experts Druva to learn how remote office server backup has evolved. Discover how the cloud offers a new, and in most cases, a better approach. In this session you’ll learn:
    - How the latest advancements in cloud storage technology scale globally for enterprises of all sizes
    - Why advances in cloud security models are addressing stringent global security and data privacy issues, including data residency requirements and more
    - How an 'infinite data snapshot model' combined with cost-optimized flexible retention eliminates traditional vendor restrictions.

    Hear real-life use cases of how others are leveraging the cloud for remote server backup. Live Q&A will follow to answer your specific questions.
  • CyberTECH Cyber+IoT eWeek Roundtable Recorded: May 5 2015 61 mins
    Expert Panel
    The CyberTECH Cyber+IoT eWeek Roundtable features top industry experts sharing critical updates and information regarding IoT Security. The roundtable will be moderated by eWeek Editor, Chris Preimesberger and includes top cyber, IoT and InfoSec professionals. Special guest speakers include Michael Daniel, Special Assistant to the President and US Cybersecurity Coordinator for the White House, Mark Weatherford, Principal at the Chertoff Group, Enrique Salem, former CEO at Symantec.
  • NGFW 101: What is it and why should you care? Recorded: May 4 2015 49 mins
    Deena Thomchick, Director of Product Marketing, Fortinet
    What makes a firewall a next generation firewall? How can next gen capabilities help you and what are the gotchas you should know before you turn it all on? Get your basic education on NGFW and some tips you should know before you get started.
  • Best Practices in Major Incident Management Communications Recorded: Apr 29 2015 61 mins
    Scott Bowler, Manager of IT Delivery Management Services, NBN Co. and Abbas Haider Ali, Chief Technology Officer, xMatters
    If your data, services and processes become compromised, your business can suffer irreparable damage in minutes. The clock is ticking, and how fast you communicate to your major incident resolution team is everything.

    Join Scott Bowler, Manager of IT Delivery Management Services, NBN Co, and Abbas Haider Ali, CTO of xMatters and learn how NBN Co identifies major incidents and uses best practices for automating their communication processes to resolve major IT incidents quickly and effectively.

    During the event you will learn how to:
    - Immediately Identify a major incident
    - Instantly locate available major incident managers and target notifications to them
    - Get the right resolution team on the job fast based on the required expertise
    - Utilize one-click conference bridge technology to get key stakeholders together instantly
    - Conduct reviews to identify improvements and prevent similar incidents from reoccurring
  • Layered Security Infrastructure: Enterprise Case Studies Recorded: Apr 29 2015 36 mins
    Icaro Vazquez, Senior Product Line Manager, Security
    As bad actors relentlessly continue to take advantage of the many innovations and trends in our current world, network security professionals are realizing that the passive mode of checking for threats is no longer adequate. As BYOD is now the norm rather than the exception in the corporate world and most organizations have a significant presence in the cloud, bad actors are more than happy to take advantage of the new conduits into the corporate network. Therefore, the need to catch, repair and eliminate security threats as early as possible has never been greater. With this in mind, VSS Monitoring has been helping various enterprise customers to deploy an inline layered security infrastructure that provides multiple lines of defense against the bad actors.

    This webinar will present some of the use cases we have been involved in, what were the motivations that led to the deployment of layered security and how a layered security architecture, anchored by VSS Monitoring, allowed enterprises to become more nimble in their never ending fight against bad actors. Join us for a safari tour of an exciting and evolving space!
  • The Hybrid WAN for Your Data Center Recorded: Apr 29 2015 31 mins
    Mark Byers, Director of Product Marketing, Fortinet
    Almost every organization is challenged by the increasing need for more bandwidth. Cloud-based services, content-rich applications, and access to internet sites is putting more and more strain on the limited pipes coming in to your data centers. WAN Optimization had been the tool of choice to connect and manage branch office traffic. It's now more and more being used to bridge multiple Internet connections for organizations large and small to create more bandwidth in and out of their data centers. Traditional WAN Link Load Balancing has evolved from simple back up and VPN connectivity to a robust traffic management tool that seamlessly adds bandwidth using virtually any ISP technology. In this webinar you’ll learn the basics of Hybrid WANs, what they and Link Load Balancing can do for your organization, and discover more about Fortinet’s Hybrid WAN solutions.
  • SDN and NFV: Protecting the Next Wave of Infrastructure Recorded: Apr 29 2015 41 mins
    Talbot Hack, Senior Product Manager, Arbor Networks
    As traditional network architectures come under increasing strain, Software Defined Networking (SDN) and Network Functions Virtualization (NFV) hold the promise of making networks more open, predictable, flexible, user- and service-friendly and lower cost to operate. These virtualized, software-controlled networking environments, however, do not yet benefit from the range and sophistication of DDoS protections and security available for traditional networks. This presentation focuses on how the delivery of traffic intelligence, threat detection and attack blocking is evolving, regardless of whether BGP and flow or future SDN/NFV-based techniques are in use.

    Attend this session to learn how Arbor Networks is adopting its DDoS solution suite to advance protections in SDN- and NFV-based networks.
  • Deploying Flowspec in a Service Provider Environment Recorded: Apr 29 2015 37 mins
    Steve Walsh, Senior Security Engineer, AOL
    Flowspec is an important tool in combating DDoS attacks, especially in large networks. Arbor provides valuable intelligence on how to craft your Flowspec routes, as well as a handy interface for managing the routes.

    In this session, Steve Walsh, Senior Security Engineer at AOL, describes what Flowspec is, how it came about, and how it works. Learn about some of the tests performed by Juniper and others on scalability, and the discovered limitations that were overcome with the implementation of Flowspec.

    Join this session to learn:
    •Some of the different methods of deploying Flowspec
    •How Flowspec compares with alternative filtering methods
    •Best practices for secure traffic routing
trends, developments, and technology
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Enterprise-Wide Risk Management
  • Live at: Feb 3 2011 9:00 pm
  • Presented by: Ronald S. Ross; NIST Fellow
  • From:
Your email has been sent.
or close
You must be logged in to email this