IT Governance, Risk and Compliance

Community information
Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

Webinars and videos

  • Are attacks on your network and users still occurring, despite continuing efforts to stay on top of security? What impact would malware have on your business if it was able to gain internal access and steal sensitive information?

    Without solutions that can disrupt the chain of events that occur during an advanced attack, many businesses are still being infiltrated and losing data every day. This webinar will cover the best practices in disrupting attacks with content security solutions - connected to optimize protection.
    Join this webinar as:
    •You will learn the tactics used by attackers today to infiltrate businesses
    •You will hear about the leading technologies available to disrupt advanced attacks
    •You will walk away with the knowledge to assess your own environment, and optimize your security
    Businesses today face more advanced attacks than we’ve ever seen in the past – and defending against them takes a connected approach which can disrupt the multiple points of infiltration and exfiltration used in the process of a breach. With most attacks seen in the wild using phishing emails to reach their target, a web link or malicious file to deliver a payload, and an outbound stream of communication to exfiltrate data – implementing a Secure Email Gateway, Secure Web Gateway, and Data Loss Prevention technology together will provide a barrier difficult for even the most advanced attacks to overcome.

    Don’t miss this webinar if you have a stake in the security of your most valuable information, or are directly responsible for the implementation of security solutions to protect it. Register now for this 30 minute webinar.
  • Now that NIST has published Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity, the long awaited CSF, what are the implications for companies? How can the CSF help your business improve its defenses? Cameron camp investigates.
  • Join us for this short monthly webinar, in which we will provide you with the latest updates and insights into the constantly evolving online threat landscape. Using information sources such as the Symantec Global Intelligence Network, we will help you understand how you can continue to protect your company and your infrastructure.

    The goal is simple: to make the Internet safer to transact business – for you, your customers and everyone else with whom you interact online.
  • We look at why organisations are turning to Data Classification solutions as part of a best practice layered security approach. We will cover:

    •The evolving security environment
    •Drivers for data classification
    •How data classification works in practice
    •Customer success stories

    The session will also include a brief demonstration of Boldon James Classifier.
  • Internal audit functions must anticipate and respond to a constant stream of new challenges. Key findings from Protiviti’s latest Internal Audit Capabilities and Needs Survey show that:

    • Social media, mobile applications, cloud computing and security (specifically with regard to the NIST Cybersecurity Framework) are critical areas of concern

    • CAATs and data analysis remain on center stage

    • Fraud management efforts focus more on technology as well as prevention

    • We have to keep pace with a raft of regulatory, rules-making and standards changes”

    • Internal auditors want to take their collaboration with business partners to a new level

    Please join our webinar on focused on assessing the top priorities for internal audit functions.

    CPE credit will be provided to qualifying attendees.
  • Recent research shows that when it comes to Online File Sharing and Collaboration (OFS), a “one size fits all” deployment strategy isn't enough. Join ESG Senior Analyst Terri McClure and Syncplicity as we take a look at the drivers behind corporate OFS adoption, hurdles that need to be overcome, and emerging demand for hybrid solutions.

    In this webinar, Terri McClure will discuss findings from ESG’s latest analysis, Online File Sharing and Collaboration: Deployment Model Trends. She will shed light on issues that motivate many IT departments to implement OFS solutions and identify trends that are pushing vendors to provide more deployment options to customers.

    Jeff Schultz, Head of Marketing at Syncplicity, will discuss the value of Syncplicity StorageVaults, which provides enterprise customers with deployment flexibility, ensures data residency and compliance, and enables secure mobile collaboration across the enterprise.

    As a thank you for registering you’ll receive a free copy of the ESG Research Brief: The Demand for Hybrid Online File Sharing Solutions.
  • In this webcast we will show:
    1. The Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
    2. How you can identify your business exposure and what systems are vulnerable
    3. How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed
  • Mobile workers are increasingly demanding access to mission-critical data and apps from personal smart phones, tablets and laptops. However, co-mingling of personal and business data and apps on mobile devices creates risk of business data loss and introduction of malware. What are the risks and what technologies can businesses deploy to enable productivity while protecting from these threats ?

    •Learn about the risks introduced when personal and business data and apps co-mingle on mobile devices
    •Learn about available technologies and technology trends to address these risks.

    Join Dell to understand the risks introduced when personal and business data co-mingle on mobile devices and technologies to consider to protect corporate data.
  • From political hacktivists to international cybercrime organizations, enterprise security has been under a barrage of attacks that run the gamut of complexity. Security breaches now seem inevitable even at organizations that invest heavily in their information security operations. With numerous recent examples of cybercriminals and malware penetrating corporate networks almost at will, the role of incident response teams has been thrust into the spotlight. In this presentation I will discuss the fundamentals of incident response planning and the critical role audit has in reviewing incident response plans, documentation and the plan testing process.
    At the end of this session:
    You will understand:
    -incident response
    -identify the different types of incidents
    -planning process
    -roles and responsibilities
    -team activation process
    -response process flows
    -response scenarios, and
    -auditing incident response
  • This webinar is presented by McAfee and Intel to help customers understand their Data Protection solution from McAfee and to get the most business value out of their Intel based endpoints. Products that apply to this webcast include McAfee Complete Data Protection Suites, featuring Endpoint Encryption, and EPO Deep Command to extend the reach of your IT department to lower your total cost of ownership. The webinar will include a special highlight on Intel® Core™ vPro™ Processors and associated technologies that increase productivity and hardware-assisted security in the enterprise. This webcast is provided as a 35-40 minute overview and includes 5-10 minutes of Q & A.

    Join this webinar on Data Protection and learn about:
    • The key features of Data Protection and how it can provide you with the security you need
    • Use cases on utilizing the synergy between Intel® vPro™ and McAfee Data Protection technologies to reduce your overall TCO
    • How you can extend the reach of your IT team with the ability to remotely wake up or even power on PC’s, remediate “disabled” endpoints and remotely reset pre-boot passwords
    • How to securely manage your endpoints from a single console while simultaneously providing self-service features for your end-users
  • *On this webcast we're giving away a pass to our partner event: the Chicago Cyber Incident Response Summit, between June 21-23, 2014*

    Let’s face it, there’s unrelenting pressure on IT to enable competitive advantage through new technology and use of data assets‒-but the business is driving initiatives that can push sensitive production data into more and more exposed areas. The key question is ‘How can you enable the business to be agile AND take a more proactive, programmatic approach to security at the same time?’ With the advanced threats that are pervasive today, it’s becoming increasingly dangerous for organizations to deploy new technologies and processes, and then reactively address the implications for data security in the ecosystem. You need a blueprint to reverse this trend in your organization.

    In this webinar, William Stewart, Senior Vice President of Booz Allen Hamilton and Jeff Lunglhofer, Principal of Booz Allen Hamilton–a leading management technology and consulting firm driving strategic innovation for clients–will discuss the top trends in cyber threat mitigation, data privacy, data governance, and data security, with Mark Bower, VP Product Management and Solutions Architecture at Voltage Security.

    Attend this webinar to learn more about how to:
    •Increase responsiveness and security in your IT environment and architecture
    •Fight pervasive threats from inside and outside attack with data-centric technologies
    •Raise your organization’s overall data privacy, compliance, and security profile
    •Implement a new data de-identification framework across production, test & dev, and analytics use cases
    •Proactively enable critical business initiatives
    --Can't attend live? Register below to receive a link to the recorded webcast.
  • You are invited to register for our upcoming COSO webinar, COSO 2013: Mapping Controls to Principles. Transitioning to the New COSO Framework is top of mind for many organizations. How do you get started? How do you map controls to principles or vice versa? What are some of the preliminary findings organizations are seeing as they head down the path to implement the framework?

    Please submit top-of-mind questions during the webinar registration process.

    CPE credits will be provided to qualifying attendees.
  • Email Gateway 5.6 including hybrid cloud setup and ”ClickProtect” spear phising protection.
  • Everyday consumers assume that when making a purchase, online or in-store, their card data is handed off to a trusted source, with security in place to protect them. However protecting these transactions and the retail payment ecosystem has become increasingly complex, with recent data breaches of large retailers testament to the vulnerabilities.

    In addition, compliance with PCI DSS fails to address some of these vulnerabilities resulting in potential exploitation with disastrous consequences. To address these security gaps the scope of security needs extending from the merchant, acquirer, switch and bank or card issuers to include the manufacturers of payment terminals at the point of sale and developers of payment application software.

    Join your fellow professionals to understand how by using Point-to-Point Encryption, card data is encrypted from the earliest possible moment of its capture, and ensures that data remains in an encrypted state consistently until it arrives at the payment gateway.

    Then understand why many merchants are considering P2PE not only to secure vulnerabilities, but also because it can effectively remove some of the merchant’s own security infrastructures from the scope of compliance with regulations such as PCI DSS. Lastly understand why encryption is only as secure as the encryption keys as when cryptography is used to protect valued data, the risk is transferred from the data to the keys.
  • Today's organizations are moving more interactions online through web, mobile and API-enabled web services to empower their customers and increase revenue. Managing the high volume of customer identities and enabling secure interactions across a set of web, mobile and hybrid apps, from a variety of different devices can be challenging.
    On April 24th at 1pm ET, please join David Gormley, Director, Security Solutions for CA Technologies, to learn how you can securely accelerate the delivery of new applications and services, while improving the customer experience across multiple channels of interaction.
  • Security professionals are increasingly realizing that protecting executives and corporate assets requires more than just “guns and guards.” It requires a proactive strategy to identify and prevent a threat, rather than reacting to one. So how can security professionals be proactive and minimize the threats that originate from the Internet?

    In this webcast we’ll look at how you can use an individual’s online “footprint” to identify potential threats and develop a more effective security plan. We’ll also present a case study of one of our own executives and show why online threat intelligence is not the same as news alerts or monitoring social media for brand buzz.
  • Protiviti's IT Priorities Survey results reveal 2/3 companies are going through a major IT transformation in 2014. Join Protiviti's IT Consulting managing directors to discuss why.
  • Encryption, and cryptography in general, has been thrust into the spotlight as a critical technology for combating surveillance, data breaches, insider threats, and more. But encryption is no silver bullet, and the quality of its implementation is the major determining factor in the protection it actually provides. Join us on Thursday April 24 to learn about:
    •Five ways you can measure the quality, or trust level, your crypto systems provide
    •Effective strategies for dealing with the key management pain many organizations are starting to feel as they increase their deployment of cryptography
    •Use cases for strong cryptography and trusted key management with hardware security modules (HSMs)
  • Join us for this live webinar where we will walk through a real-world example in which FireEye Managed Defense analysts utilized the FireEye Platform’s MVX virtual machine technology and endpoint response capabilities to identify, alert, and remediate an active Advanced Persistent Threat (APT) attack.

    In this case study we will cover:

    • How the attacker executed a “smash-and-grab” attack aimed at stealing intellectual property.
    • How FireEye detected the attack as it was beginning and re-secured the network and prevented sensitive data from leaving the client’s networks.
    • Best practices for investigating and responding to similar attacks.
  • Today most companies are witnessing an explosion in the amount of data that they store. According to recent estimates, large databases grow by 65% year over year and 85% of the data contained in these large databases is inactive. This often out-of-control data growth stems from a variety of sources and can have a negative impact on application performance, database management tasks, and overall total costs.

    During this webinar, learn how you can improve application performance while simplifying IT for Oracle applications with Informatica Smart Partitioning and Oracle ZS3 storage appliance.

    In this event, we will share how the combination of Oracle Tiered Storage and Informatica Data Archive Smart Partitioning:
    Reduces the cost of data by enabling storage tiering and compression of referentially intact data partitions
    Improves application performance up to a factor of 6X or more by automatically optimizing datasets for user requests
    Eliminates complex archiving strategies and provides full and rapid access to archived data from the native Oracle Application
  • Every application, email, web page and Internet connection relies on information encapsulated into a data packet that can be easily distributed across networks. These packets include information about the sender and receiver, as well as the actual contents, or payload. By manipulating pieces of the packet data, criminals can infiltrate networks, applications, data centers, and individual computers.
    How do you defend your network against advanced threats that manipulate data at the packet level? Join McAfee for a revealing presentation on the current state of threat prevention. Find out why you should be using deep packet inspection (DPI) for protocol identification, normalization, and data stream-based inspection to detect and block threats, in both clear-text and encrypted connections. And stop Advanced Persistent Threats (ATP) that rely on packet manipulation to thwart most common firewall and IPS defenses.
  • Next generation endpoint security. Security and Management beneath the operating system.
  • Nos puissantes solutions de gestion des événements et des informations de sécurité (SIEM) associent des données sur les événements, les menaces et les risques pour offrir une connaissance approfondie de l'état de la sécurité, une réponse rapide aux incidents, une gestion transparente des journaux ainsi qu'une fonction de génération de rapports de conformité extensible. Produit phare de notre offre SIEM, McAfee Enterprise Security Manager assure la consolidation, la corrélation, l'évaluation et la hiérarchisation des événements de sécurité pour les solutions McAfee et d'autres éditeurs. Composant essentiel de notre cadre d'implémentation Security Connected, McAfee Enterprise Security Manager s'intègre en toute transparence avec le logiciel McAfee ePolicy Orchestrator (McAfee ePO), McAfee Risk Advisor et Global Threat Intelligence afin de fournir le contexte nécessaire à une gestion des risques de sécurité autonome et adaptatif.
  • As additional details on the Target breach - and other retail attacks - leak out, we see that Point of Sale (POS) malware continues to be a significant threat. There are several attack methodologies at play and many forms of new malware, including Dexter, Project Hook, Alina, BlackPoS/Kartoxa, JackPoS, VSkimmer and others. All continue to compromise organizations large and small. In this webinar, Curt Wilson, Senior Research Analyst for Arbor's Security Engineering and Response Team (ASERT) will explore a newly discovered POS attacker’s toolkit, as well as the structure and behavior of typical POS malware and key indicators of compromise.

    Additionally, this talk will review a survey of observed POS infrastructure vulnerabilities that include well-known and lesser- known POS threats that continue to evolve. Attendees should leave with an expanded sense of the threat surface that retailers – including ecommerce organizations – must face. The session will wrap up with an overview of best practices for protecting, detecting, and addressing these evolving threats.

    Attend this webinar to learn about:

    • The various types of POS malware threats and the implications of experiencing an attack

    • The tools and processes that retail IT infrastructure teams need to have in place to protect their organizations from attacks

    • Best practices for dealing with a POS attack; actionable “now what” steps for organizations who have been compromised by POS malware