IT Governance, Risk and Compliance

Community information
Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

Webinars and videos

  • Jack Madden converses with James Rendell to get the CA perspective on Enterprise Mobility Management’s (EMM) future potential. EMM must not for get BYOD but also go beyond it into Mobile App Management (MAM) and find ways to keep users personal information and employers information separated and find a way to embrace the Internet of Things.
  • Jack Madden discusses Enterprise Mobility with Arun Bhattacharya to get the CA perspective on the way it should be. This means going beyond BYOD and MDM, and embracing MAM, MEM, MCM, and IoT. For many companies, finding the balance between employers and users privacy and security has been a problematic issues.
  • In this webcast we will show:
    1. The Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
    2. How you can identify your business exposure and what systems are vulnerable
    3. How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed
  • Internal audit functions must anticipate and respond to a constant stream of new challenges. Key findings from Protiviti’s latest Internal Audit Capabilities and Needs Survey show that:

    • Social media, mobile applications, cloud computing and security (specifically with regard to the NIST Cybersecurity Framework) are critical areas of concern

    • CAATs and data analysis remain on center stage

    • Fraud management efforts focus more on technology as well as prevention

    • We have to keep pace with a raft of regulatory, rules-making and standards changes”

    • Internal auditors want to take their collaboration with business partners to a new level

    Please join our webinar on focused on assessing the top priorities for internal audit functions.

    CPE credit will be provided to qualifying attendees.
  • We look at why organisations are turning to Data Classification solutions as part of a best practice layered security approach. We will cover:

    •The evolving security environment
    •Drivers for data classification
    •How data classification works in practice
    •Customer success stories

    The session will also include a brief demonstration of Boldon James Classifier.
  • Join us for this short monthly webinar, in which we will provide you with the latest updates and insights into the constantly evolving online threat landscape. Using information sources such as the Symantec Global Intelligence Network, we will help you understand how you can continue to protect your company and your infrastructure.

    The goal is simple: to make the Internet safer to transact business – for you, your customers and everyone else with whom you interact online.
  • David Moule, Manager of IT Security Operations at Allied Irish Bank, discusses how AIB has leveraged Modulo Risk Manager™ to mature their Vulnerability Management process, remedy “on the fly” VM needs, and successfully navigate an internal audit.
  • Now that NIST has published Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity, the long awaited CSF, what are the implications for companies? How can the CSF help your business improve its defenses? Cameron camp investigates.
  • Are attacks on your network and users still occurring, despite continuing efforts to stay on top of security? What impact would malware have on your business if it was able to gain internal access and steal sensitive information?

    Without solutions that can disrupt the chain of events that occur during an advanced attack, many businesses are still being infiltrated and losing data every day. This webinar will cover the best practices in disrupting attacks with content security solutions - connected to optimize protection.
    Join this webinar as:
    •You will learn the tactics used by attackers today to infiltrate businesses
    •You will hear about the leading technologies available to disrupt advanced attacks
    •You will walk away with the knowledge to assess your own environment, and optimize your security
    Businesses today face more advanced attacks than we’ve ever seen in the past – and defending against them takes a connected approach which can disrupt the multiple points of infiltration and exfiltration used in the process of a breach. With most attacks seen in the wild using phishing emails to reach their target, a web link or malicious file to deliver a payload, and an outbound stream of communication to exfiltrate data – implementing a Secure Email Gateway, Secure Web Gateway, and Data Loss Prevention technology together will provide a barrier difficult for even the most advanced attacks to overcome.

    Don’t miss this webinar if you have a stake in the security of your most valuable information, or are directly responsible for the implementation of security solutions to protect it. Register now for this 30 minute webinar.
  • As most IT Pros are aware, as of April 8th, 2014, Microsoft will stop releasing security patches for Windows XP. Unfortunately, most folks will not be able to migrate all Windows XP machines by that deadline. How will you limit the security risks posed by these now vulnerable assets? Join us for this webinar outlining practical strategies to help you cover your assets.
    In this session we'll cover:
    The primary attack vectors you need to consider
    Immediate actions you can take to limit the exposure of your XP assets
    Warning signs to watch out for that could signal an attack
    How to closely monitor your vulnerable assets with AlienVault USM
  • In case you did not know it, your SMB is a prime target for cybercriminals. Unfortunately, networks are routinely infiltrated by cybercriminals through blended attacks that exploit unknown vulnerabilities and steal valuable data. Compounding the problem, traditional security solutions were not designed to stop any of the five stages of an advanced targeted attack.

    Learn how new multi-vector virtual execution technology is able to protect your business against today’s blended attacks in this FireEye and Spiceworks webinar.
  • MDM implementations begin by solving the most pressing business problem in a single hub, mostly on-premise. They then expand to another use case, domain, or region, and might evolve to another MDM hub on cloud or in a different country. Whatever the journey might be, how do you tie the different hubs together in a hybrid or federated hub-of-hubs MDM architecture? Come to this session to learn how certain leading companies are solving this conundrum!

    In this webinar, you will learn:
    -What are the initial use cases that dictate MDM
    -How to determine if you should use the same MDM instance or a different one when expanding your use case
    -When to use on-premise versus cloud MDM

    In addition, we will explore examples of companies using hybrid MDM to manage multiple MDM hubs as well as evolving to the holy-grail of MDM architecture: Hub-of-hubs or federated MDM.
  • Cyberspace is typically the prime mechanism for conducting business. It also plays a key role in the socio-cultural lives of staff, customers and suppliers. By the end of 2013, revelations about how governments had been surrendering commercial and personal privacy in the name of national security left trust very badly shaken. And the timing couldn’t be much worse: many CEOs are ramping up their demands to take even greater advantage of cyberspace. So if this is where things are now, how will all of this look by 2016? How will new threats hurtling over the horizon complicate matters even further? Just what will organisations be able to rely on? And most importantly, are they powerless or can they do something now? This webcast spotlights the threats we'll be dealing with over the coming 24 months along with advice on the best ways of handling them.
  • As more and more companies look to take advantage of all of the benefits afforded with cloud-based infrastructures, the discussion often quickly turns to “How do we get there?” For some companies, this single migration question can create an insurmountable roadblock that either keeps them from moving to the cloud or severely delays their migration. Join Michael McCracken, HOSTING’s Director of Professional Services, as he explores different cloud migration strategies along with the benefits and risks associated with each of those strategies.
  • Anti-virus is not enough. McAfee Complete Endpoint Protection add defense in depth against the full threat spectrum from zero-day exploits to hacker attacks, as well as mobile devices such and tablets.
  • Protiviti has conducted the second-annual Executive Perspectives on Top Risks Survey. We obtained the views of more than 370 board members and C-suite executives about risks that are likely to affect their organisation in 2014.

    Join Managing Director, Mike Purvis and Director, Dirk Verwohlt for a discussion of the report findings.
  • With the release of PCI-DSS version 3.0 many organizations that are already PCI compliant or are working towards becoming PCI compliant are wondering what these changes will mean to their organization. In this webinar we will take a look at what has changed (and what hasn’t) and the impact this will have on how organizations approach PCI compliance.
  • As we continue to explore the ERP implementation process, we’re going to dive deeper into one technology solution you might consider for a successful ERP implementation. Join us as we discuss Oracle eBusiness Suite Release 12. You’ll want to join us if you’re:
    • Thinking about upgrading to release 12
    • On R12.1 and considering moving to R12.2
    • Just looking for a little ‘positive sell’ to add to that budget request so you can fund your upgrade

    Oracle eBusiness Suite Release 12 was defined as “The Global Business Release”. This doesn’t encompass just its geographic reach…the Suite is a comprehensive tool whose breadth and depth across industries and business functions is compelling for customers around the world.

    During this session, participants will learn about:
    • The changes to R12.2 including the foundational architecture improvements and financial enhancements
    • How the strength of Financials Release 12 allows businesses to work globally - across applications, divisions and regions and the tools necessary to achieve that.
    • Integration, data management and reporting

    Oracle eBusiness Suite Release 12 makes it easier and less expensive for customers to implement, manage and scale global applications - ultimately improving the overall ownership experience.
  • Big data has gone beyond a buzzword for businesses and is rapidly becoming embedded in the way organisations operate and make decisions. Highlighted as one of the key areas for attention in the latest ISF Threat Horizon 2016 report, Big data analytics can also mislead when decisions are based on faulty, skewed, incomplete or poorly analysed data sets, resulting in missed opportunities as organisations enter the wrong markets, or enter the right markets with the wrong products. It’s also possible that the same data sets can lead to different conclusions in different parts of the world as a result of cultural bias. Further complicating matters, attackers will target data analytics tools to ensure decisions are skewed.

    This webcast will look at the implied threats to Big Data and offer ways of communicating the challenge of effective Big Data analysis and decision making to senior management.
  • Join this webinar on Endpoint Security as we:
    •View the NextGen Endpoint client
    •Discuss the new architecture behind NextGen Endpoint
    •Highlight important features that distinguish it from other endpoint solutions
    •Walk through a live demonstration
  • Thousands of vulnerabilities are disclosed every year, by vendors/researchers discovering software vulnerabilities for remediation and security, as well as by cybercriminals seeking vulnerabilities to sell or exploit.

    Relaying the right threat intelligence to the right stakeholders and initiating the right threat response is a challenging task for security professionals, more so now because enterprise environments have become complex hotbeds of new technologies, business models and ways of storing/sharing information.

    This webinar deconstructs software vulnerabilities, shows how they relate to the wider ecosystem and demonstrates how this knowledge can be used to define strategies and improve security.

    Key takeaways:

    - The impact of software vulnerabilities on organizations
    - The importance of vulnerability research for the overall security of individuals and organizations
    - The importance of trusted sources for vulnerability information
  • The presentation will discuss both the promises and challenges presented by big data analytics to information security. To help take advantage of the former without the penalty of the latter, we will learn about the building blocks of a big data security solution and explore the most cost-effective uses of big data analytics to enhance security.
  • Forty-four states, DC and four territories have adopted the Common Core State Standards (CCSS). This means that school districts across the country are planning for 100% online assessments during the 2014-2015 school year. One of the most important conditions needed for being able to administer online assessments is network infrastructure readiness.
    Attend this 30-minute webinar and join Gavin Lee, Senior K-12 Business Development Manager at Juniper Networks, to discuss the critical network must-haves that all school districts should consider when looking to deploy a robust and supportable network. You will also receive practical guidance on how to get the most out of your network infrastructure and how to best prepare for the CCCSS assessments:
    • Consortia network infrastructure
    • Wired and wireless network capabilities
    • Robust network security
    • Network support readiness
    • Juniper Networks network infrastructure readiness resources
  • Mobile workers are increasingly demanding access to mission-critical data and apps from personal smart phones, tablets and laptops. However, co-mingling of personal and business data and apps on mobile devices creates risk of business data loss and introduction of malware. What are the risks and what technologies can businesses deploy to enable productivity while protecting from these threats ?

    •Learn about the risks introduced when personal and business data and apps co-mingle on mobile devices
    •Learn about available technologies and technology trends to address these risks.

    Join Dell to understand the risks introduced when personal and business data co-mingle on mobile devices and technologies to consider to protect corporate data.
  • From political hacktivists to international cybercrime organizations, enterprise security has been under a barrage of attacks that run the gamut of complexity. Security breaches now seem inevitable even at organizations that invest heavily in their information security operations. With numerous recent examples of cybercriminals and malware penetrating corporate networks almost at will, the role of incident response teams has been thrust into the spotlight. In this presentation I will discuss the fundamentals of incident response planning and the critical role audit has in reviewing incident response plans, documentation and the plan testing process.
    At the end of this session:
    You will understand:
    -incident response
    -identify the different types of incidents
    -planning process
    -roles and responsibilities
    -team activation process
    -response process flows
    -response scenarios, and
    -auditing incident response
  • This webinar is presented by McAfee and Intel to help customers understand their Data Protection solution from McAfee and to get the most business value out of their Intel based endpoints. Products that apply to this webcast include McAfee Complete Data Protection Suites, featuring Endpoint Encryption, and EPO Deep Command to extend the reach of your IT department to lower your total cost of ownership. The webinar will include a special highlight on Intel® Core™ vPro™ Processors and associated technologies that increase productivity and hardware-assisted security in the enterprise. This webcast is provided as a 35-40 minute overview and includes 5-10 minutes of Q & A.

    Join this webinar on Data Protection and learn about:
    • The key features of Data Protection and how it can provide you with the security you need
    • Use cases on utilizing the synergy between Intel® vPro™ and McAfee Data Protection technologies to reduce your overall TCO
    • How you can extend the reach of your IT team with the ability to remotely wake up or even power on PC’s, remediate “disabled” endpoints and remotely reset pre-boot passwords
    • How to securely manage your endpoints from a single console while simultaneously providing self-service features for your end-users
  • You are invited to register for our upcoming COSO webinar, COSO 2013: Mapping Controls to Principles. Transitioning to the New COSO Framework is top of mind for many organizations. How do you get started? How do you map controls to principles or vice versa? What are some of the preliminary findings organizations are seeing as they head down the path to implement the framework?

    Please submit top-of-mind questions during the webinar registration process.

    CPE credits will be provided to qualifying attendees.
  • *On this webcast we're giving away a pass to our partner event: the Chicago Cyber Incident Response Summit, between June 21-23, 2014*

    Let’s face it, there’s unrelenting pressure on IT to enable competitive advantage through new technology and use of data assets‒-but the business is driving initiatives that can push sensitive production data into more and more exposed areas. The key question is ‘How can you enable the business to be agile AND take a more proactive, programmatic approach to security at the same time?’ With the advanced threats that are pervasive today, it’s becoming increasingly dangerous for organizations to deploy new technologies and processes, and then reactively address the implications for data security in the ecosystem. You need a blueprint to reverse this trend in your organization.

    In this webinar, William Stewart, Senior Vice President of Booz Allen Hamilton and Jeff Lunglhofer, Principal of Booz Allen Hamilton–a leading management technology and consulting firm driving strategic innovation for clients–will discuss the top trends in cyber threat mitigation, data privacy, data governance, and data security, with Mark Bower, VP Product Management and Solutions Architecture at Voltage Security.

    Attend this webinar to learn more about how to:
    •Increase responsiveness and security in your IT environment and architecture
    •Fight pervasive threats from inside and outside attack with data-centric technologies
    •Raise your organization’s overall data privacy, compliance, and security profile
    •Implement a new data de-identification framework across production, test & dev, and analytics use cases
    •Proactively enable critical business initiatives
    --Can't attend live? Register below to receive a link to the recorded webcast.
  • Email Gateway 5.6 including hybrid cloud setup and ”ClickProtect” spear phising protection.
  • Everyday consumers assume that when making a purchase, online or in-store, their card data is handed off to a trusted source, with security in place to protect them. However protecting these transactions and the retail payment ecosystem has become increasingly complex, with recent data breaches of large retailers testament to the vulnerabilities.

    In addition, compliance with PCI DSS fails to address some of these vulnerabilities resulting in potential exploitation with disastrous consequences. To address these security gaps the scope of security needs extending from the merchant, acquirer, switch and bank or card issuers to include the manufacturers of payment terminals at the point of sale and developers of payment application software.

    Join your fellow professionals to understand how by using Point-to-Point Encryption, card data is encrypted from the earliest possible moment of its capture, and ensures that data remains in an encrypted state consistently until it arrives at the payment gateway.

    Then understand why many merchants are considering P2PE not only to secure vulnerabilities, but also because it can effectively remove some of the merchant’s own security infrastructures from the scope of compliance with regulations such as PCI DSS. Lastly understand why encryption is only as secure as the encryption keys as when cryptography is used to protect valued data, the risk is transferred from the data to the keys.
  • Presented by the experts with the facts.

    The Inside Story of the Discovery, the Timeline and Solutions to Protect Your Organization. Finally, All of Your Questions Answered.
  • Today's organizations are moving more interactions online through web, mobile and API-enabled web services to empower their customers and increase revenue. Managing the high volume of customer identities and enabling secure interactions across a set of web, mobile and hybrid apps, from a variety of different devices can be challenging.
    On April 24th at 1pm ET, please join David Gormley, Director, Security Solutions for CA Technologies, to learn how you can securely accelerate the delivery of new applications and services, while improving the customer experience across multiple channels of interaction.
  • Protiviti's IT Priorities Survey results reveal 2/3 companies are going through a major IT transformation in 2014. Join Protiviti's IT Consulting managing directors to discuss why.
  • Security professionals are increasingly realizing that protecting executives and corporate assets requires more than just “guns and guards.” It requires a proactive strategy to identify and prevent a threat, rather than reacting to one. So how can security professionals be proactive and minimize the threats that originate from the Internet?

    In this webcast we’ll look at how you can use an individual’s online “footprint” to identify potential threats and develop a more effective security plan. We’ll also present a case study of one of our own executives and show why online threat intelligence is not the same as news alerts or monitoring social media for brand buzz.
  • Today most companies are witnessing an explosion in the amount of data that they store. According to recent estimates, large databases grow by 65% year over year and 85% of the data contained in these large databases is inactive. This often out-of-control data growth stems from a variety of sources and can have a negative impact on application performance, database management tasks, and overall total costs.

    During this webinar, learn how you can improve application performance while simplifying IT for Oracle applications with Informatica Smart Partitioning and Oracle ZS3 storage appliance.

    In this event, we will share how the combination of Oracle Tiered Storage and Informatica Data Archive Smart Partitioning:
    Reduces the cost of data by enabling storage tiering and compression of referentially intact data partitions
    Improves application performance up to a factor of 6X or more by automatically optimizing datasets for user requests
    Eliminates complex archiving strategies and provides full and rapid access to archived data from the native Oracle Application
  • Encryption, and cryptography in general, has been thrust into the spotlight as a critical technology for combating surveillance, data breaches, insider threats, and more. But encryption is no silver bullet, and the quality of its implementation is the major determining factor in the protection it actually provides. Join us on Thursday April 24 to learn about:
    •Five ways you can measure the quality, or trust level, your crypto systems provide
    •Effective strategies for dealing with the key management pain many organizations are starting to feel as they increase their deployment of cryptography
    •Use cases for strong cryptography and trusted key management with hardware security modules (HSMs)
  • Join us for this live webinar where we will walk through a real-world example in which FireEye Managed Defense analysts utilized the FireEye Platform’s MVX virtual machine technology and endpoint response capabilities to identify, alert, and remediate an active Advanced Persistent Threat (APT) attack.

    In this case study we will cover:

    • How the attacker executed a “smash-and-grab” attack aimed at stealing intellectual property.
    • How FireEye detected the attack as it was beginning and re-secured the network and prevented sensitive data from leaving the client’s networks.
    • Best practices for investigating and responding to similar attacks.
  • Every application, email, web page and Internet connection relies on information encapsulated into a data packet that can be easily distributed across networks. These packets include information about the sender and receiver, as well as the actual contents, or payload. By manipulating pieces of the packet data, criminals can infiltrate networks, applications, data centers, and individual computers.
    How do you defend your network against advanced threats that manipulate data at the packet level? Join McAfee for a revealing presentation on the current state of threat prevention. Find out why you should be using deep packet inspection (DPI) for protocol identification, normalization, and data stream-based inspection to detect and block threats, in both clear-text and encrypted connections. And stop Advanced Persistent Threats (ATP) that rely on packet manipulation to thwart most common firewall and IPS defenses.
  • Next generation endpoint security. Security and Management beneath the operating system.
  • Nos puissantes solutions de gestion des événements et des informations de sécurité (SIEM) associent des données sur les événements, les menaces et les risques pour offrir une connaissance approfondie de l'état de la sécurité, une réponse rapide aux incidents, une gestion transparente des journaux ainsi qu'une fonction de génération de rapports de conformité extensible. Produit phare de notre offre SIEM, McAfee Enterprise Security Manager assure la consolidation, la corrélation, l'évaluation et la hiérarchisation des événements de sécurité pour les solutions McAfee et d'autres éditeurs. Composant essentiel de notre cadre d'implémentation Security Connected, McAfee Enterprise Security Manager s'intègre en toute transparence avec le logiciel McAfee ePolicy Orchestrator (McAfee ePO), McAfee Risk Advisor et Global Threat Intelligence afin de fournir le contexte nécessaire à une gestion des risques de sécurité autonome et adaptatif.
  • As additional details on the Target breach - and other retail attacks - leak out, we see that Point of Sale (POS) malware continues to be a significant threat. There are several attack methodologies at play and many forms of new malware, including Dexter, Project Hook, Alina, BlackPoS/Kartoxa, JackPoS, VSkimmer and others. All continue to compromise organizations large and small. In this webinar, Curt Wilson, Senior Research Analyst for Arbor's Security Engineering and Response Team (ASERT) will explore a newly discovered POS attacker’s toolkit, as well as the structure and behavior of typical POS malware and key indicators of compromise.

    Additionally, this talk will review a survey of observed POS infrastructure vulnerabilities that include well-known and lesser- known POS threats that continue to evolve. Attendees should leave with an expanded sense of the threat surface that retailers – including ecommerce organizations – must face. The session will wrap up with an overview of best practices for protecting, detecting, and addressing these evolving threats.

    Attend this webinar to learn about:

    • The various types of POS malware threats and the implications of experiencing an attack

    • The tools and processes that retail IT infrastructure teams need to have in place to protect their organizations from attacks

    • Best practices for dealing with a POS attack; actionable “now what” steps for organizations who have been compromised by POS malware
  • Businesses in the Financial Services sector are some of the most obvious targets for cyber-attacks. After all, “that’s where the money is.”

    And recent technological advances have brought about the dark side of innovation – the ability of criminals to stealthily attack users and businesses in new ways. Hence, financial institutions around the world are even more at risk to breaches and cyber-attacks than ever before. Are financial institutions in Asia Pacific ready for these threats? What are the areas that financial services should look into for continuous threat protection?

    Bryce Boland will touch on these issues in this webcast; bringing insights from his experience as a former Security CTO in the financial sector.

    Topics that will be covered are:

    1.The Dark Side of Innovation
    2.Recent FSI breaches
    3.Enterprise Threat Report on FSI
    4.FSI Supply Chain Risks
    5.Managing Advanced Threats
    6.Questions & Answers

    This webinar is for both business and IT professionals, interested to have a better understanding of the current state of cyber risks in the financial sector, and how to manage these risks.
  • Join this webinar on Endpoint Security as we:
    •Understand what AMT-enabled hardware offers
    •Hear how AMT hardware can improve our ability to manage an endpoint
    •Highlight important use cases that are enabled when management extends beyond the operating system
    •Discuss how ePO can be used to easily configure AMT
  • Envisioning how mobility will transform your business in the near future and beyond can be difficult, however there are practical strategies you can adopt today that will help accelerate your mobility transformation.

    Join Arun Bhattacharya, Sr. Director, Product Marketing, Enterprise Mobility, CA Technologies as he discusses the core tenants of a successful enterprise mobility strategy and provides practical guidance for business and IT Leaders on how to manage their businesses’ mobile future.
  • The topic of security has grabbed headlines over the last few years and indeed the last few weeks, but most of this attention has focused on a small percentage of large enterprises. However, security is not an issue for them alone, as mid-market companies increasingly deal with the same threats as their larger compatriots.
    Join Symantec Website Security Solutions to understand how you can take a proactive website security stance.

    During this webinar we will look at areas of compliance, the size of Ecommerce market opportunity in the Netherlands, and the threat landscape in general.

    We look forward to your participation.
  • Deploying and managing network security at remote locations can be time consuming and expensive. McAfee Next Generation Firewalls give your organization a simple solution for centrally deploying, managing and updating remote locations. No technical skills are required to install at remote locations, freeing your skilled staff to focus on more important security management.

    Join us for an in-depth look at how plug-and-play deployment and remote management can reduce manual effort, reduce costs, and improve your network service. McAfee, will review how the McAfee NGFW can be installed and up and running in a matter of minutes using our cloud-based installation server. He will also review how the McAfee NGFW Security Management Center gives you remote management and enterprise-wide situational awareness.