The classic IT Security Organization is often seen as the “digital border guards”. Busy with deciding what the firewall setting should be. How to “harden” the server configuration. Checking the latest virus and hack-attack methods and working on defenses. Integrating this Security function with the IT- Governance, IT- Risk and IT - Compliance functions into one GR(S)C – function will lead to direct cost reductions but also to an indirect cost reduction because the (control) requirements from each of these functions individually can be integrated into one Risk (and Control) approach for the IT Domain. Streamlining the effort will in many cases lead to a reduction of the effort required from the IT-operational organization to implement and assure controls and other risk reduction measures.
What does this integration mean for the organization, tasks, skills, processes for the new GRSC function as compared to the current situation? What may you expect during the transition path?
Arno Kapteyn is Managing Consultant IT Governance. He is a leading expert in the field of IT Governance, Risk and Compliance (GRC) and how to integrate them with IT Security and IT Service Management. His field of expertise is the design and implementation of IT Organizations according to the available open and industry standards.
RecordedNov 17 200946 mins
Your place is confirmed, we'll send you email reminders
Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.
Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.
Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
Robert D. Schneider, Partner at WiseClouds LLC, Reiner Kappenberger, HPE Security - Data Security
The Internet of Things (IoT) is here to stay, and Gartner predicts there will be over 26 billion connected devices by 2020. This is driving an explosion of data which offers tremendous opportunity for organizations to gain business value, and Hadoop has emerged as the key component to make sense of the data and realize the maximum value. On the flip side the surge of new devices has increased potential for hackers to wreak havoc, and Hadoop has been described as the biggest cybercrime bait ever created.
Data security is a fundamental enabler of the IoT, and if it is not prioritised the business opportunity will be undermined, so protecting company data is more urgent than ever before. The risks are huge and Hadoop comes with few safeguards, leaving it to organizations to add an enterprise security layer. Securing multiple points of vulnerability is a major challenge, although when armed with good information and a few best practices, enterprise security leaders can ensure attackers will glean nothing from their attempts to breach Hadoop.
In this webinar we will discuss some steps to identify what needs protecting and apply the right techniques to protect it before you put Hadoop into production.
Nancy Bennis, Director of Alliances, Cleversafe an IBM Company, Alex McDonald, Chair, SNIA Cloud Storage Initiative, NetApp
Object storage is a secure, simple, scalable, and cost-effective means of embracing the explosive growth of unstructured data enterprises generate every day.
Many organizations, like large service providers, have already begun to leverage software-defined object storage to support new application development and DevOps projects. Meanwhile, legacy enterprise companies are in the early stages of exploring the benefits of object storage for their particular business and are searching for how they can use cloud object storage to modernize their IT strategies, store and protect data while dramatically reducing the costs associated with legacy storage sprawl.
This Webcast will highlight the market trends towards the adoption of object storage , the definition and benefits of object storage, and the use cases that are best suited to leverage an underlying object storage infrastructure.
In this webcast you will learn:
•How to accelerate the transition from legacy storage to a cloud object architecture
•Understand the benefits of object storage
•Primary use cases
•How an object storage can enable your private, public or hybrid cloud strategy without compromising security, privacy or data governance
Matthew Yeh, Delphix, Product Marketing & Olivia Zhu, Delphix, Business Technology Consultant
A new, data-centric approach to security is taking hold. Rather than establishing perimeter defenses in hopes of repelling breach attempts, security-minded organizations are investing in technologies that protect the interior--the data itself. In particular, the combination of virtual data and data masking is proving to be a powerful way for enterprises to safeguard sensitive data from both insider and outsider threats.
View this webinar to learn:
How data masking is superior to solutions based on encryption and firewalls
What virtualized data is, and how it forms the foundation for an effective security strategy
Why integrating data masking with virtual data reduces your surface area of risk by 90%
Healthcare has become criminals most lucrative target. Why? Because medical records are worth 10 times that of credit cards. The recent digitization of the healthcare industry has rapidly expanded the attack surface to include electronic healthcare records, patient portals, IoT-enabled medical devices and more.
Imagine losing access to all of your patient data—only to find out you are being extorted by criminals who require payment to get it back. This type of attack can disrupt life & death technologies that medical practitioners rely on to perform their jobs. Ransomware adds up to a significant threat to the healthcare industry.
But, there are steps you can take to actively reduce the number of ransomware infections across your organization. OpenDNS and Cisco are on the forefront of helping our healthcare customers against various versions of ransomware.
Hear from Barry Fisher, Sr. Product Manager at OpenDNS, to learn the simplest way for healthcare security practitioners to stay ahead of Ransomware attacks. You’ll learn how to:
-Reduce ransomware infections across your organization
-Identify the infrastructure used by attackers to connect, control and transfer the encryption keys
-Protect medical IoT endpoints, patients’ devices and even devices that don’t run agents, like heart monitors and infusion pumps
Register now to learn how to start covering your healthcare security gaps.
Over the last few years, there are a known 620 million user accounts that have been compromised across hundreds of sites. Organized cybercrime have figured out that this is the fastest, most reliable method to infiltrate organizations, as well as achieve financial gain. Since users share passwords across multiple sites, it is easier to find logins that work on a target site than try to bypass firewalls, find software flaws, or even run spearphishing campaigns.
These types of attacks are collectively coming to be known as “Account Takeover” (ATO). Some are simple, while others are sophisticated. Some can be stopped relatively easily, and others require much more effort.
ATO attacks (via stolen credentials) were cited as the #1 method of confirmed data breaches in both 2014 and 2015, for web applications, which itself was the #1 vector for data breaches.
Come learn what these ATO threats are, their impact to your business, how to detect them, and what you can do about it.
Krishna Narayanaswamy, Founder and Chief Scientist, Netskope
The rapid rise in cloud adoption – of which corporate IT has underestimated the scope by as much as 10x - has created a new effect: a “cloud attack fan-out.” Between many connected devices, which increase the attack surface, and capabilities like sync and share, which increase data velocity in the cloud, both the propensity and the severity of a breach rise.
Join Krishna Narayanaswamy, Founder and Chief Scientist of cloud security company Netskope, as he takes an in-depth look at data breaches involving cloud services and how they come about. Krishna will take a fun, CSI-like presentation approach and draw upon unique, anonymized data seen in the cloud to illustrate:
- The multiplier effect that that the cloud can have on the probability of a data breach
- Three real-world examples in which the cloud can play a role in data breaches, including a step-by-step review of a recent exploit found in a cloud storage app
- How to identify data breaches in an enterprise cloud environment using advanced anomaly detection techniques
- A forensic walk-through in the reconstruction of a complex audit following a data breach
- Best practices for mitigating breaches as well as monitoring and protecting sensitive enterprise data in the cloud
Peter Gossin, Digital Transformation Manager, Microsoft
Digital transformation is the process of using today’s technology to modernize outdated processes and meet the most pressing needs of your business.
Thanks to recent advances in lower cost tablet technology and Microsoft’s suite of cloud and productivity services, complete digital transformation is more accessible now than ever before. A new class of affordable devices is revolutionizing the way businesses and their employees work and interact with customers.
Sign up now to:
•Engage your customers
•Empower your employees
•Optimize your operations
•Transform your products
Matthew Yeh, Delphix, Product Marketing & Olivia Zhu, Delphix, Business Technology Consultant
Data Masking Is Changing How Businesses Prevent Data Breach
With data breaches on the rise, businesses are heavily investing in solutions to safeguard sensitive data. However, businesses too often fail to secure confidential information in environments used for development, testing, training, and analytics. These so-called non-production environments can represent over 80% of the surface area of risk for breach. Data masking has emerged as the de facto standard for protecting these environments from insider and outsider threats alike. Masking replaces sensitive data with fictitious yet realistic data, preserving its value for non-production use while completely eliminating the risk of breach. Moreover, a new generation of solutions couples data masking with advanced virtualization technology to secure and deliver data -- without the slowdown caused by traditional methods.
Register and discover:
The key reasons why next-generation data masking reduces risk of breach
How masking compares to other security approaches such as encryption
Why next-generation masking is essential for businesses that must comply with HIPAA, PCI DSS, and SOX
Jonathan Bailey, Rami Essaid, Katie Sunstrom, Orion Cassetto
Web scraping - the process of using bots to systematically lift content from a website - is either loved or hated. Startups love it because it’s a cheap and powerful way to gather data without the need for partnerships. Large companies use web scraping to gain competitive intelligence, but try to block others from doing the same. However, new legislation and high profile court cases have called into question the legality of web scraping.
In this lively conversation, diverse panelists will discuss the origin of web scraping, the changing legal landscape, and the legal and technical best practices for protecting your website content.
Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire
There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.
This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
Melinda Rahe, Business Continuity Program Manager Dell, Inc.
Outsourcing shifts the burden to mitigate risk to the vendor. But, it does not shift the impact of the risk. Your company’s reputation and its’ customers can be negatively impacted when your vendor experiences failure.
This presentation discusses how to formulate a vendor resiliency strategy. And, will equip participants with practical solutions for effectively, as well as efficiently, assessing the business continuity risk exposures introduced by outsourcing business functions
It doesn’t matter what industry vertical you are in or how big or small your business is, we are all plagued by the same concern, the security of your most valuable asset – your data. Moreover, the threat is sometimes the ones that you trust most, namely people that have access to your privileged information and data. This insider threat can be your customers, partners and even your employees that accidentally or purposefully release or acquire sensitive data and use it for something other than what it was meant for.
Just imagine if you had a complete and panoramic scene sizeup along with the ability to proactively address potential threats of both the traditional threat vector of outsiders gaining information as well as the increasingly common and dangerous internal threat. Join us as we discuss this important topic as well as how you can ensure that your organization does not find itself in the eye of the security cyberstorm..
Mike Reinhart is the Director of Product Marketing at Accelops
Regulatory compliance and security breach protection, is complex in today’s organizations, and this job is not getting easier.
One of the major challenges that many organizations and managed security services routinely face is that the sources, numbers and types of attacks being generated are increasing exponentially. When you add the growing unknowns associated with the Internet of Things (IoT) it becomes exceedingly difficult to separate the truly lethal threats from the merely mundane. This results in greater complexity and higher costs in terms of not only the number of security incidents that need to be investigated, it is driving organizations to hire the security expertise needed to maintain these services.
Join us for this webcast to see where state-of-the-art SIEM tools are being used to create a modern managed security service that not only scales to meet the potential threats for organizations, but also allows Managed Service Providers to deliver higher quality managed security services.
John Meegan, Candice Campbell, Gary Zein, Karolyn Schalk, Karl Scott, Mike Edwards from the CSCC
The Cloud Standards Customer Council will define hybrid cloud computing, explain why this deployment model is essential for addressing business requirements, and outline the key considerations that customers must take into account as they start their transition. The presentation will include strategic and tactical activities for decision makers implementing hybrid cloud solutions. It will cover all the essential technical considerations for hybrid cloud deployment including integration, connectivity, governance, management, security and privacy.
CloudLock: Brad Pielech - Integrations Architect, CloudLock OneLogin: Mario Tarabbia - Director of Sales Engineering
Your organization has turned to cloud platforms and applications (including SaaS, IaaS, PaaS, and even IDaaS) to meet business needs, and it’s your job to make sure those applications are both easily accessible as well as airtight. Luckily, a new set of identity and security solutions have arrived that ensure fast access and security around all your publicly accessible data,w the apps it resides on, and the users engaged.
Find out how OneLogin’s identity and access management capabilities including single sign on (SSO), combined with CloudLock’s cloud cybersecurity solution can make users more secure and productive in the cloud, no matter the data, applications, or people they work with.
Join OneLogin and CloudLock to learn how to:
– Identify the top five cyber threats to your cloud environment
– Protect against cloud security risks leveraging advanced user behavior analysis
– Improve company-wide productivity through streamlined identity and access management
– Easily automate your cloud access management process
– Put it all into action quickly – managing cloud application security with a powerful IDaaS+CASB joint solution
Steve Piper, CEO at CyberEdge and Lane Roush, Systems Engineer at Code42
The CyberEdge 2016 Cyberthreat Defense Report (CDR) provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a November 2015 survey of 1,000 IT security decision makers and practitioners, the CDR delivers insight IT security teams can use to compare their perceptions, priorities and security postures to that of their peers.
Join Steve Piper, CEO at CyberEdge and Lane Roush, Systems Engineer at Code42 to review the results from the 2016 Cyberthreat Defense Report and:
•Understand why 62 percent of organizations expect to be breached this year.
•Learn which cyber threats are of the utmost concern to the enterprise in 2016.
•Explore how Code42 CrashPlan endpoint backup helps safeguard your most important asset–data!
Carl Lehmann (451 Research), Rick Caccia (Delphix), Bill Laberis(IDG)
BEST PRACTICES TO MODERNIZE IT PROJECTS AND MITIGATE BUSINESS RISKS
As workloads, data and processes shift across on-premises, hybrid clouds and mobile infrastructure, enterprises must develop a strategy to manage IT change and the risk that comes with it. Attend this webinar to learn:
How to craft an IT modernization strategy for the enterprise architecture
How to select the tools to control risks associated with IT modernization
Case studies of global firms that have successfully modernized their infrastructure to enable business and IT transformation
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.