IT Governance, Risk and Compliance

Community information
Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
  • If there is one thing that can be said about the threat landscape, and cybersecurity as a whole, it is that the only constant is change. This can clearly be seen in 2014: a year with far-reaching vulnerabilities, faster attacks, files held for ransom, and far more malicious code than in previous years.
    Join us on 26th May, at 10:00 - 10:45 to understand the growing threat landscape and how this affects your business.
    On this webcast we will cover;
    •The main security challenges and trends in 2014
    •Highlight how threats operate to allow you to better informed
    •Key takeaways for executive / functional leaders
  • ISO 31000 was published as a standard on the 13th of November 2009, and provides a standard on the implementation of risk management. A revised and harmonised ISO/IEC Guide 73 was published at the same time. The purpose of ISO 31000:2009 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual."[3] Accordingly, the general scope of ISO 31000 - as a family of risk management standards - is not developed for a particular industry group, management system or subject matter field in mind, rather to provide best practice structure and guidance to all operations concerned with risk management.
  • Join The Wall Street Journal's Dan Keeler, and industry experts, including Dow Jones Risk & Compliance Data Strategist Nicholas Grimaldi, to discuss conducting comprehensive due diligence to mitigate risk when entering into frontier markets.
  • With companies adopting SaaS applications more rapidly than ever before, the risk of cloud data loss has also risen. As many as 40% of companies that use cloud based applications have reported data loss since 2013, according to reports from the Aberdeen group and Symantec – but until cloud data disasters hit home, businesses tend not to prioritize cloud data backup.

    In this BrightTALK-exclusive webinar, you’ll learn about the biggest cloud data losses of the year, and how to make sure they don’t happen in your organization.
  • 2014 was a year pack with hacker attacks on payment card infrastructures but we’re not out of the woods yet. Dell’s threat research team have regularly observed new active pieces of advanced Point-of-Sales (POS) malware in 2015. Why so many retailers still soft targets? For cyber criminals, retail is where the money is. The possibility of spiriting away and selling thousands or millions of credit card details and chunks of consumer information is powerful incentive.
  • With the increased regulation and scrutiny of the past decade, it is important for organizations to implement best practices in order to maintain control and achieve compliance with evolving regulatory requirements.

    Compliance teams of the brave new world are set up to discuss risks with the key business leaders, and have sufficient resources to ensure company compliance programs are implemented effectively. Their software applications for managing enterprise governance, risk management, and compliance (eGRC) continue to mature with impressive features and functions, and they are making notable strategic advances by linking these three business functions for more informed decision-making, to reduce risk exposure, lower audit costs, and demonstrate compliance.

    To replicate similar success in your eGRC program, you will need to focus on selling GRC value, practicing good GRC project management, and embedding GRC into corporate culture. Join this educational panel webinar as our experts delve deeper into this, and identify the best practices for implementing an eGRC program in 2015.
  • View from the CISO Chair - Security as Business Risk with Tom Bowers, Principle Security Strategist, ePlus
  • Security event management continues to evolve as data breaches put more pressure on detective defenses providing continuous monitoring. Many companies have invested strongly in preventive defenses to stop attacks before they infect. Now the game changes to detecting the unknown and this requires scale and performance of SIEM solutions with increasing context for depth and visibility in the hands of security experts with an analytics mindset. Not everyone can play on this field, learn your options.

    Attendees will learn:
    - SIEM architecture changes for visibility
    - Increasing complexity of data analytics to explore
    - SIEM taxonomy and trade-offs between generations
    - Analyst recommendations & best practices
    - Why resources are key to SIEM success
  • Increasing data and network complexity give hackers more to steal and more ways to steal it. Most organizations cannot hire enough skilled IT security personnel to keep up.

    Join us for this informative and timely webinar, in which our experts will offer you seven golden strategies to mitigate IT risk and help you:

    • Reduce the greatest risks first
    • Stretch your team for optimal results
    • Creatively augment budget, skills and headcount.
  • The importance of protecting sensitive data is gaining visibility at the C-level and the Boardroom. It’s a difficult task, made even more so by the shortage of security experts. One option that more and more companies are pursuing is the use of managed security services. This can enable them to employ sophisticated technologies and processes to detect security incidents in a cost-effective manner. Should managed security be a component of your security mix?

    In this webinar, Ed Ferrara of Forrester and Mark Stevens of Digital Guardian will discuss:

     When does it make sense to utilize managed security services

     How to the scope the services your company contracts out

     Questions to ask when evaluating managed security services providers

     The key criteria for selecting managed security providers
  • Information technology brings many benefits to a business, but it also brings risks. Knowing how to assess and manage those cyber risks is essential for success, a powerful hedge against many of the threats that your business faces, whether you are an established firm or pioneering startup. ESET security researcher Stephen Cobb explains how cyber risk assessment and management can work for you.
  • In the last few years, security breaches have occurred in various shapes and forms and have shaken up many organizations, especially those in the retail industry. Approaches for auditing and assessment vary from one governance, risk, compliance (GRC) company to the next. Simply checking a box for each regulatory requirement is not sufficient. An approach to meet the challenges that go beyond compliance and address an appropriate security posture should be adopted by organizations.

    This webinar, presented by Dan Fritsche, Managing Director, Application Security at Coalfire Labs, will help you understand the potential costs of failing an audit or getting breached even after having passed a Payment Card Industry Data Security Standard.

    Topics covered include:

    Brand Damage
    Loss of Revenue
    Downtime
    Privacy Penalties
    Forensics Investigations
    Cyber Insurance Coverage

    The presentation will also highlight the steps that organizations can take to address cyber-security risks.
  • Willbros, a leading infrastructure contractor serving the oil and gas industry, leverages Amazon Web Services (AWS) and Trend Micro Deep Security to quickly design and deploy agile, secure cloud solutions to protect their vital data. Moving to AWS allows organizations to leave their infrastructure behind and start fresh – architecting for flexibility and scalability. However, bottlenecks are created when traditional on-premises security approaches and tools are used. Learn how Willbros unleashed innovation in the energy industry by taking a greenfield approach to security in AWS. Attend this practical webinar by AWS, Trend Micro and Willbros to learn how you can design a flexible, agile architecture that meets compliance requirements and protects your most valuable asset – your data. Jason Cradit from Willbros will share their experience on how they achieved building robust and secure pipeline management systems in the cloud.

    In this webinar you’ll learn how to:
    - Architect a secure application using a combination of AWS services, Trend Micro services, and configurations
    - Understand how host-based protection improves application security, as well as agility and flexibility
    - How to protect workloads from attack, without hampering performance
  • Join John Hudson, Thinking Dimensions, to learn how to:
    - Identify the key stakeholders represented in any situation
    - Identify the Critical Thinking skills and processes that underlie a successful Root Cause Analysis
    - How to successfully prioritise issues every time
    - Identify the core issues represented in any situation
    What you will take-away:
    - An appropriate set of Thinking processes to adopt
    - An intuitive and structured set of Questioning techniques
    - Structured templates that allow for the timely analysis/filtering of information
    - The confidence to adopt the process for your everyday work
  • Die Inhalte sind migriert, technische Hürden gemeistert und SharePoint erfolgreich implementiert. Was viele Unternehmen jedoch unterschätzen – Mit der alleinigen Bereitstellung von SharePoint ist es in der Regel nicht getan. Das Zauberwort: User Adoption. Was nützt das modernste Deployment und die beste Software, wenn es den eigentlichen Usern an Vertrauen und Wissen im Umgang mit der Plattform fehlt und sie eine Verwendung der selbigen lieber umgehen?
    Patrick Lamber, SharePoint MVP, und Robert Mulsow, Senior Technical Solutions Professional bei AvePoint, haben es sich in diesem Webinar zur Aufgabe gemacht, Ihnen gemeinsam Best Practices für eine erfolgreiche Einführung und ressourcenschonende, richtlinienkonforme Verwaltung von SharePoint an die Hand zu geben, damit Ihre Endanwender SharePoint in vollem Umfang nutzen können und auch wollen.

    Anhand eines konkreten Beispielprojekts erfahren Sie:

    • Wie die Einführung von SharePoint nicht nur theoretisch zum Erfolg wird, sondern Endanwender sich ihren Arbeitsalltag gar nicht mehr ohne vorstellen können.
    • Welche Hindernisse, Vorurteile und Probleme es hierbei zu bewältigen gibt
    • Wie man es schafft, die Anwendung erfolgreich bei den unterschiedlichen Mitarbeitern im Unternehmen zu etablieren, damit SharePoint zum durchschlagenden Erfolg wird.
  • According to Gartner, “through 2019, more than 50% of data migration projects will exceed budget and/or result in some form of business disruption due to flawed execution."(1) Furthermore, 1 in 6 large IT projects go over budget by 200%, according to a Harvard Business Review article. It is widely recognized that application migration and consolidation projects are “risky business” – high-ticket items for the corporation, with a scary chance of failing. If you are undertaking any IT modernization or rationalization project, such as consolidating applications or migrating applications to the cloud or ‘on-prem’ application, such as SAP, this webinar is a must-see.

    The webinar is going to shine the light on the critical role that data plays in the success or failure of these projects. Application data consolidation and migration is typically 30% to 40% of the application go-live effort. There is a multitude of data issues that can plague a project like this and lead to its doom, and these are not always recognized and understood early on, which is the biggest problem.

    In this webinar, Philip Russom of TDWI will walk us through the potential data pitfalls a corporation should consider when undertaking an application consolidation or migration project. Philip will share best practices for managing data in order to minimize risks and ensure on-time and on-budget delivery of these projects. Rob will discuss Informatica’s unique methodology and solution to support these best practices. Rob will also share real-life examples on how Informatica is helping customers reduce risks and complete application consolidation and migration projects on budget and on schedule.

    1) Gartner report titled "Best Practices Mitigate Data Migration Risks and Challenges" published on December 9, 2014
  • Disruptive forces are accelerating a change in workplace technology, leaving organizational data at risk. In the past, IT was able to create a ‘walled garden’ with clearly set protocols for how data came in and out of the organization. This is no longer the case.
    As a response, Workshare recently hosted a series of roundtables and polls, where we asked CIOs and senior IT professionals how trends in the workplace are affecting their IT strategy.

    Join us as we discuss how these trends are influencing IT strategies today, as well as the best practice for reducing risk.
  • The Top Five Best Practices for Controlling Third-Party Vendor Risks.

    Target, Home Depot, eBay — look at almost any of the seemingly never-ending string of mega-data breaches, and you’ll find a common thread. Stolen or compromised user credentials, belonging to a privileged user with wide-ranging access to sensitive systems, served as the initial attack path. Often — in as many as two-thirds of cases — those credentials belonged to a third-party; a vendor or business partner who’s been granted internal access to your network. With those credentials in hand, attackers are free to roam about your IT infrastructure, seeking out and exploiting their ultimate goals. It’s a frustrating — and dangerous — challenge. You have to provide access to vendors, contractors, and business partners — but doing so often introduces unacceptable security risks.
    But these risks are manageable. Join us to learn the top five best practices for regaining control of third-party access, and the processes and technology necessary to stop unauthorized access and damaging breaches. In this webcast, we’ll discuss:
    • The identity, access, and security governance processes needed to protect your network
    • How to ensure positive user identification to prevent credential theft and misuse
    • Techniques to limit access to only those resources required to satisfy work or business requirements
    • Preventing the unauthorized commands — and inadvertent mistakes — threatening your network
    • Establishing monitoring procedures that flag violations and speed forensic investigations
  • Cloud and data center security can be dauntingly complex, and selecting the right vendor to engage with is a critical decision for any enterprise. However, cloud and data center security can be a difficult market to navigate. Are vendors backing up their marketing claims? How do different approaches stack up next to each other? What factors need to be taken into consideration when comparing products? Trend Micro has teamed with analyst firm ESG to sort these questions out, and encourage organizations to think differently when it comes to cloud and data center security.

    ESG conducted an independent economic evaluation to investigate the differences between Trend Micro and traditional security approaches, and are conducting a live webinar to present their findings. ESG and Trend Micro will give insight into the cloud and data center security market, ESG’s Economic Value Validation methodology, and the conclusions that were reached about the value Trend Micro is providing to their customers. Join us to learn more!
  • The need to share content -- securely, collaboratively, immediately -- is critical to your job. You’re working with outside agencies and business partners, sharing documents that contain sensitive data like product designs, ad campaigns and customer data, to name just a few.

    According to research from the Ponemon Institute, more than six out of ten people report having accidentally forwarded files to individuals not authorized to see them. It’s time to create some good habits that will allow you to collaborate with internal and external resources and be 100% compliant with the regulations that govern your industry.

    Please join us for an interactive presentation about how new habits and tools can make it easy for you to be efficient and compliant, without sacrificing speed or creativity.
  • Source code management systems contain the crown jewels of a software company's intellectual property. Effective auditing gives you a picture of who's accessing that IP and when changes are being made. This information can satisfy compliance and security requirements and give you new insights into your development practices. In this webinar we'll explore standard and extended audit reports available for Subversion and Git administrators.
  • Organizations across industries face an ongoing challenge to meet the stringent data-related regulatory compliance requirements. The major pain points boil down to accessing quality data that provides the necessary auditability and transparency required by auditors and regulators, and the ability to prove that sensitive data is being protected. Those data related problems present a daunting obstacle for your company to meet current as well as future compliance requirements.

    A holistic, agile data governance program can help companies address the above data challenges and become regulation–ready. A well-designed data governance program delivers the following:

    •Guaranteed access to clean, relevant, trusted and auditable data to create accurate and auditable reports to meet compliance mandates.
    •Improved operational efficiency by enabling a collaborative and repeatable process across key stakeholders
    •Enabling a true data-driven business environment for your organization to drive continued innovations and growth

    Please join us to hear David Loshin, established industry expert in data governance and data quality, and Rob Karel, VP of Strategy and Product Marketing at Informatica to discuss best practices for data governance, how organizations can leverage data governance programs to address existing and future compliance requirements, and how to turn your data governance program into a strategic initiative that drives significant business benefits for your organization.
  • Do you run mission critical applications in the cloud? If the answer is yes, then you already know how important it is to have visibility into all aspects of your infrastructure. An alert telling you your application is down is no longer sufficient. Today’s IT managers need to be made aware of potential problems before they arise.

    Join me, Dan Waymire, Sr. Account Manager at HOSTING, for a webinar on May 28th at 3 p.m. EST to learn how Hosting can provide unprecedented visibility into your infrastructure, allowing you to be one step ahead of service impacting events. Leveraging the industry leading ScienceLogic platform, I will cover the following:
    •A demonstration of how you can build real-time dashboards showing availability, utilization, and performance of your entire IT infrastructure
    •A walk-through of an Executive dashboard showing your leadership team the application availability in real time
    •IT manager dashboards capable of showing utilization & performance of web servers, database servers, switches, and firewalls all in a single pane of glass
  • Problem Management is one of the most useful processes within ITIL as it allows an organisation to identify the underlying issues that generate incidents over and over again and removes them. It supports the change from reactive to proactive and makes customers happy by providing information and a process on those annoying issues that keep coming back to haunt them, and when they can expect to see them gone forever. However, with all this to offer many organisations still struggle to get the funding to implement this process as its seen as a duplication of effort with incident management.

    Join Peter Hubbard, Pink Elephant, as he shows you how to set up this process on a part time, unfunded, but effective way. The point is not to say that Problem Management does not need a budget, its to show you how to build up support by doing the basics anyway and showing how much better it could be if the organisation DID fund it properly!