Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
Public cloud apps like Office 365 are being widely adopted in every major industry, with security & compliance at the top of the list of concerns. In this webinar, Greg Schaffer, CISO at FirstBank and Rich Campagna, VP of Products at Bitglass, will provide practical cloud security advice that you can apply immediately in your organization. Focusing on O365 but offering a broad view, Greg and Rich will cover top concerns, mitigating controls and will give examples of how your peers have responded to the cloud security challenge.
The Foreign Corrupt Practice Act (FCPA) is here to stay. So, too, is the expanding landscape of anti-corruption regulations, enforcement and media scrutiny around the world. Today, more than ever, companies operating domestically and internationally should understand their corruption risks and have effective programs in place to mitigate those risks. This webinar goes beyond an overview of the FCPA to a practice discussion of what your organization can do to help provide senior leadership, the Board, investors, customers and other stakeholders assurance your company is operating ethically and corruption-free across the globe.
After attending this webinar, you will be able to:
•Describe the ever changing landscape of anti-corruption legislation and enforcement around the globe
•Help your organization assess the design and effectiveness of your existing FCPA and global anti-corruption programs against regulatory requirements and leading compliance practices
•Develop a comprehensive global anti-corruption risk assessment model tailored and scaled to fit your organization
•Learn of various tools and resources available to assist in your global anti-corruption compliance efforts
•Understand the specific and unique risk landscape of doing business in China
If you’re an IT professional, you probably know at least the basics of ransomware. Instead of using malware or an exploit to exfiltrate PII from an enterprise, bad actors instead find valuable data and encrypt it. Unless you happen to have an NSA-caliber data center at your disposal to break the encryption, you must pay your attacker in cold, hard bitcoins—or else wave goodbye to your PII.
Those assumptions aren’t wrong, but they also don’t tell the whole picture. Hear from Jeremiah Grossman, SentinelOne’s Chief of Security Strategy and a 20-year cybersecurity veteran, in this on-demand webinar that will explore the foundations of ransomware, and why you truly need to worry.
In this 30 min webcast you will get an overview of how SAP Hybris enriches the digital transformation plus a detailed walk through of how you can get enabled. Join us to see how simple it is through our personalised learning maps.
This month’s webinar will feature information from our 2016 mid-year security roundup report where we detail out the latest trends within the threat landscape affecting the world. From Ransomware and Business Email Compromise to Data Breaches we’ll cover the most important threats that are targeting our customers and businesses. We will also cover the threat statistics we gather from our Trend Micro™ Smart Protection Network™ and the top threats observed.
Tune in for the latest in our Ask the Experts Series! This session is all-about-Azure: cloud computing and PaaS for the enterprise. During this session we will show you how and why to use the benefit/credit that comes with your Visual Studio Subscription.
In this webcast, you will learn:
- About other available Azure programs
- Application development tests on Azure
- What other customers are doing on Azure and how it is paying large dividends
What every organization needs to know before, during, and after a ransomware attack.
Ransomware has one goal: to get your money. It locks away files until payment is made. Ransomware attackers collected more than $US 209 million from victims during the first three months of 2016 alone, with the volume of attacks 10 times higher than all of 2015.
Ransomware makes headlines when hospitals are taken offline or police departments pay cybercriminals to decrypt their files. Proofpoint has unparalleled visibility into the advanced threats, including ransomware, that are aimed at organizations today. Proofpoint can dynamically analyze and block in real-time the malicious URLs and attachments that can evade antivirus and reputation filters to deliver ransomware.
Join Jennifer Cheng, Director, Product Marketing, Proofpoint for this webinar to learn how to defend against ransomware with our anti-evasion technology.
•Why ransomware is surging.
•Where it comes from.
•What to do before, during, and after an attack.
•Should you pay or not? What to consider.
Exploit kits don’t stop. Neither should your business.
La versión 3.2 del PCI DSS (Payment Card Industry Data Security Standard) ha sido anunciada - las organizaciones que deben cumplir precisan entender los cambios y sus implicaciones. Participe de nuestro webinar para entender más sobre por qué fue lanzado tan rápido y cómo puedes parar mejor a tu organización.
• El alcance de la nueva versión PCI DSS 3.2
• ¿Qué significa para su negocio?
• ¿Por qué deberías implementar los cambios, aunque no sean mandatorios?
• ¿Qué puede venir en el futuro próximo?
Many recent data breaches have exploited security weaknesses in the networks of third parties to attack businesses. With supply chains growing and business functions increasingly outsourced, the number of third party organizations with access to your company’s most sensitive data has increased dramatically. How should organizations assess and manage the cyber risk by their vendors and suppliers? What kinds of policies and controls should organizations put in place in order to mitigate third party cyber risk? How can organizations continuously monitor the cybersecurity performance of their critical vendors in real time?
Getting familiar with third party cyber risk management best practices and industry standards is a good start towards mitigating cyber risk for your organization. Join Jake Olcott, VP of Business Development as he discusses these topics and more.
Social Engineering has been around for as long as the crooks have but in a modern online world, running a con game has never been easier. And that’s why we need to be savvy.
A social engineer can research you on Facebook and LinkedIn; read up about your company on its website; and then target you via email, instant messaging, online surveys…and even by phone, for that personal touch. Worse still, many of the aspects of a so-called “targeted attack” like this can be automated, and repeated on colleague after colleague until someone crumbles.
Greg Iddon will take you into the murky world of targeted attacks, and show you how to build defences that will prevent one well-meaning employee from giving away the keys to the castle.
Hear from your industry peers and other security experts on this very important topic of Ransomware in Critical Infrastructure:
•A brief history of ransomware and its current state in terms of technology and methods utilized by attackers.
•A roundtable discussion on security and compliance risks associated with ransomware at different points of integrated IT-OT infrastructure.
•Best practices and technologies for protecting your organization against ransomware.
Billy Glenn, Pacific Gas & Electric, Principal Security Solution Architect
Gavin Worden, Sempra Energy Utilities, Manager, Information Security Operations Center
Christopher Ellefsen, BKK Group, Senior Network Engineer
Bryan Lee, Palo Alto Networks - Unit 42, Threat Intelligence Researcher
Jack Whitsitt, EnergySec, Senior Security Strategist
Del Rodillas, Palo Alto Networks, Solution Lead for ICS/SCADA Security
Immer größer wird die Anzahl der Unternehmen die ihre IT-Services teilweise oder ganz an Clouddienstleister abgeben. Dies führt zu einem erhöhten Aufwand und einigen Komplikationen wenn es zu Sicherheitsvorfällen kommt.
In diesem Webinar präsentiert Mathias Fuchs Strategien wie Unternehmen trotzdem effizient Sicherheitsvorfälle untersuchen und eindämmen können. Anhand einer Fallstudie wir gezeigt wie sich cloudbasierte Untersuchungen von herkömmlichen unterscheiden.
Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.
Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.
Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
To be a high performing business, you require effective metrics and measurements that will help you gain valuable performance insights which will help drive informed and strategic decisions for your organization. Join Andy Jordan, ProjectManagement.com as he discusses what people are doing wrong when it comes to Agile metrics and provide guidance on how to get it right – the first time. Andy will also discuss the risks of using common metrics between Agile and waterfall approaches as well as why organizations need to focus on value-based metrics rather than arbitrary metrics of progress.
This session is approved for 1 Project Management Institute (PMI) PMP PDU Credit.
Online criminals used to favor scattershot campaigns that relied on emailing hundreds of people in the hopes of tricking even a few of them into clicking on malicious attachments. These days, however, businesses face a new threat as ever more-calculating attackers conduct extensive research to craft carefully worded emails designed to emulate the CEO, CFO or other key executive.
These emails, known as email fraud or business email compromise (BEC), are fast exploiting perceptual weak spots by adopting executives' identities in emails pressuring employees into sending sensitive files or wiring large sums of money to a bank account.
Recent FBI figures suggest the attacks are costing victims an average of $US130,000 per incident and cost more than $US2.3 billion worldwide. Furthermore, it is difficult if not impossible to get the money back.
Please join the Australian Federal Police, CERT Australia and Proofpoint for a webinar to discuss the emerging threat and strategies for defending against it. Over the course of the session, you will learn:
· How cybercriminals craft Email Fraud messages and where they get their information
· How to help executives hide the information that cybercriminals may be using to shape Email Fraud
· Why your current email filtering solution may struggle to keep up, and what technologies can help in the fight against Email Fraud campaigns
· What kind of business controls can be put in place to protect against Email Fraud manipulations
Healthcare organizations have become prime targets for cyber criminals. In this webcast, security experts identify three key areas that are critical to improving your organization’s cybersecurity and provide effective strategies to combat cyber attacks using real-life examples.
Offering a preview of what to expect from Track 2 of Security Congress EMEA, this session brings together speakers that examine varied developments in the threat landscape. Tackling trends from the role of social engineering in Industry 4.0 to the latest Tactics and Drivers behind DDoS Attacks and the Casino-style tactics deployed by hackers, delegates will gain both an overarching view of current concerns from the front- lines of defence, and an opportunity to examine a few questions that are rattling the security industry today:
Is it time to accept breach as inevitable?
Are we prepared for the aftermath?
Should we welcome vulnerability disclosure?
Can we do a good job of sharing and warning each other?
You’ve got the service desk, you’ve got the team, you’re managing the calls. But is your ITSM function efficient and effective?
Join Snow, along with guest speakers Elinor Klavens and Robert Stroud from Forrester who present in our webinar “Drive ITSM improvements with SAM intelligence” as they explain the best practices in integrating SAM and ITSM tools and why Software Asset Management (SAM) solutions are pivotal to the smooth running of today’s enterprises.
This webinar will highlight how ITSM leaders can benefit from advanced SAM technologies, including:
•Multi-platform audit data
•Cleansed & normalized software inventory.
•Self-service technologies for software requests & deployments
As organizations move to virtual data centers and multi-cloud environments in a dangerous threat climate, they are faced with new security challenges they must overcome. But, they must do this without exponentially increasing the manpower, products, or resources they need, so they still get the most of their valuable security budgets. These challenges include:
-Improving visibility inside data centers and cloud
-Reducing the attack surface
-Maintaining regulatory compliance standards.
WHAT'S IN THIS WEBINAR:
vArmour will explore trends in data center security that include the rise of software to replace firewalls inside the data center, segmentation and micro-segmentation as security techniques, and shifting ideas about software defined networking that:
-Eliminate under-utilized zones and choke points
-Avoid costly hardware refresh cycles and on-going maintenance
-Lower the time it takes to see and stop threats
-Reduce the time and complexity to process security changes
-Increase speed of secure application delivery
ABOUT THE SPEAKERS:
Andy Ryan, Cloud Solutions Architect at vArmour
Get your employees in the loop with easily accessible knowledge!
Some of the biggest drains on employee productivity and engagement come from one thing: a lack of available knowledge. Whether its an IT, HR, or customer service question, having to search multiple places for the answer, or contact another employee for it, wastes valuable time and effort. Having the right knowledge in the right place at the right time empowers people to work better, and the latest advancements in cloud applications and collaboration tools can help.
In this webcast, you will learn how to:
- Increase employee engagement, productivity, and satisfaction by providing easy access to a consistent, authoritative, and searchable knowledge base.
- Reduce service cost and effort by deflecting questions from high cost channels (assisted-service) to more cost effective channels (self-service) for “help desk” functions enterprise–wide, including HR, IT, Compliance, Finance, Customer Service, and more.
- Reinforce adherence to policies and procedures by making corporate compliance guidelines easily available to all employees.
Aujourd’hui la question n’est plus “vais-je être victime d’une attaque ou d’une tentative d’attaque ? » mais plutôt « quand vais-je l’être ? ». Comme pour le sport de haut niveau, la gestion de la sécurité d’une infrastructure nécessite de la préparation, de l’entrainement et de la compétition. Fort de notre expérience en victimologie avec nos équipes Mandiant et de notre vision des groupes d’attaquants à travers Isight Partners, nous avons mis en place différents programmes qui vous permettent d’être prêt le jour J et de régir le cas échéant. Venez découvrir comment nous pouvons vous accompagner dans toutes les phases amont et aval à travers nos prestations de consulting.
HEAT LANrev was Highly Commended in the recent Computing Vendor Excellence Awards in London - Mobile Management category.
With the fragmentation of technology platforms and proliferation of mobile devices organisations today need a unified management approach for smart connected devices. Join this session to learn how HEAT LANrev can provide end to end multi-platform support for Windows, Mac, Linux, iOS and Android.
The Financial Conduct Authority (FCA) has released guidance for all Financial Services Institutions considering outsourcing to the Cloud, advising a Hybrid or Cloud deployment fosters innovation which can be a driver for effective competition.
Using a third party provider to integrate with cloud software can open a new world of opportunities including cost efficiencies, increased security and a more flexible infrastructure capacity. These benefits support effective competition.
Join this webinar and learn:
1.Trends and drivers of change in Financial Services
2.The latest guidance, from the FCA, for firms outsourcing to the ‘cloud’ and what it means
3.Cloud, Hybrid and on-Premise – why no one size fits all and why that’s ok
4.The benefits and the opportunity available to Financial Services Organisations
SecureWorks® incident responders assist hundreds of organisations annually with the containment and remediation of threats during suspected security incidents.
Visibility of these incidents provides the SecureWorks Counter Threat Unit™ (CTU) research team with a unique view of emerging threats and developing trends. This Threat Intelligence is then continuously provided to clients, arming them with the information they need to stay one step ahead of adversaries trying to compromise their networks.
In this webcast Matt Webster, CTU Security Researcher, will discuss developments in the threat landscape observed through SecureWorks’ Incident Response engagements from April to June of 2016, including;
- Key developments of the APT threat
- Criminal cyber threat trends
- Developments in Ransomware
Matt will also discuss observations of how the affected organisations could have better prepared for the threats they encountered.
CEB's Ian Beale presents a 60 minute webinar on 'Risk in the Boardroom' with guest speakers: Carolyn Saint, CAE, University of Virginia and Louis Cooper, IRM approved trainer and Chief Executive of the Non-Executive Directors' Association
After a brief introduction to the world of SEO, we will dive into the different types of web application attacks and manipulations that are made to either degrade your competitor’s ranking or raise your own.
Government organizations are undergoing a digital transformation. Across the U.S., government agencies are embracing the cloud, mobile computing, big data, and other advanced technologies to radically reduce operational costs and improve delivery of government services to citizens.
Microsoft and its ecosystem of cloud solution providers are uniquely positioned to help federal, state, and local government organizations make this transformation. The Microsoft Government Cloud is among the most complete and secure clouds designed to meet the demands of U.S. government organizations.
The IoT Is Making Status Quo Network Security Obsolete
The number of devices in the Internet of Things (IoT) category is exploding—adding billions of devices to networks every year that lack native security capabilities. Please join us as ZK Research Founder and Principal Analyst Zeus Kerravala discusses the Internet of Things and suggests ways to deal with IoT-related security challenges, including:
• Why traditional perimeter defenses are no longer relevant and how IoT devices can circumvent conventional firewalls
• The lack of IT and OT alignment—a major issue given that the IoT connects everything to a common network
• The role agentless visibility and control play in finding, classifying and securing network-attached IoT devices
Too many organizations are focused on what issues others are having and don't pay enough attention to what inherent cybersecurity risks they are facing.
Today's speaker, Jay Schulman, Principal Security and Privacy at RSM US LLP will walk through a concept called "Organizational Threat Modeling." Learn to take a holistic approach to security and look at the overall threats to the organization and then determine a method to address, accept or hedge risks.
공격자들은 지하 시장에서 점점 전문화 , 조직화하고 있으며, 공격 기법도 무서운 속도로 고도화하고 있습니다.
정보 보호 업체인 “Websense Security Labs”이 미국, 영국, 캐나다, 호주의 IT관리자 1,000명 을 대상으로 조사한 결과 보고서에 따르면 대부분의 데이터 유출 사고는 “인가된 사용자”에 의해 이루어지고 있다고 합니다.
또한 그 동안 국내/외 많은 보안 사고 사례를 통해 알 수 있듯이 대부분의 정보 유출 사고는 탈취된 정상 사용자 계정 권한을 이용해서 이루졌다는 사례를 언론 등을 통해서 접할 수 있었습니다.
정보 유출 사고 예방을 위해 대부분의 보안 담당자는 이러한 알려진/알려지지 않은 다양한 보안 위협과 고도화된 내/외부에서 발생되는 위협을 식별 및 대응을 위한 위협 관리 체계의 필요성을 느끼고 있으며, 가트너에서는 향후 내/외부 다양한 보안 위협 예측 그리고 예방을 위해User Behavior Analytics (UBA) 사용은 필수이며, 2018년까지 최소 25%이상의 보안사고가 UBA 기술에 의해 탐지될 것이라고 리포트를 통해 예측하고 있습니다.
프로파일링 기반 이상행위 분석은 정상적인 사용자 및 시스템의 행동과 적절한 연관성의 정상 기준선을 설정하고 사용자 및 동료 그룹 간 이상 현상을 실시간으로 분석을 통해 권한 보유 사용자의 비정상 행위를 시각화 및 위협 예측 그리고 예방합니다.
또한 전체 IT 환경에 대한 보안을 더욱 민첩하고 지능적으로 변모하도록 요구하고 있으며, SIEM 보안 플랫폼과 연계 가능하며 UBA 기술은 알려진 위협과 알려지지 않은 위협에 관한 조치 가능한 정보를 생성하여, 사용자 및 시스템에 대한 세부적인 가시성을 제공함으로써 위협을 선제적으로 대응할 수 있는 보안 인텔리전스와 내부 위협를 보다 신속하게 해결할 수 있습니다.
A study by CNS Group found that 92 percent of IT security professionals said it is important to store, access and back up data in the UK. However, only 27 percent were very certain that their data did actually remain in the UK at all times. With Brexit and emerging data protection laws on the horizon, such as the EU General Data Protection Regulation, UK organisations of all sizes will need to know where in the world their data is stored and managed. If comprehensive questions about data sovereignty are not already part of your data governance strategy, they should be.
Join our webinar to understand the key questions your organisation needs to answer about data sovereignty.
The results of all the network penetration tests conducted by the First Base team over the past year have been analysed by Peter Wood. The annual review covers clients in a variety of sectors including banking, insurance and retail. This presentation identifies the most common vulnerabilities, how they can be exploited and the consequences for each business. Learn in detail how criminals can take advantage of these weaknesses and how you can secure your networks using straightforward techniques.
When it comes to your sensitive data, how can you be sure that it is protected and none of it is leaving your environment?
Organizations today face the following challenges:
•Identifying the type of data that needs to be protected
•Controlling access to data & ensuring identities aren’t exposed, especially in the face of significant regulatory fines
•Prevent sensitive data from leaving the organization, mega-breaches & data loss is increasing year on year. Over half a billion personal records were stolen or lost in 2015, spear phishing campaigns targeting company employees increased by 55% in 2015
Answer: Firstly allow the right people to access the right data, anywhere, by controlling access, monitoring its flow, and keeping it out of the wrong hands. Secondly Easily apply policies to control access and usage―in the cloud, on mobile devices, or on the network.
Join Symantec for a webinar on the lessons learned regarding data protection across the many applications in your environment.
Russia has a long history of utilising cyber actions to accomplish their information operations and national security goals. Organisations in Europe – in the private and public sector – are a top target of Russia-based cyber activity for espionage and crime. This talk will cover how some of Russia’s recent cyber actions were conducted, and it will highlight how well Russia has embraced the opportunities cyber provides when it comes to national security and foreign policy objectives. Dan McWhorter, Chief Intelligence Strategist at FireEye, will also discuss why organisations need to take note of these activities in Russia and steps to ensure your organisation is able to defend against these threats.
Lorsqu’il s’agit de vos données sensibles, comment pouvez-vous être certain qu’elles sont protégées et qu’aucune ne quitte votre environnement ?
Les entreprises sont aujourd’hui confrontées aux difficultés suivantes :
- Identifier le type de données à protéger
- Contrôler l’accès aux données et garantir la confidentialité des identités, en particulier face aux fortes amendes prévues par la réglementation
- Empêcher les fuites de données en dehors de l’organisation, les mégafuites et pertes de données s’accroissant d’année en année.
En 2015, plus d’un demi-milliard d’enregistrements personnels ont été dérobés ou perdus, et les campagnes de spear-phishing à l’encontre des salariés d’entreprise ont augmenté de 55 %.
Dans un premier temps, il convient de permettre aux bonnes personnes d’accéder aux données pertinentes, où qu’elles se trouvent, en contrôlant l’accès, en surveillant les flux et en évitant qu’elles tombent entre de mauvaises mains. Vous pouvez alors facilement passer à la seconde étape : appliquer des politiques qui contrôlent l’accès aux données et leur utilisation, que ce soit sur le cloud, les appareils mobiles ou le réseau.
Assistez à un webinaire Symantec sur les derniers enseignements tirés en matière de protection des données pour l’ensemble des applications qui composent votre environnement.
With a recent increase in high-profile security breaches and compliance violations, traditional security mechanisms, such as firewalls, IDS, and antivirus are no longer enough to defend against external attackers, and insider threats. By having increased visibility into internal changes, configurations, access events, and permissions across the IT infrastructure, organizations can far more effectively defend against such attacks.
So, please join our local auditing and compliance team from Netwrix, Pete Smith (Regional Sales Manager Europe) and Russell McDermott (Pre-Sales Engineer) and see how Netwrix Auditor can unlock the door into possible breaches in your IT environment.
From our brief session you will learn:
• How deeply security breaches and data leaks are really effecting organizations
• How to protect your data from the insider threats
• How to have “peace of mind”, and achieve complete visibility of your IT infrastructure
Ransomware has become a common and dramatic problem and the recent waves of attacks are demonstrating that new variants emerge each day in what seems an endless arms race where the attackers seem to prevail.
However, even if the attack vectors are increasingly complex, the attackers cannot conceal themselves as the infrastructures used to launch these campaigns, despite extremely volatile, exploit elements of the internet, such as IP and domains, that cannot be hidden.
Monitoring large scale data allows to identify these infrastructures, where attacks are staged, and to enforce a new predictive security model particularly effective against Ransomware.