IT Governance, Risk and Compliance

Community information
Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
  • A recent analyst study found that 88% of organizations are “doing Project and Portfolio Management (PPM).” This finding could lead many to believe all is well with this critical business process so essential to strategic success. This is hardly the case as studies also show PPM is still generally immature in enterprises today. The lack of maturity is largely due to the fact that most organizations are addressing only a subset of PPM capabilities. So though almost every organization can lay claim to doing PPM, few are actually doing PPM for all its worth. Many of these organizations will continue to miss out on the incredible possibility and promise of this essential business capability until they grasp and appreciate the full scope and potential of PPM.

    One of the greatest barriers to realizing the full potential of PPM is an enterprise-wide awareness of the span of PPM and the likely gap that must be overcome to achieve it. There is a plethora of great PPM insight contained in the numerous books, methodologies, and frameworks available today, but using this volume of information to get everyone on the same page is a daunting challenge. The key is to use a simple approach and model to quickly establish a common understanding of this critical business discipline and to easily foster the conversations and discussions to drive the endeavor to raise PPM proficiency.

    This brief webcast will present a PPM model that is easy to remember, easy to communicate, and proven to quickly illuminate the gap between existing immature PPM processes and the full scope and potential of comprehensive Project and Portfolio Management.
  • Wall Street expects it and customer demand it – accountability from Sr. Executives for the future direction of their organizations. How can executives ensure their strategic plans are in action and on track? How can they shift and pivot to changing market conditions along with the risks and impacts to the long-term vision and goals? How do you thread accountability from planning to execution to results?

    Join this session, where David Werner, Senior Principal Product Marketing Manager, CA Technologies, speaks with Rick Morris, published Author and Owner/President of R2 Consulting about ways to bring more accountability through your strategic plan.
  • The development of a solid product innovation strategy is undoubtledly a collaborative effort, and company cultures that support an open and robust dialog will be more able to evolve their strategies to address their changing business environments.

    Attend this webcast featuring Michelle Jones from Stage-Gate International as she discusses how these companies are better equipped to address risk and derive more value from their product innovation efforts. Also hear why aligning your product innovation strategy is an important precursor to making continuous strategic assessments and project prioritization decisions.

    All attendees will gain insight into the 5 key elements that comprise a consensus based innovation strategy, the importance of clearly communicating that strategy to drive strategic portfolio management, and the metrics to measure performance.

    This event is approved for 1 Professional Development Unit (PDU) credit.
  • Portfolio planning activities have struggled to gain respect in most businesses. Lack of enterprise-wide orchestration arises from a lack of effective involvement and intimate business knowledge – not simply of operations and processes, but of business imperatives, obstacles and desired outcomes. And the information systems aspects continue to be planned in splendid isolation from the business, causing IT people to mistakenly celebrate victory when a new IT system goes live. However a project only really starts when the IT goes live, and so the planning needs to be fully integrated. This can only be accomplished first by building strong relationships with business peers that will result in measurable value creation. The next step is to implement a sophisticated PPM system that can handle the extreme complexity of orchestrating all the business and related technology portfolio of initiatives, capable of optimizing the plans (and the outcomes) as the business environment changes.

    To achieve this, a new PPM model needs to be created to look at portfolio management in a holistic way, enterprise-wide. Planners need a capability that will generate multiple scenarios and real-time decision support. This dimensionality and complexity is well beyond the capacity of the human brain. By implementing such a tool, IT would be positioned as a critical partner with the business – not just in implementing mainstream information systems, but also in helping the business with a much better way to plan and manage all of its key initiatives effectively

    This session focuses on how enterprise leaders and divisional leaders and IT leaders should be working in harmony to orchestrate great business outcomes, rather than looking after their parochial interests.
  • A recent analyst study found that 88% of organizations are “doing Project and Portfolio Management (PPM).” This finding could lead many to believe all is well with this critical business process so essential to strategic success. This is hardly the case as studies also show PPM is still generally immature in enterprises today. The lack of maturity is largely due to the fact that most organizations are addressing only a subset of PPM capabilities. So though almost every organization can lay claim to doing PPM, few are actually doing PPM for all its worth. Many of these organizations will continue to miss out on the incredible possibility and promise of this essential business capability until they grasp and appreciate the full scope and potential of PPM.

    One of the greatest barriers to realizing the full potential of PPM is an enterprise-wide awareness of the span of PPM and the likely gap that must be overcome to achieve it. There is a plethora of great PPM insight contained in the numerous books, methodologies, and frameworks available today, but using this volume of information to get everyone on the same page is a daunting challenge. The key is to use a simple approach and model to quickly establish a common understanding of this critical business discipline and to easily foster the conversations and discussions to drive the endeavor to raise PPM proficiency.

    This brief webcast will present a PPM model that is easy to remember, easy to communicate, and proven to quickly illuminate the gap between existing immature PPM processes and the full scope and potential of comprehensive Project and Portfolio Management.
  • Organizations are having to cover more ground than ever when it comes to security. Yet businesses often lack the in-house skills and resources, so security leaders are turning to MSSPs to help bear the burden to ensure every area of risk is adequately attended to.

    Join us for an interactive discussion with guest speaker, Forrester Research VP and Principal Analyst, Ed Ferrara, to learn how MSS is changing the conversation for businesses to achieve security goals. Help drive the conversation by submitting a question for Ed in advance so we can tackle your biggest security concerns such as:

    • Overcoming the skills shortage
    • Where to focus the budget – spending trends across industries
    • The value of security – pitching it as an investment not a cost to business leaders
    • Improving business outcomes – leveraging MSSPs as a tactical arm to optimize IT security, efficiency and value
  • From unobtrusive advanced malware detection technologies to automated threat response and actionable mobile-friendly dashboard – manage security from any device, any time, ESET will present new solutions for securing your endpoints and new ways to manage them.
  • Cutting down on the time taken to complete complex document review cycles allows the modern lawyer to operate at the pace required by their industry.

    Join our webinar to learn top tips for shortening these review cycles without losing document integrity and risking corruption. We’ll also cover what technologies are available to provide a quick and accurate way to improve document review efficiency.
  • FireEye recently released a new report that documents how and why governments around the world are turning to the cyber domain as a cost-effective way to spy on other countries, steal technology, and even wage war.

    Whether it’s sensitive military, diplomatic, or economic information, governments depend on the integrity of their data. If that data falls into the wrong hands, the consequences could be severe.

    In the wake of two apparent state- and government-sponsored attacks, APT1 and APT28, government agencies must understand why they are in attackers’ crosshairs, what attackers might be seeking, and how they can protect themselves.

    Join us for a dynamic discussion with subject matter experts where you will learn:

    •What makes your government-related organization an appealing target – whether you’re a political opponent, business, agency or vendor
    •Why it’s important to determine who could be planning an attack, their motives, and how they might carry out their goals
    •How to assess your level of preparedness and how to protect yourself if you are not ready for this new era of cyber warfare
  • 2014 could have easily been called, “The year of the biggest security breaches since the beginning of forever.” But given current security practices and technologies, many of the breaches could have been prevented. So why weren’t they?

    Many of the affected companies fell into a very common trap, thinking that if a company goes to the trouble to be legally compliant then it will be effectively “secure.” Unfortunately, as with many kinds of regulations, legal compliance really represents the absolute least amount of effort required. If companies want to give themselves the best chance to avoid the very severe consequences that come with a major breach, there are five practices they need to put in place now.

    Join Adrian Sanabria, Senior Security Analyst at 451 Research, and Amrit Williams, CTO of CloudPassage, on this webinar to learn
    · Possible gaps left by the compliance-first approach to security
    · How to limit vulnerabilities across traditional, virtual and cloud infrastructures
    · Five best practices to avoid a major security breach in 2015
  • The bring-your-own-device (BYOD) movement has been a huge boon for businesses that put a premium on productivity. File sync and share solutions have emerged to help employees work from anywhere, at any time, on any device. In this BrightTALK exclusive, eFolder explores the top seven features that business should consider when adopting a file sync and share solution. Learn what is required for a file sync and share solution to improve collaboration, maximize productivity, and ensure security.
  • Join Tom Kellermann, Chief Cyber Security Officer for Trend Micro, in an informative webinar specifically tailored for corporate executives and directors who are ready to take the reins of a real and effective plan to secure their organization, their data, and their careers against targeted attacks.

    During this live webinar, you’ll learn:
    • How to identify, classify, and protect your valuable data assets
    • How to assess your organization’s vulnerability to attack
    • How to measure and mitigate cyber risks cost-effectively
  • A new category of threat is emerging – a threat designed to evade traditional signature-based technologies such as Anti-Virus and Intrusion Detection. Attempting to meet the challenge is a new class of technology, “Advanced Malware Protection” or “AMP,” which is an industry term for technology designed to continuously monitor for, offload and detonate files in a sandbox - safely away from the main environment - to observe and detect malicious objects.

    If a security device produces an alert in the forest, who’s there to hear it?

    The challenge is these next generation advanced malware detection solutions produce so much detail about the suspicious activity that most organizations do not have the resources to thoroughly investigate/analyze. The best technology means nothing if you don’t have the right expertise to react to the alert, quickly decipher complex reports, investigate the threat, and determine the right response. And meanwhile, the threat actors aren’t standing still – they’re developing measures to circumvent controls in some traditional sandbox environments.

    You will learn:
    1.How the threat is evolving and how actors are employing evasive practices to overcome traditional and even some more sophisticated security defenses
    2.Why next generation sandboxing and full-system emulation are the keys to combatting evasive malware threats
    3.The expertise needed to accurately identify and diagnose the threat once the alert is received
    4.How to ensure your organization has the ability to respond effectively to the incident and close all the backdoors a threat actor may have opened
  • Part 1. The 3 Things you Need to Know About SharePoint 2013: On-premises vs. Cloud

    Tired of having information spread amongst various file shares, personal hard drives, and file cabinets? If you’re looking for that single collaboration platform, this is the webcast for you. We’ll give you three reasons why Microsoft SharePoint is the optimal enterprise collaboration platform for your business, and discuss the benefits and challenges to on-premises, all-in cloud, and hybrid models.

    Part 2. 3 Ways AvePoint Takes the Pain Out of Migration to SharePoint
    Now that you have decided to opt for SharePoint, how do you get there? In this webcast, we’ll discuss the potential obstacles you’ll face during a migration project. Then we’ll show you three ways AvePoint can expedite your path to SharePoint, including:

    •Optimizing migration resources by automating remediation of stale
    content

    •Minimizing business disruption over the course of migration projects
    with customizable scheduling

    •Maintaining all relevant content, permissions, and metadata
  • Reacting to threats and remediating breaches can’t wait. Your compliance plan may be in place – but can you execute fast?

    Join BMC Software and Qualys to see how to get complete IT compliance and reduce the risk and cost in your organization. In this webinar, you will learn to:

    ·Easily detect security issues with new automated, online technology
    ·Quickly analyze operational dependencies and the potential impact of proposed fixes
    ·Enforce governance policies and change approval requirements
    ·Execute validated remediation actions rapidly
    ·Document actions and results in real time


    Plus, learn how to improve communications between security and operations to ensure a speedy resolution to compliance issues.
  • Constantly evolving threats can be more difficult to counter—unless you have full visibility into potential vulnerabilities of your infrastructure. Built on the leading cloud security and compliance platform, Qualys gives you immediate, global visibility of IT vulnerabilities with continuous monitoring.
  • Le traditionnel paysage du datacenter a changé pour toujours, laissant l'infrastructure virtualisée délivée comme un service. Nous assistons, en effet, à une virtualisation qui s’est étendue bien au-delà de l'informatique , avec le stockage et la virtualisation réseau qui sont devenus rapidement la norme pour la plupart des organisations. Ce modèle est vrai indépendamment du fait que l'infrastructure soit gérée en interne dans l’entreprise ou dans le Cloud. Etant donné que l'infrastructure devient hautement virtualisée et se dirige de plus en plus vers le cloud privé , les ressources informatiques traditionnelles doivent aussi évoluer au risque de devenir inutile.

    Découvrez comment Symantec peut vous aider à renforcer l'agilité du datacenter grâce à une infrastructure élastique, la mise en place d'un modèle de services et l'exploitation de l'intelligence informatique.

    •Améliorer l'élasticité de l’infrastructure
    •Fournir des ressources as-a-Service
    •Cultiver l’Intelligence informatique
  • The rise of malware and malicious insiders brings application security into clear focus. Well written software, security testing and code obfuscation mitigate risk but the most critical applications in the most risky locations need to go one step further to become tamper resistant. Trusted applications that handle sensitive data, control valuable IP and perform critical processes can be isolated and protected within secure execution environments. Mobile phones, embedded devices and data center servers all adopt physical hardening to secure the applications they host. This webinar focuses on protecting business applications that support high-tech manufacturing, content distribution, online authentication – in fact any situation where you need to know for sure that your application is doing precisely what the developer intended – nothing more, nothing less.
  • In most targeted attacks, threat actors use existing vulnerabilities as point of entry to exploit vulnerable systems. Many organizations understand the importance of closing the holes by patching the system immediately, however, in reality it is an impossible task. Zero-day vulnerabilities leave the system perpetually vulnerable, leaving attackers free to zero-in to take advantage of the hole. All it takes is one vulnerability for a system to be compromised.

    This Virtual Patching webinar discusses the options organizations have to better manage vulnerabilities. It presents new methods to help organizations adapt & mitigate known & unknown vulnerabilities.
  • Recent security research shows that web applications are one of the primary attack vectors involved in data breaches. Virtually every web application on the Internet will inevitably be targeted and therefore organizations need an easy to use, accurate and scalable solution to identify web application vulnerabilities before their adversaries exploit them.

    Join us to learn how Qualys WAS 4.0 with Progressive Scanning provides organizations like ThousandEyes with powerful new capabilities to enhance testing coverage and provide flexible scan scheduling, reducing the burden on understaffed IT security teams.
  • Please join AvePoint and MISA Ontario at 2-3 p.m. on Thursday, March 12, 2015 as we discuss best practices for designing SharePoint environments aligning with mobility trends.

    In this 60-minute webinar, Sag Baruss, Senior Solutions Architect for AvePoint, will introduce the implications of bringing SharePoint to the next generation of mobile devices and a BYOD-enabled workforce – including case studies to illustrate best practices in information architecture.
  • If you could see your network assets the way hackers do, you’d know a lot more about your vulnerabilities. To secure your information systems requires control and continuous visibility of the entire network and its various components.
  • 2014 is in the bag and what a year it was - for the hacker and cybercriminal community that is.

    2014 was full of high profile data breaches and significant new vulnerabilities, some of which affected the very core of the online world. This session will combine looking back at 2014’s key events and a good dose of Fortinet’s cyber crystal ball to come up with some predictions for what we can expect during the upcoming 12 months.
  • Today, organisations of all sizes are undergoing a significant IT-driven transformation. IT environments have reached a point where complexity in existing backup and recovery infrastructures is often a vast and unwieldy mix of both physical and virtual servers, along with different hardware and software solutions. While information volumes are rising continually, backup windows shrink and IT must operate around the clock.

    All of this creates challenges in the backup environment, making it both difficult and costly to manage backup and recovery holistically. Therefore, IT leadership is increasingly looking for better ways to protect their data. It is not just because existing backup solutions are broken (some are, some are legacy, some are point products, and others just aren’t scaling and/ or performing as their IT environments evolve) – but that’s not all of them. In many cases, IT leadership is just trying to improve what they are doing, often from a return-on-investment (ROI) perspective, not technical features.

    In this webcast we address how you can modernise backup and recovery and gain financial advantages that contribute to an improved ROI.
  • One of the most pressing concerns in today’s ever-changing threatscape is how to address the human factor; with an estimated 14% of all breaches are linked to an insider.

    New forms of attack combined with a lack of experience has left many organisations vulnerable and as more and more companies consume more and more sensitive data, there is an increasingly important requirement for today's Information Security Professional to understand the threats and the mitigation techniques available to them.

    Andrew Rice, Director of Cyber, Security and Influence will be drawing upon QinetiQ’s extensive experience within cyber security to highlight vulnerabilities in your cyber defence and your workforce. Key takeaways will include:

    ** How to train your staff to deal with insider threats

    ** Case study into APT 1 using real-world examples

    ** Methods to combat ATPs including the AIW approach

    ** How best to measure your ATP protection

    ** How to integrate physical and cyber security

    Andrew will also be on hand at the end of the session for 15 minutes of Q&A for you to ask your pressing ATP questions.