Hi [[ session.user.profile.firstName ]]

IT Governance, Risk and Compliance

  • Best Practices on Operational Efficiency in Network Security Best Practices on Operational Efficiency in Network Security Presenter: Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint Recorded: Oct 26 2016 63 mins
    Most businesses prefer to control the day-to-day operations of their networks using their own resources. The increasing complexity of modern networks means that the overall acquisition, control and deployment for network security projects is far more challenging than before. With decreasing IT budgets and limited resources within high growth businesses; how are network teams expected to improve operational efficiency without sacrificing quality of service and service level agreements?

    In a world that is fraught with new security exploits, maintaining operational efficiency with a low impact on resource and cost can be very difficult.

    What are the best practices for maintaining an operationally efficient network security deployment? How do network teams stay on-top of daily routine tasks, such as policy configuration, upgrades and network security monitoring? How can network teams be enabled to focus on mission critical projects through automation?

    Learn from case studies about network security and firewalls which enable the deployment of firewalls within highly distributed networks without sacrificing time or security.

    Join Forcepoint and (ISC)² on Oct 26 (Wed) at 1:00p.m. (Singapore time) in learning the best practices on operational efficiency in network security.

    Presenter: Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint

    Moderator: Clayton Jones, Managing Director, Asia-Pacific, (ISC)²
  • Finding the Holy Grail: Data Security AND Privacy Finding the Holy Grail: Data Security AND Privacy Robert Ball, Global Privacy Officer and Chief Legal Officer at Ionic Security, Inc. Recorded: Oct 25 2016 43 mins
    Privacy vs. security, security vs. privacy… the debate is ongoing. Why can’t we have both? Good news: by leveraging the appropriate mix of policies, procedures and enabling technologies, it is possible to secure data AND control access to it in a way that ensures proper application of privacy policies.
  • Compliance as Code with InSpec 1.0 Compliance as Code with InSpec 1.0 Christoph Hartmann, InSpec core contributor & George Miranda, Global Partner Evangelist Recorded: Oct 25 2016 60 mins
    InSpec is an open-source testing framework with a human-readable language for specifying compliance, security and other policy requirements. Just as Chef treats infrastructure as code, InSpec treats compliance as code. The shift away from having people act directly on machines to having people act on code means that compliance testing becomes automated, repeatable, and versionable.

    Traditionally, compliance policies are stored in a spreadsheet, PDF, or Word document. Those policies are then translated into manual processes and tests that often occur only after a product is developed or deployed. With InSpec, you replace abstract policy descriptions with tangible tests that have a clear intent, and can catch any issues early in the development process. You can apply those tests to every environment across your organization to make sure that they all adhere to policy and are consistent with compliance requirements.

    Inspec applies DevOps principles to security and risk management. It provides a single collaborative testing framework allowing you to create a code base that is accessible to everyone on your team. Compliance tests can become part of an automated deployment pipeline and be continuously applied. InSpec can be integrated into your software development process starting from day zero and should be applied continuously as a part of any CI/CD lifecycle.

    In this webinar, we’ll explore how InSpec can improve compliance across your applications and infrastructure.

    Join us to learn about:
    - What’s new in InSpec 1.0
    - InSpec enhancements for Microsoft Windows systems
    - Integration between InSpec and Chef Automate

    Who should attend:
    Security experts, system administrators, software developers, or anyone striving to improve and harden their systems one test at a time.
  • Automating Security and License Compliance in Agile DevOps Environments Automating Security and License Compliance in Agile DevOps Environments Utsav Sanghani Product Manager Integrations, Partnerships & On-Demand, Black Duck Recorded: Oct 25 2016 41 mins
    Yes, it’s possible to automate open source security and license compliance processes and maintain DevOps agility. In this webinar, Product Manager Utsav Sanghani will demonstrate how Black Duck Hub plugs into Jenkins to address open source license compliance and security risks as part of an overall release process. He will cover:
    - Automating and managing open source security as part of the SDLC
    - Defining and implementing custom policies that prevent potential open source risks
    - Issue management and remediation workflow, with ideas on how going left translates into greater savings
  • Tips on Anyalyzing and Modeling Complex Data Sets Tips on Anyalyzing and Modeling Complex Data Sets Scott Dallon, BrainStorm, Inc. Recorded: Oct 25 2016 20 mins
    Discover how businesses turn big data into meaningful insights to help make organizations work smarter, and make better decisions faster.

    Join Scott Dallon to learn tips on analyzing and modeling complex data sets!
  • Best Practices: Architecting Security for Microsoft Azure VMs Best Practices: Architecting Security for Microsoft Azure VMs Oliver Pinson-Roxburgh, EMEA Director of Solutions Architecture Recorded: Oct 25 2016 61 mins
    Do you know if your workloads are secure? Do you have the same security and compliance coverage across all of the cloud platforms and datacenters running your critical applications? Are you having to design your security framework each time you deploy to a new region or datacentre?

    Whether you’re working with multiple cloud environments or exclusively on Azure, there are certain things you should consider when moving assets to Azure. As with any cloud deployment, security is a top priority, and moving your workloads to the cloud doesn’t mean you’re not responsible for the security of your operating system, applications and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your Azure environment is secure.

    Register for this impactful webinar as we discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

    In this webinar, we will take a look at:
    • The Shared Security Model: What security you are responsible for to protect your content, application, systems and networks
    • Best practices for how to protect your environment from the latest threats
    • Learn how traditional security approaches may have limitations in the cloud
    • How to build a scalable secure cloud infrastructure on Azure
  • CA PPM in der Praxis – Teil 1: Applikation Portfolio Management CA PPM in der Praxis – Teil 1: Applikation Portfolio Management Peter Säckel/Advisor PPM/CA Technologies Recorded: Oct 25 2016 42 mins
    Wie stellen Sie sicher, dass sich all Ihre Applikationen an Ihren Geschäftszielen ausrichten?
    Passen Sie Ihr Budget für Applikationen regelmäßig an die aktuelle Geschäftsstrategie an?

    Dieses Webinar möchte aufzeigen, wie Sie eine komplette Übersicht zu Ihrer Applikationslandschaft erhalten, diese objektiv hinsichtlich Geschäftszielen bewerten und dabei Redundanzen oder unnötige Applikationen identifizieren.

    Das damit verbundene Einsparungspotential könnte in sinnvolle Innovationen oder Unternehmenstransformation eingesetzt werden.

    Diese Webinar-Reihe beginnt mit dem Thema Applikation Portfolio Management und wird sich in weiterführenden Webinaren mit ausgewählten Themen aus der PPM-Welt ergänzen.
  • Breach Defense: Prepare & Respond Breach Defense: Prepare & Respond Vipul Kumra,Consulting Engineer, FireEye India,Shantanu Mahajan, Consulting Engineer, FireEye India Recorded: Oct 25 2016 49 mins
    Are you ready to handle a security breach? In the age of relentless cyber crimes and nation state sponsored cyber attacks, companies need to be breach-ready, and be proactive in their incident preparedness. This could essentially save organisations from devastating cost.
    Incident preparedness is more than having an incident response plan, it’s more than having skilled personnel on staff. Come join us for a discussion on key elements that every company should consider. Major security breaches have become part of everyone’s daily news feed—from the front page of the newspaper to the top of every security blog—you can’t miss the steady flood of new breaches impacting the world today. In today’s ever-changing world of business and technology, breaches are inevitable: you must be prepared and know how to respond before they happen
  • Breached Elections - How Hackers Are Influencing Politics Breached Elections - How Hackers Are Influencing Politics Alex Holden, Founder and CISO of Hold Security, LLC Recorded: Oct 24 2016 60 mins
    Political elections shape our society for the years to come. While the foreign hackers are no longer watching our politics out of interest, they are electronically directly interfering with our politics. The Sony Pictures breach was more of a political statement, than a data loss event. With US elections around the corner, we are more of a cyber breach target than ever. Wikileaks is releasing documents, Russian hackers allegedly breaching DNC, and there is more to come. We will examine the current trends, look at the history of the worst manifestations of hackers influencing politics. Then we will draw conclusions on how the politics are changing under a threat of a constant privacy breach.
  • Acalvio Deception 2.0 Advanced Threat Defense Overview Acalvio Deception 2.0 Advanced Threat Defense Overview Acalvio Recorded: Oct 24 2016 5 mins
    Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter. The solutions are anchored on patented innovations in Deception and Data Science. This enables a DevOps approach to ATD, enabling ease of deployment, monitoring and management. Acalvio enriches its threat intelligence by data obtained from internal and partner eco-systems, enabling customers to benefit from defense in depth, reduce false positives, and derive actionable intelligence for remediation.
  • The SANS 2016 Survey on Security and Risk in the Financial Sector The SANS 2016 Survey on Security and Risk in the Financial Sector Sandeep Kumar is the director of Product Marketing at ForeScout Technologies Recorded: Oct 24 2016 61 mins
    The financial sector is highly regulated, and as a result, often focuses on compliance. However, compliance rarely results in excellence, and thus financial institutions continue to suffer security-related breaches and losses, particularly by insiders according to the 2015 SANS survey on security spending and preparedness in the financial services sector.

    Today's webcast will focus on the relationship between compliance and security, and the best practices organizations can use to secure their financial environments. Specifically, attendees will learn about:

    The relationship between compliance and security
    The effectiveness of tools, skills and controls
    Ways to improve security effectiveness and reduce risk
    How to align security, risk and compliance programs with business goals
  • What's Next in Emerging Tech? [Emerging Tech Virtual Summit] What's Next in Emerging Tech? [Emerging Tech Virtual Summit] Eric Horvitz, Technical Fellow & Managing Director, Microsoft Research Recorded: Oct 21 2016 30 mins
    By the end of this event, you’ll be asking, “what’s next?” In this final session of our virtual summit, Technical Fellow & Managing Director at Microsoft Research, Eric Horvitz, will discuss the next generation of emerging technology, with a particular eye to artificial intelligence.
  • Emerging Tech in the Start-Up World [Emerging Tech Virtual Summit] Emerging Tech in the Start-Up World [Emerging Tech Virtual Summit] Tereza Nemessanyi, Microsoft, Kevin O’Brien, GreatHorn and Kristen Smith, littleBits Recorded: Oct 21 2016 27 mins
    In this session, you’ll hear about innovative ways start-ups are using emerging technologies. Microsoft’s own Entrepreneur-in-Residence will tell us what’s happening in the start-up world, and two start-up moguls, Kevin O’Brien of GreatHorn and Kristen Smith of littleBits, will tell us how their companies are using emerging tech.

    In a constantly-evolving world of technology, it's near impossible to stay up to date with all the new advancements in tech. Whether you're launching a start-up, working for one, or in the planning stages, join us to hear from entrepreneur experts in cyber security, cloud communication, infrastructure, inventions and more!
  • Data Center Colocation: Is it the Right Approach for the Enterprise? Data Center Colocation: Is it the Right Approach for the Enterprise? Kelly Morgan - 451 Research, Jim Leach- RagingWire, Bill VanCuren- NCR Recorded: Oct 21 2016 36 mins
    Is Data Center Colocation the Right Approach for the Enterprise? A 451 Conversation with the CIO of NCR.

    Large enterprises have traditionally owned and operated their own data centers. But the capital and personnel requirements of owning and operating your own data centers as well as the strategic distraction, are causing many enterprises to consider replacing their data centers with a mix of colocation and cloud computing.

    In this webinar, Kelly Morgan, Vice President at 451 Research and one of the leading authorities on the economics and finances of the data center and hosting industries, will present the key considerations for enterprises as they evaluate colocation. Then, William VanCuren, Chief Information Officer at NCR, will join Kelly for a discussion on NCR’s hybrid cloud strategy, including their convergence of public cloud and colocation to support the enterprise
  • Managing Cyber Risk In Your Supply Chain Managing Cyber Risk In Your Supply Chain Jake Olcott, VP at BitSight Recorded: Oct 21 2016 61 mins
    Large data breaches have caused executives to invest significant time and resources in improving cybersecurity within their own companies. But now the attackers are targeting an organization’s weakest links - business partners and contractors who have access to the most sensitive data. How should senior leaders develop a strategy to manage third party cyber risk? Who are the most critical business partners to be concerned about? How can contractual language reduce the risk? Is there a way to gain real-time visibility into the security posture of the supply chain? And what are the regulators saying about all of this?

    Join Jake Olcott, Vice President at BitSight Technologies as he talks about:

    - Assessing your organization’s maturity with respect to managing third party cyber risk
    ​- Building a third party cyber risk management program
    - Regulatory requirements for third and fourth-party cyber risk management
    - Incorporating real-time data into your vendor risk management program
  • Hacktivism Culture: DDoS 101 Hacktivism Culture: DDoS 101 Larry Collins, Product Manager at HOSTING and James Askham, Solutions Engineer at CloudFlare Recorded: Oct 20 2016 48 mins
    The threat of Distributed Denial of Service (DDoS) attacks is a growing problem for mission-critical websites, such as eCommerce shops, SaaS applications, gaming forums, and University portals; in addition, politically or artistically important organizations and journalists can be especially at risk of attack, due to the nature of their website content.

    The company CloudFlare delivers DDoS protection to over 4,000,000 websites globally, from personal blogs to large enterprises, while also offering a free protection program for respected free speech, public interest, and civil society organizations, called “Project Galileo”.

    Join Larry Collins, Product Manager at HOSTING, and special guest, James Askham, Solutions Engineer at CloudFlare, on October 20th at 3 PM EST for the webinar Hacktivism Culture: DDoS 101. During the live event, they will go over:

    •What a DDoS attack is from a technical perspective
    •The most common types of DDoS attacks
    •Best practices for mitigating against these attacks and how CloudFlare’s “Project Galileo” protects political and artistic organizations.
  • Ransomware in Healthcare Ransomware in Healthcare Matt Mellen - Security Architect & Healthcare Solution Lead - Palo Alto Networks Recorded: Oct 20 2016 46 mins
    The business model behind crimeware has changed. As the price of stolen records has plummeted, many attackers looking for new sources of income. Many attackers have turned to ransomware due to recent advances in attack distribution, anonymous payments, and the ability to reliably encrypt and decrypt data.

    Join this informative webinar where a former Information Security Lead at a hospital, will discuss practical steps healthcare organizations can take to stop ransomware. Drawing from his first-hand experience responding to ransomware, combined with recommendations from the FBI, Matt will cover practical steps healthcare organizations can take on systems and network devices to prevent exposure to this rampant attack.

    Register today to learn more about:

    • How the most current variants of ransomware work
    • How to prevent successful ransomware attacks in Healthcare

  • Threat Detection 101: Why Advanced Monitoring Is Key To Ensuring Cybersecurity Threat Detection 101: Why Advanced Monitoring Is Key To Ensuring Cybersecurity Matt Thurston, Chief Architect at Arctic Wolf Networks Recorded: Oct 20 2016 35 mins
    Advanced persistent threat detection is part art and part science. This presentation provides a simple, straightforward explanation for non-technical people to help them understand how threat detection works. Having the best firewall and antivirus in the world will not keep you safe from cyber attacks. Attend this webinar to see why advanced monitoring is the only way to ensure vigilant cybersecurity.
  • Vote Cyber! Modern Day Threats to Democracy Vote Cyber! Modern Day Threats to Democracy Simon Crosby, CTO of Bromium Recorded: Oct 20 2016 37 mins
    The US election and its voting infrastructure are under attack. The result is ugly and shows the extent to which we need to plan for and protect against the influence of cyber-related attacks on US elections in future. In this brief discussion, Simon Crosby, CTO of Bromium will review the underpinnings of Democracy, and how we might defend it when it is in everyone’s interest to subvert it.
  • Gen 4 Attacks: Web Behavior Analytics to Protect Websites Gen 4 Attacks: Web Behavior Analytics to Protect Websites Eric Ogren, Senior Analyst at 451 Research, & Omri Iluz, CEO of PerimeterX Recorded: Oct 20 2016 58 mins
    Join Eric Ogren, Senior Security Analyst at 451 Research, and Omri Iluz, CEO of PerimeterX, as they discuss how your best defense against automated website attacks rests with an approach founded on analyzing the behavior of humans and bots. 451 Research has talked with organizations that have saved millions in fraudulent transactions after embracing a behavioral analysis approach to security.

    Sophisticated attackers are commercially motivated, using automated attacks to inflict damage. By abusing encoded business logic, they utilize real browsers to take over accounts, perform fraudulent purchases and scrape intellectual property, without triggering traditional security mechanisms. Through advanced techniques of cloaking from the world of malware, they disguise their nefarious intentions. Signature-based bot detection and WAFs are blind to these new threats, leaving your organization’s website defenseless.

    In this webinar you will learn:

    •How bots have evolved from simple scripts to sophisticated Man-in-the-Browser attacks
    •How to protect against advanced modern attacks utilizing real-user browsers
    •How to detect malicious behavior with Web Behavior Analytics (WBA) technologies
    •Real-world attacks and how organizations use behavioral analysis to prevent them
    •How to future-proof your business and your infrastructure
  • Your Mobile Devices - Wi-Fi Attacks and Vulnerabilities Your Mobile Devices - Wi-Fi Attacks and Vulnerabilities David Jevans, VP Mobile Security, Proofpoint Recorded: Oct 20 2016 40 mins
    Mobile device users interact with numerous Wi-Fi networks at work, home, airports, coffee shops and more. Connecting to wifi networks is second nature, with users’ accepting terms and conditions without realizing the risk of data-loss from malwareless and softwareless wifi attacks. This webcast will help you understand the common attacks and vulnerabilities that users are exposed to when traveling, and what you can do about them.
  • Practical Recommendations To Make Smarter Security Decisions Practical Recommendations To Make Smarter Security Decisions Joseph Blankenship, Senior Analyst at Forrester Research, Venkat Rajaji, SVP of Marketing at Core Security Recorded: Oct 20 2016 55 mins
    Security teams are taking in more data – such as device telemetry, vulnerability data, and threat intelligence - than ever before as they try to keep pace with threats and compliance mandates. Unfortunately, more data doesn’t translate directly to better protection. In fact, too much data can overwhelm security teams and make it more difficult to recognize threats. Gaining useful insight and making security data operational is the only way to shorten time to detection and time to remediation. In this webinar, guest Forrester analyst Joseph Blankenship and Core Security will cover:

    •Enabling action with data
    •Gaining insights with intelligence
    •Increasing efficiency with workflow
  • Overcoming the Challenges of Scaling Agile Project Management - 1 PDU Overcoming the Challenges of Scaling Agile Project Management - 1 PDU Andy Jordan, ProjectManagement.com Recorded: Oct 20 2016 57 mins
    Organizations are increasingly looking to expand Agile to a greater number of projects and to increasingly diverse business areas.  The process and tools that served them well for just a handful of software development projects may well struggle to scale vertically and horizontally and organizations need solutions. Join Andy Jordan, ProjectManagement.com as he discusses the need to evolve Agile approaches in different areas and at different scales.

    This session is approved for 1 Project Management Institute (PMI) PMP Credit.
  • Phishing, Malware and Incidents – Why You Need Phishing Incident Response Phishing, Malware and Incidents – Why You Need Phishing Incident Response Brendan Griffin, Threat Intelligence Manager, William Galway, Director of Product Management, Adrian Davis, (ISC)² Recorded: Oct 20 2016 62 mins
    During the first half of 2016, encryption ransomware grew to become the most common type of malware used through soft-targeting and massively distributed attacks. Encryption ransomware now accounts for 50% of all malware delivery configurations, meaning that it is no longer considered simply a means for making a quick profit, but a permanent fixture on the threat landscape. Daily email-based attacks require an unattainable perfect response – every time. However, teams are constantly working within constraints and breaches continue to occur in record number. Technology has been introduced to help but has failed time and time again.
    Join PhishMe’s Brendan Griffin and Will Galway to hear why it’s not all doom and gloom. In this session, you’ll learn about:

    •Ransomware trends and monetization for the first half of 2016
    •How simple attacks can still inflict massive damage
    •How PhishMe Triage creates fast and effective phishing incident response process to combat email-based attacks