Enterprise-Wide Risk Management

Manage webcast
Ronald S. Ross; NIST Fellow
For decades, organizations have managed risk at the information systems level. This information system focus provided a very narrow perspective that constrained risk-based decisions by senior leaders/executives to the tactical level—devoid, in many cases, of any direct linkage or traceability to the important organizational missions/business functions being carried out by enterprises. The concentration on information systems security by organizations resulted in a focus on vulnerability management at the expense of strategic risk management that is applied across enterprises. NIST Special Publication 800-39 introduces a three-tiered risk management approach that allows organizations to focus, initially, on establishing an enterprise-wide risk management strategy as part of a mature governance structure involving senior leaders/executives and a robust risk executive (function). The risk management strategy addresses some of the fundamental issues that organizations face in how risk is assessed, responded to, and monitored over time in the context of critical missions and business functions. The strategic focus of the risk management strategy allows organizations to influence the design of key mission and business processes—making these processes risk aware. Risk-aware mission/business processes drive enterprise architecture decisions and facilitate the development and implementation of effective information security architectures that provide roadmaps for allocating safeguards and countermeasures to information systems and the environments in which those systems operate.
Feb 3 2011
41 mins
Enterprise-Wide Risk Management
IT Security Risk NIST
  • Channel
  • Channel profile
  • Why Application Whitelisting is Essential for Advanced Threat Defense Jul 21 2015 3:00 pm UTC 45 mins
    Guest Speaker: Chris Sherman, Analyst, Forrester Research
    According to Forrester, with the right approach and the right technology, application whitelisting can be an essential component for defending against evolving threats, particularly zero-day attacks that endpoint anti-malware products frequently fail to detect.

    In this webinar Chris Sherman, analyst at Forrester Research will examine:
    - The threat landscape and technology adoption trends
    - The benefits of whitelisting and how the technology has evolved
    - The challenges of application whitelisting and how to overcome them
    - The advantages of using application whitelisting in fixed function environments such as retail POS or Industrial Controls Systems
    - How to integrate application whitelisting into your overall endpoint security strategyWh

    John Fox, Director of Engineering at Digital Guardian will briefly explain:
    - How Digital Guardian application whitelisting is designed to address the key problems traditionally associated with application whitelisting
  • Security Operations Profile: Where does your organization stand? Jul 21 2015 3:00 pm UTC 45 mins
    Arabella Hallawell, VP of Corporate Strategy, Arbor Networks
    No two security teams are alike. Security organizations differ widely in how tight their budgets are, the number of dedicated staff and how their business views risk.

    Arbor Networks has sponsored a set of in depth-interviews and created a new tool to help security teams assess their current incident response profile and capabilities versus their peers and state of the art practices. The assessment provides actionable insights to prompt companies to evolve beyond existing detect and respond models that are becoming increasingly ineffective in the current threat environment

    Join this session to hear:
    • What metrics are defining the four profiles and how your organization measures up
    • Lessons learned from three case studies of teams that evolved to hunting and the benefits they achieved
    • Best practices for setting budgets, tools and strategy for a holistic data protection plan

    Take the profile assessment [http://bit.ly/1IjtWtS], and join us for the conversation! We look forward to your participation.
  • Top Tips for using the Cloud for Risk Management Jul 21 2015 9:00 am UTC 45 mins
    Jerry Wertelecky, CPA, Fellow HKloD & Managing Director
    Join Jerry Wertelecky, CPA and Fellow HKloD to learn how you can consolidate your CSP and Corporate Risk Profile
  • Investigate Attacks Like Never Before: Pivoting through Attackers Infrastructure Jul 16 2015 5:00 pm UTC 45 mins
    Jeremy Lindon, Sr Product Manager and Meg Diaz, Sr Product Marketing Manger, OpenDNS
    Attackers break in and pivot through your infrastructure—making their way through critical systems, learning corporate secrets, and ultimately stealing your data. What if you could turn the tables and pivot through their infrastructure?

    Imagine finding one malicious domain or IP and using it to map out the attacker’s infrastructure in minutes. With OpenDNS Investigate, you get visibility into the related domains, IPs, and autonomous systems that may be leveraged for attacks now and in the future.

    Using examples of attacks, we will show how you can pivot through attackers’ infrastructures and stay ahead of attacks. Join this webcast to find out how you can use OpenDNS Investigate to:
    - Investigate attacks like never before
    - Gain global context to better prioritize incident response
    - Predict where future attacks are staged
  • Close Operational Gaps for Better Cybersecurity Jul 16 2015 4:00 pm UTC 60 mins
    Joerg Sieber, Senior Product Marketing Manager, Palo Alto Networks
    As security solutions become more sophisticated, the challenge is not a lack of data, but how to cut through the noise quickly to understand what is actionable and where to allocate resources.

    In this webinar, we discuss strategies that provide your organization the best protection against cyberthreats:

    •Reduce response times with visual actionable data
    •Discover the unknown with automated threat correlation
    •Streamline management with operational and policy control
  • For Security Sake: Consolidate Your Secure Remote Access Infrastructure Jul 14 2015 5:00 pm UTC 60 mins
    Prakash Mana, Director of Product Management, Citrix; Akhilesh Dhawan, Principal Product Marketing Manager, Citrix
    Securely managing a cohesive network infrastructure of essential enterprise apps and data has never been more challenging. In this webinar, we will cover day-in-the-life scenarios, highlighting challenges faced by IT teams in providing secure remote access to support mobility and security via centrally hosted applications, data and systems. We will then discuss how consolidating multiple access gateways, including mobile-specific gateways and classic SSL VPNs, with Citrix NetScaler with Unified Gateway helps provide One URL for secure remote access while reducing TCO, simplifying IT, strengthening security and ensuring a high-definition experience for both mobile and traditional application users.
  • Why Your Firewall Strategy Isn’t Working: All About Internal Network Firewalls Jul 9 2015 6:00 pm UTC 45 mins
    John Maddison, VP of Product Marketing, Fortinet
    No one is trying to reinvent the wheel here, but lets call a spade a spade. The level of threats are increasing, they are advanced, they are persistent and they are costly, so its no surprise traditional firewalls that focus on borders are just not working like they used to. The truth is the internal network is no longer a “trusted” environment, whether a malicious outsider, evil insider or unknowing participant, once inside, threats can spread and do maximum damage. Internal firewalls, while not a new concept, are finally taking hold and the results are a game changer for network protection.

    Fortinet is proud to present, Why Your Firewall Strategy Isn’t Working, Let’s Talk About Internal Network Firewalls, a deep dive into why INFW is the new “must have” in the ever shifting threat landscape.

    - Discover how multiple layers of defense are the new standard for highly-sophisticated attacks that are getting past border defenses.
    - Learn how INFW is different as a compliment to existing Firewalls and various deployment scenarios
    - Understand how a single device can work efficiently in multiple segments

    Don’t Miss, Why Your Firewall Strategy Isn’t Working, Let’s Talk About Internal Network Firewalls, and learn how an Internal Network Firewall can provide the necessary inside-out network protection you need to protect your critical data against advanced threats.
  • Mac Security for Business Jul 8 2015 5:00 pm UTC 60 mins
    Dave Howard, Instructional Designer and Don Lewis, Solutions Marketing Manager
    Learn how to protect the Mac platform in your business.
  • Hackers, Attackers, and Criminals -The never ending, dynamic and evolving threat Jul 8 2015 3:00 pm UTC 45 mins
    Carlos A. Fernandes, CISSP, CEO, Agile Cybersecurity Solutions
    Cybercrime continues to increase, with nearly 100% of Forbes Global 2000 companies reporting data breaches within the last 12 months.
    It is estimated that over 200 nations have Intelligence capabilities and their #1 target is the United States. Cyber tools, used for exploitation, can also be used for cyber attacks. These capabilities are being built by the 1,000s. The result is that most US corporations have been penetrated. Furthermore, most network security appliances may stop a novice attack but they are no match for a sophisticated threat actor. The presentation will explore the evolving threat, why we should care, and what we can and cannot do to counter this never ending, dynamic and evolving threat.
  • Data-centric Security & Encryption: Keeping Your Critical Data Safe Jul 7 2015 4:45 pm UTC 45 mins
    Albert Biketi, VP & GM, HP Security, Atalla
    Data’s coming at us at a pace never before imagined. Without data-centric protection that secures your sensitive information throughout its entire lifecycle, you’re at risk. The use of data-centric security and encryption solution from HP Atalla and HP Security Voltage can help you rest assured that your data remains inaccessible, even if captured, lost, or stolen. Data breaches are inevitable – get prepared. Join this webinar to learn how to best protect your structured and unstructured data at rest, in motion, and in the cloud. Data-centric security will help you neutralize the potential damage from security breaches.
  • The first 24 hours after a breach Jul 7 2015 3:00 pm UTC 45 mins
    Ondrej Krehel, CTO and Founder, LIFARS, LLC
    This session will be about the process that takes place once a data breach occurs. The pressure is extremely high and various teams have to come together in this time of emergency, including incident response team, the board and the executive management, the PR team, risk management and legal. Goals are to strategize and minimize the damage, contain the threat, and ensure that the business continues running in spite of a major incident and at the same time public concerns and pressure are addressed in an efficient manner.

    Talk points:

    Getting the call
    Arriving on scene (first observations and attacker profile analysis)
    Crisis management with key internal tenants
    Evidence collection and preservation, digital forensic investigation and analysis
  • SIEM Detection & Response Cases Recorded: Jun 30 2015 32 mins
    Tom Clare, Director, Arctic Wolf
    Before tackling a SIEM project to improve detection and response, learn from these case studies as their scenario likely matches yours. To firebreak your network brings together technologies, processes and people in the right balance across four phases. More than a security point solution or another box, you need to turn craft into a discipline to improve detection and response.

    Learn from your peers about the following:
    - Before environment and issues
    - Transition effort, cost and impact
    - After environment and benefits
    - Best practices for managed SIEM
    - Your network and next steps
  • Flash, Cloud and Appliances: The Holy Backup Trinity Recorded: Jun 30 2015 51 mins
    Mark Campbell, Chief Technology Officer, Unitrends
    IT professionals are facing an explosion of data and an avalanche of devices to protect. So how do you do more with less?

    Learn how the technology associated with next generation all-in-one backup appliances – physical and virtual – can help you solve the core problems of protecting more IT infrastructure and data with less effort and more confidence.
  • Risk Mitigation Services in Cyber Insurance Underwriting Recorded: Jun 30 2015 57 mins
    Tracie Grella, Advisen; Neeraj Sahni, FINEX; Ira Scharf, BitSight Technologies
    Cyber insurance is becoming an increasingly competitive market. In order to differentiate their offerings, underwriters are beginning to offer unique risk mitigation services to their insureds. But with all the noise in this space, how do risk managers find and choose the policy that is best for them?

    In this webinar hosted by Advisen, Tracie Grella, Global Head of Professional Liability at the world's largest insurer, AIG, Neeraj Sahni, Vice President, FINEX North America—Cyber and Technology Risks at Willis, and Ira Scharf, General Manager of Cyber Insurance at BitSight Technologies, to learn how underwriters, brokers and technology firms are working together to bring risk mitigation services to their clients

    Join this webinar to learn:

    - How cyber coverage has evolved
    - How the insurance market is bringing value related to cyber risks
    - How risk mitigation services lower expected costs and help insurers do a better job of underwriting
    - Why risk mitigation services and cyber insurance create a safer cyber ecosystem
  • DDoS Attacks: More Dangerous to You; Never Easier to Launch Recorded: Jun 30 2015 56 mins
    Christina Richmond, Program Director, IDC and Joe Loveless, Product Marketing, Neustar
    If your organization cannot afford downtime from DDoS attacks, join this timely discussion from Neustar, with special guest perspective from IDC’s Christina Richmond. Explore the complexity and purpose behind today’s attacks and what you can do to defend your Internet presence. You will learn:

    · What the DDoS threat environment looks like today
    · Why “smokescreening” is a particular danger
    · Where attacks can have impact across your organization
    · How you can take steps to thwart DDoS threats
  • Panel: Information Security Policy Management for the IOT Recorded: Jun 26 2015 51 mins
    Expert Panel
    Our expert panel will discuss upcoming trends and best practices in infosec policy management for the IOT. The panel will include:

    Jennifer Bisceglie, CEO, Interos Solutions
    Robert Brese, Executive Partner, Gartner
    Ryan Gillis, VP of Cybersecurity and Global Policy, Palo Alto Networks
    Gary Hayslip, CISO, City of San Diego, Co-Chair, CyberTECH
    Paul Rosenzweig, Principal, Red Branch Consulting
  • Next Generation Firewalls Will Change How You Protect Your Organization Recorded: Jun 25 2015 41 mins
    John Kindervag, VP, Principal Analyst, Forrester
    Join Forrester Vice President, Principal Analyst, John Kindervag and Fortinet to learn about how next generation firewalls (NGFW) are changing the way organizations protect themselves. Get a look at the latest research on how IT professionals are using NGFWs to combat today’s threat environment and the requirements for an effective NGFW.
  • Preparing for Disasters that Will Actually Happen Recorded: Jun 25 2015 62 mins
    George Crump, Storage Switzerland
    Join Storage Switzerland and Accelerite for a live webinar “How To Prepare for the Disasters that Will Actually Happen”. In this webinar we will discuss how these types of man-made disasters differ from natural disasters, why they’re more costly than natural disasters and what steps IT professionals must take, right now, to make sure their businesses can recover from them.

    All registrants attending the live webinar will also be entered into a drawing to win an Apple Watch given away after the webinar.
  • Extend enterprise application-level security to your AWS environment Recorded: Jun 25 2015 55 mins
    Chris Grove, Director of Solution Architecture, Imperva; Matt Yanchyshyn, Sr, Mgr of Solutions Architecture, AWS
    It’s not if, it’s when you will expand your enterprise footprint into Amazon Web Services (AWS). When organizations shift to a public cloud environment, security and compliance must remain top of mind. While AWS provides robust infrastructure-level protections, today’s attackers target the applications themselves.

    This webinar will:
    · Discuss inherent AWS security capabilities

    · Review attack types that target the applications and why traditional security approaches can’t stop them

    · Illustrate how Imperva SecureSphere for AWS stops these attacks and enables you to use the security infrastructure on-prem and in the cloud
  • “Triple-A” Security Approach to Network Security - Empowering Your Business Recorded: Jun 25 2015 37 mins
    Florian Malecki, International Director of Product Marketing
    Triple-A ratings are normally associated with chief financial officers keeping a tab on John Moody’s bond credit rating. But, in the technology world, how can a chief information officer or IT decision maker rate the efficiency of an IT security implementation?

    A comprehensive security approach should encompass three factors. It should be adaptive to threats, business requirements and the ever-evolving use of the internet within the corporate network, have adapted to meet the specific requirements of an organization and have been adopted fully by end users.

    These factors can be summarized as a “Triple-A” security approach. If you achieve this, you can strengthen your overall security posture.

    Attend our webcast to see how your organization can have the best security possible, and use IT security to drive innovation – instead of blocking it.
trends, developments, and technology
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Enterprise-Wide Risk Management
  • Live at: Feb 3 2011 9:00 pm
  • Presented by: Ronald S. Ross; NIST Fellow
  • From:
Your email has been sent.
or close
You must be logged in to email this