Hi {{ session.user.profile.firstName }}

IT Governance, Risk and Compliance

  • With each passing year, the frequency and number of organisations that are hacked increases at a dizzying rate. No industry vertical can ignore this trend. One of the key challenges facing all business is to come to grips rapidly with an ever-changing threat landscape.

    How can your organisation understand specifically what threats is being targeted with? In order to answer this question business need to be able to quantify and qualify the threats aligned against them. In essence being able to understand what malicious actor’s know about an organisation and how that knowledge may be deployed in attack campaigns and vectors.

    During the course of the webinar session, Blueliv’s Cyber Security Development Manager, Nahim Fazal will present the Blueliv proposal for improving the cyber threat visibility of a business.

    Key Takeaways:
    - Why the same approach gives the same results
    - Actionable intelligence – what does this look like in the real world?
    - Reducing your cost and incident response time
  • Penetration testing is just one element in the overall process of obtaining confidence in the cyber security of the organisation. Consideration to security must be given in the architectural design of networks and the coding of applications and website. Where this is not the case penetration testing will provide an indication of what should be done to retrospectively apply security or to provide a ‘patch’ to make things better.

    Many investigations of cyber attacks have highlighted that the system has been compromised for some time, often years, without the system owner knowing. The penetration test provides an insight into the internal controls and the ability of the SOC or NOC to identify attacks. If the test is conducted and there is no indication that it has been detected, it is highly likely that real attacks have not been detected either and further analysis is required.

    It must be recognised that no security is impenetrable and therefore the ability to react to a cyber security incident is really important. The penetration testing is essential to test the organisation’s ability to respond. The statement that a penetration test will be quickly out of date is valid to some extent but without it the organisation is blind to the types of threats it is exposed to and the vulnerabilities in the systems. To be effective the testing programme must be placed in context and the links between assurance activities fully understood.
  • The increased complexity and frequency of attacks, combined with reduced effectiveness of detective or preventative control frameworks, elevate the need for organisations to roll out enterprise wide incident response initiatives to ensure rapid containment and eradication of threats.

    In this webcast, Don Smith, Technology Director at Dell SecureWorks, describes three organisation’s experience with “APT” actors, examining techniques deployed for intrusion, persistence, lateral expansion and exfiltration.

    Don will highlight where changes to the detective or preventative control frameworks could have prevented the attackers from achieving their objectives and outline key steps to building a robust incident response plan.

    Webcast takeaways include:

    · Real-world examples of APT attacks from the coalface

    · The latest tools and techniques that advanced threat actors are using

    · Recommendations for preventing and responding to APTs
  • It’s no secret that there are botnets for hire, groups of computers that can, and are, used against our organizations on a daily basis. But what is the nature of these botnets? What abilities do each of the installed toolkits offer to the attacker? Most importantly how do their capabilities change the defenses necessary to protect yourself?

    We’ll cover two of the most recent toolkits that have been seeing wide usage. Learn a little about the people behind the attacks, where the attacks are coming from and what you might expect to see in the near future. You might be a bit surprised at where a lot of the traffic is coming from (hint: it’s closer than you think).
  • We're seeing a massive shift in cyber security activity from internal threats to organised gangs and targeted state sponsored activities. Recent news items suggest there is an overwhelming need for organisations to understand their "Situational Awareness".

    In this webinar, (ISC)² and IBM will explore what to expect in 2016, focusing on the following key questions:

    - How do organisations understand what threats are real?
    - How much risk appetite do boards have in this complex, mobile, interconnected near real-time world?
    - As more and more devices are connecting to an ever-increasing number of communication channels, how do you ensure you can protect, prevent and respond to cyber security issues, yet provide a transparent easy to use multi-channel experience?

    Adrian Davis, Managing Director (ISC)² EMEA
    Peter Jopling, Executive Security Advisor, Deputy WW Tiger Team Leader, IBM
    Simon Moores, Information Security Futurist
  • In this webinar I will discuss what security culture is, where it belongs in the organisation, and how good security culture can reduce the likelihood of being breached. I will point to research on culture, human behaviours, and how to motivate people to do the right thing.
  • A traditional penetration test is a snapshot of vulnerabilities for an environment that is in constant flux. The snapshot may also be an incomplete picture, addressing only a portion of a more complex system. To give a view of real business risk, can we link the vulnerabilities to real-world threats and, more importantly, vice versa? Wouldn’t it be better to start with the threats and work forward down the kill chain to the target? How feasible is it to take up-to-date threat intelligence and use that to scope our penetration tests? Peter Wood will try to answer these questions and provide a strategy better suited to today’s attacks.
  • Cyber Risk is the Risk most underestimated by businesses according to the 2015 Allianz Risk Barometer.

    Learn how organisations can lower cyber risks associated with loss of reputation, business interruption, and loss of customer data, by improving detection and response capabilities.

    Plus, watch a LIVE DEMO of an example attack on a public facing ecommerce website, and how detecting and responding to the threat earlier can lower cyber risk.

    Discover how organisations now need to go beyond traditional signature based defenses and firewalls to disrupt attacks across the entire attack chain, with the need for security intelligence and behavioural analytics to help prioritise and detect areas of risk.
  • Did you know that 80-100% of serious security breaches involve privileged account misuse or compromise?
    This, in large part, is due to the fact that enterprises are becoming more complex with an increasing number of users and devices needing network access to privileged accounts. In many cases, advanced attackers are focused on achieving domain administrator privileges because of the unrestricted access and control these credentials have in the IT landscape.

    Join (ISC)² and CyberArk in this webinar where we’ll discuss and demonstrate:

    -vulnerabilities posed by unsecured privileged accounts
    - the state of cyber security and attacker motivations
    - lateral movement techniques - using real-world data - that enable an attacker to take over a network
    - the expanding threat landscape posed by complex IT environments
  • Wireless is now the expected medium of choice for network users. Delivering it successfully can be a challenge especially with multiple different approaches and architectures available. What is right for your organisation? Cloud? Controller? How is it all secured?

    This session will discuss 3 main Wi-Fi architecture types, their different advantages, the wired edge, and how to secure it all. Importantly, we will finish with what to consider when making the right choice for your needs.
  • As advanced threats rapidly increase in complexity, technology must evolve to find smarter ways of detecting and blocking attack techniques across IT control points.

    Symantec has developed 3 innovative technologies with Advanced Threat Protection that will change the game - helping customers detect, prioritise and respond to threats within minutes – from a single console, with a single click.

    Join this webinar to understand how Symantec technology can improve your advanced threat protection.
  • IT organizations face rising challenges to protect more data and applications in the face of growing data security threats as they deploy encryption on vastly larger scales and across cloud and hybrid environments. By moving past silo-constrained encryption and deploying encryption as an IT service centrally, uniformly, and at scale across the enterprise, your organization can benefit from unmatched coverage— whether you are securing databases, applications, file servers, and storage in the traditional data center, virtualized environments, and the cloud, and as the data moves between these different environments. When complemented by centralized key management, your organization can apply data protection where it needs it, when it needs it, and how it needs it—according to the unique needs of your business. Join us on November 25th to learn how to unshare your data, while sharing the IT services that keep your data secure, efficiently and effectively in the cloud and across your entire infrastructure.
  • Jason Steer, Solutions Architect at Menlo Security breaks down the Top 5 vulnerable pieces of software that you should remove from your computer.
  • In this webinar, learn about the new capabilities in the Informatica PowerCenter 10 editions and how they will increase your development agility.

    Through the eyes and daily routine of typical developers and business analysts you will discover how this new release:
    . Enhances the collaboration between IT developers and business analysts
    . Delivers more powerful visualization for data profiling
    . Delivers a new monitoring dashboard to view service health and system usage
    . Increases your productivity with up to 50X faster data lineage rendering
    . Enhances your project reach with new connectors and real time capabilities
    . Includes new capabilities for parsing semi-structured and unstructured data

    Watch this webinar to accelerate your deliver of data integration-based value to your organization.
  • The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of dollars, as a result of the third party supplier being comprised. Changes in regulation, the evolving threat landscape and policy changes globally further complicate matters, generating further risk and expense for business.

    Despite considerable efforts from many industries to address these issues, it remains difficult to manage. As well as the risks described, companies perceived as the ‘weakest link’ in the supply chain could end up not having third party contracts renewed. These challenges are discussed in more detail, and some suggestions put forward to help tackle the increasing burden on teams and risk mitigation strategies.
  • Although we shall witness many strides in cybersecurity in 2016, there will still be a narrow margin between these and the threats we’re foreseeing. Advancements in existing technologies—both for crimeware and for everyday use—will bring forth new attack scenarios. It’s best for the security industry as well as the public, to be forewarned to avoid future abuse or any monetary or even lethal consequences.
  • IT organizations today are under constant pressure to deliver better services more quickly and with lower cost. Traditional approaches are being rapidly replaced with enabling technologies such as virtualization, software-defined architectures, and cloud computing, introducing more complexity while the relentless growth of data pushes the limits of scalability. As IT undergoes this transformation, backup and recovery services must transform with it, and together can enable a greater transformation for your business.

    Join our upcoming webcast to:
    •Identify three ways NetBackup 7.7 reduces the complexity of enterprise data protection
    •Understand three ways NetBackup 7.7 helps you scale with growth
    •Realize three ways in which NetBackup 7.7 can make your organization more agile
    •Learn about the latest capabilities added in the 7.7.1 release.

    Find out how you can improve enterprise backup and recovery and ultimately move faster and take bigger risks trusting that your information is safe.
  • In recent days we have heard from CEO’s about the challenges they face when a breach occurs in determining what data has been lost. Was it sensitive customer data? If so, how many customers are impacted? Not knowing this information immediately causes further damage to customer confidence and significantly increases the cost of dealing with the breach itself.

    In this webinar Informatica will introduce a new generation of Data Security Intelligence capabilities which will provide insight into exactly where company and customer sensitive data resides, how it is moving through the organization and what security measures are in place to protect it. We will also look at some of the proactive measures that can be quickly put in place at the database layer to prevent even authorized staff credentials from making unusual data requests, which are often the precursor to a costly breach.

    We hope you can join us for what promises to be an informative and highly topical webinar.
  • Trinity Health is an 86-hospital system that recently completed a large merger with Catholic Health East. With demand for analytics across the enterprise growing faster than ever before, Trinity Health was in urgent need for gaining easy access to high quality, trusted data. One of the most pressing challenges for Trinity Health was to manage the inconsistent data from variety of applications as it was being moved in and out of different data warehouse systems. In order to extend their analytics platform beyond financials to include clinical, operational, and third party data, they needed to deliver connected, safe, and clean data. This meant adding data quality and master data management capabilities to their architecture. In addition to technology, Trinity Health relied on an enterprise-wide, comprehensive data governance and data investigation program to ensure the overall success of the analytics initiative.

    This webinar will cover how the Trinity Health team achieved consensus for this program, collaborated with business and technical colleagues, and advanced data governance as a best practice to support advanced analytic initiatives.

    During this webinar, you'll learn how to:

    • Implement the best health information management technology
    • Boost your agility to gain insight from healthcare data for better patient outcomes
    • Facilitate patient data centricity for reduced costs with clean, safe data