Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
Join us for a live demo and learn how AutoFocus threat intelligence service helps security teams identify and prevent targeted attacks. We will explain the key concepts of AutoFocus and benefits the service provides.
Open Banking is set to disrupt the financial services value chain. Across the world, this disruption can already be seen with a number of innovative initiatives emerging and with pressure from regulation, such as PSD2 in Europe, beginning to impact institutes.
With the foundations starting to build, what are the common approaches to Open Banking and how can you avoid the pitfalls?
Hear from MuleSoft Banking API specialist Danny Healy and industry veteran Paul Rohan, author of "PSD2 in Plain English", for a unique business and technical insight from the leaders in API-led connectivity.
Will you simply survive? Or change to thrive, in an Open Banking world?
A scrum master is the facilitator for an agile development team and provides essential benefits to enable success and remove obstacles.
Join, Justin Klos, Services Architect, to learn more about the ScrumMaster role. Our three objectives for this webinar:
•Proficient in Scrum Master role, values, & ceremonies
•Preparedness to facilitate backlog refinement, daily meeting, & sprint planning
•Understanding of how to produce artifacts including the product backlog, sprint backlog, & team health metrics
Following the webinar, we’ll have Q&A, so bring your questions.
For healthcare companies, managing priorities, projects and resources can be a critical factor in getting to market faster, improving patient outcomes and even saving lives. For LabCorp, working with Rego Consulting to develop an innovative new approach to IT Resource Management—using CA PPM—has powerfully improved their IT Organization’s ability to respond to business needs in delivering solutions. Join LabCorp’s Paul Soper, along with Rob Greca from Rego Consulting and Walter Angus from CA Technologies, to learn how LabCorp utilized data they were already collecting to develop IT labor capacity and supply/demand balancing without creating new business processes. This BrightTalk webinar will be Thursday, December 1 1:00 PM Eastern.
While attacks by nation-states and on-line extortion are grabbing the headlines the biggest threat to small and medium businesses remains banking trojans. These threats are flooding user’s mailboxes, trying to get a foothold on computers to empty out the victims banks accounts.
Small and medium sized businesses are a favorite target and can have devastating effects for a business that finds its bank account cleaned out.
In this session, Natalia will speak to new capabilities in the Office 365 Suites that provide innovate new productivity capabilities while offering the highest level of security and compliance for government customers.
This session explores how cloud connected sensor devices are providing new crime fighting tools and real-time situational awareness for law enforcement. Jeff will demonstrate how data from cameras, LPRs, and drones are used to investigate crime and improve officer safety.
Cybersecurity continues to be a top priority; leaders must constantly judge how to balance business enablement and cyber protection priorities as they support the digital transformation of their organizations. Join CISO, Bret Arsenault as he discusses examples of this balancing act in action and where Microsoft can help to improve your security posture.
While this year’s Comprehensive Capital Analysis and Review (CCAR) testing is behind us, it does not mean the industry is in the clear when it comes to quality data and efficiently resolving a variety of data-related issues. Despite investments in formal data governance programs, banks are far from streamlining and eliminating data quality issues that can affect existing risk management and regulatory reporting activities.
Mandates from CCAR and BCBS239 demand tremendous data governance and IT Infrastructure to support core business functions and prevailing regulatory requirements. It requires solutions which support effective data governance and stewardship to ensure the business has the data that is “fit for use” and “highly accurate” in today’s exceedingly regulated banking industry.
Join BNP Paribas, Informatica, and Xoriant to learn:
• The biggest data sourcing challenges banks are facing with CCAR and BCBS 239 and why
• Best practices on how to effectively deal with data issues across your data governance and data management practices
• Xoriant’s CCAR data quality and remediation solutions and services
• Informatica’s platform solution for enterprise risk management and compliance
Who should attend?
• Banks who are currently or will be subject to CCAR/BCBS 239
• Key data governance players (e.g. Chief Data Officers, CCAR Project and Program Managers responsible for reporting on data sourcing and issue management)
• Risk and compliance personnel (e.g. CCAR/DFAST Project team members)
• Enterprise, Information, and Data Architects working in the banking sector
Between 2005 and 2020, data volumes will grow by a factor of 300 – enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘big data’ phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren’t adequate at this scale: they’re too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they break many of the traditional security approaches and spark questions like:
With massive volumes of data, how are organizations going to ensure that their customer information is safe from people looking to exploit it?
Is it possible to adopt big data technologies while demonstrating compliance with industry regulations?
Will security get in the way of the analytics tools?
How can security apply to different data consumption technologies like Hadoop and NOSQL?
Join Gemalto on Thursday, December 1, 2016 as we discuss what’s in store for the ‘big data’ technologies of the future and how security models like encryption can solve the security conundrum.
Join guest speakers ServiceNow Consultant, Paul ‘Doc’ Burnham & Forrester Principal Analyst Robert Stroud as they discuss the importance of the CMDB and how best to support ITSM must-haves such as software models, product catalog and service catalog.
Cyber space is composed of, and dependent on, supply chains. Our hardware and software are created in multiple locations by a multitude of suppliers and vendors. A single PC board may contain chips from many different nations, each with their own companies and manufacturing plant. Software is highly dependent on updates, which we receive mostly automatically and is directly incorporated in the software we depend on daily.
We, as a society are getting more skilled at protecting our technology from cyber-attack by hardening our network perimeters, improving anti-virus/malware tools and encrypting everything we can. The one thing we DO NOT do is evaluate what our cyber supply chain(s) are. We understand their importance to our daily tasks, to our lifestyles, and to our incomes. We need to looking into what our supply chains really are, understand their functionality and investigate ways to begin protecting them.
• Understand the basic nature of cyber supply chains
• Gain insight into cyber supply chain vulnerabilities
• Learn how to begin protecting our cyber supply chains
Curtis KS Levinson
VP Strategic Cyberspace Science, US Cyber Defence Advisor to NATO
The importance of high-quality data to efficiently and effectively run an organization is recognized globally. Data quality management is vital to IT Operations and Service Management. Poor data quality can cost businesses as much as 30% of their revenues.
In this webinar, attendees will learn what the five main areas are within an organization where poor data quality costs are highest. It provides an understanding of what functions and processes have problems and need to be investigated for potential savings opportunities.
Open Source software is the foundation for application development today and its use is growing rapidly worldwide because of the development cost reductions and innovation it enables. Black Duck discovers open source in every application it analyzes and finds finds that 35% of the average commercial software application is open source. Home-grown applications typically contain 50% or more open source.
The dramatic growth in open source use has been accompanied by an array of security and management challenges related to a lack of visibility into and control of the open source in use. Leading organizations are aggressively pursuing ways to continue to increase their use of open source and do so without compromising effective security or management.
This webinar will present findings from Black Duck's Center for Open Source Research examining open source use, risks, and benefits. Black Duck CMO Bob Canaway will discuss the latest open source threats, usage patterns, governance, and the changing security and management needs as open source expands across the cloud, the Internet of Things, and the digital landscape.
They say that hindsight is 20/20 and in recent months, news of data breaches at several SWIFT (Society for Worldwide Interbank Financial Telecommunications) members has seen many reassessing their cybersecurity strategies.
Palo Alto Networks invites you to join a webinar where Lawrence Chin, Security Market Architect, will discuss:
● A review of these attacks and some of the commonalities
● The role of cyber security hygiene, and subsequent recommendations from SWIFT, FS-ISAC (Financial Services Information Sharing and Analysis Center), and US FFIEC (Federal Financial Institutions Examination Council).
● Best practices that may prevent similar cyberattacks on financial institutions from succeeding in the future.
Register today and learn how the confidence and trust can be protected in the increasingly complex digital world in which we live.
In Teil 3 geht es um die Aktualität der Daten der laufenden Projekte. Hierzu müssen operative Daten zeitnah und exakt eingebracht werden. Wurde ein Projekt genehmigt, wird es mit geeigneten Mitarbeitern ausgestattet und die Arbeiten verteilt. Es geht aber auch um Zeitrückmeldung der Projektmitarbeiter, Erkennen von Verzögerungen, Handhabung von Change Requests, Überwachung von Kosten uvm. Sollte einer dieser Faktoren zu einer Umplanung des Projekts führen, muss dies auch im Projektportfolio ersichtlich werden, damit die dortige Planung mit validen Daten arbeiten kann.
Akamai sees more than 2 trillion Internet interactions every day and mitigates 40 – 50 DDoS attacks every month. Our security experts analyse this information and share trends, observations, and findings in the quarterly State of the Internet Security report.
Join Jay Coley, Senior Director, Enterprise Security Architecture at Akamai Technologies for an overview of what we found after analysing data from Q3 of 2016.
Key topics covered will include:
· Why DDoS of over 100 Mbps increased over the past quarter
· Which country is the new leader for most sourced Web application attacks
· Tactics Akamai used to mitigate two of the largest DDoS attacks we’ve seen
Despite the rise of the cloud and increased reliance on web applications, native desktop applications are still highly relevant and often the delivery method of choice in enterprise IT. As penetration testers, we still see a number of very poorly architected native applications being used to protect extremely sensitive information.
This webcast will discuss some of the core issues relating to native desktop applications, why they are so frequent, and the severe impact that their insecurity can cause.
In the 2017 threat landscape, we propose that these flaws are not going away, and the industry isn't currently in a position to help developers resolve them effectively.
The pace and scale of information security threats continues to accelerate, endangering the integrity of trusted organisations. Although cyberspace offers opportunities for leading organisations, this environment is uncertain and potentially dangerous. It is a place where hacktivists and cybercriminals are honing their skills and governments are introducing new regulation and legislation in response to major incidents and public concerns. Organisations are forced to continually adapt and rapidly respond.
In this webinar, Steve Durbin Managing Director at the ISF, will discuss the rapidly changing threat landscape, identify the key cyber challenges for 2017 and suggest ways of managing the associated risks.
Advances in artificial intelligence are leading to developments in cyber-attack technology, making threats faster and more sophisticated than ever. From smart ransomware through to sophisticated, customized malwares that blend into the network, security teams are struggling to keep up with the new generation of threats. In this cyber arms race, a new approach is needed to identify and respond to AI attacks and other subtle, advanced adversaries. During this webinar, Darktrace’s Director of Technology, Dave Palmer, will examine this challenge and explain why immune system technology, powered by unsupervised machine learning, will be critical in the future of cyber defense.
Join this engaging session as BrightTALK conducts an in-depth interview with Ian Glover, President of CREST.
It's been a crucial year for cyber security with big breaches and newsworthy hacks. BrightTALK's Information Security Community Manager Josh Downs will be quizzing Ian for his thoughts on the cyber security industry and in particular:
- The big breaches of 2016 and lessons to be learnt
- The current threatscape
- The big vulnerabilities on the horizon
- Ian's insights into how to keep your company secure in 2017
We look forward to you joining us for the session.
During our next customer webinar, we’ll share expert tips and best practices on how to extract maximum value from the latest features available in Black Duck Hub. The new integrations and features help improve both open source security and compliance. You’ll learn how to:
•Track remediation tasks using the new Hub-Jira integration
•Leverage new open source discovery techniques for Ruby Gems and Node.js as well as build integrations for Maven/Gradle to improve the accuracy of your open source inventory
•Customize your notices file so that all open source is properly attributed
•Leverage the new Hub-Email Extension to push notifications via email
•Incorporate Hub scanning into your Jenkins pipeline projects
Hashes, IPs, domains, oh my, what am I to do with all this data? Analyze it. For threat intelligence to provide the proper context, you need to understand your audience and the requirements for intelligence consumption. Open source intelligence provides a capability for collecting intelligence data, but without analysis and requirements, collection efforts could produce a wild goose chase and provide little value.
In this webinar, Rob Gresham, Senior Consultant with Intel Security, will cut to the chase to answer relevant questions such as:
• Do I have data in the dark web and is it being sold?
• What are my greatest risks and are they exploitable?
• Has that exploit been used?
Rob will discuss the contextual threat intelligence process, and share tips and tools that will help you make threat intelligence actionable beyond just the bits and bytes.
With continued improvements in payments security through technologies such as P2PE and EMV, the PCI community has been effective at combating crime in a wide variety of traditional retail environments. As the use of stolen or fraudulent cards for in-person transactions becomes more difficult, however, criminals are increasingly shifting their focus to online activities, and the rapidly growing mobile payment sector. To stay ahead of the bad guys, merchants need solutions that are designed to reliably protect payment data within their environment, and reduce PCI scope without impacting business processes.
Join this webinar to learn why any business that wants to remove sensitive data from their databases should understand these strategies on how they can eliminate exposure to cardholder data, reduce risks and PCI audit costs. You will learn:
•How the threat landscape is evolving
•What the attackers are doing differently
•How to stay ahead of cyber thieves, while neutralizing the risk of payment data breaches
•What is necessary to secure all e-commerce and mobile transactions
•How to enable innovation and business growth while maintaining strong data protection
PowerShell is like nuclear fission—it’s powerful, and it can be used for good and evil. The bad guys love to exploit PowerShell for at least three reasons:
1. It’s already installed on most versions of Windows.
2. It’s powerful. You really can do just about anything in PowerShell—even call into the Win32 API if enabled.
3.There are no EXEs or DLLs to upload.
Lee Holmes (Microsoft’s PowerShell extraordinaire) will be joining me to show you how to catch intruders exploiting PowerShell to their own ends.
First, we will provide a brief overview of PowerShell security capabilities especially enhancements in PowerShell 5.0t. There are some really good preventive steps you can take to limit your exposure to PowerShell-related risks. And PowerShell 5.0 is available on Windows 2008 R2 SP1 and Windows 7 SP1 and up, so this isn’t vaporware.
Then we will zero in on the auditing capabilities in PowerShell. We’ll show you how to enable PowerShell logging so that you get events for every script block executed. We’ll show you sample events and discuss how to interpret them, how to filter the noise and more.
I’ll also briefly point out some less powerful, but easy-to-implement techniques for just detecting the use of PowerShell itself using Process Tracking events. This can be useful for highly controlled endpoints where use of PowerShell at all is very limited and easy to recognize if PowerShell is being used in an unusual way.
Of course producing valuable audit data is one thing. Collecting, analyzing and alerting on it is another. And that’s where our sponsor, LogRhythm, comes in. The security experts at LogRhythm have been following the increased exploitation of PowerShell by the bad guys and been publishing their own tips on how to combat. Greg Foss will briefly demonstrate LogRhythm’s built-in knowledge of PowerShell and its ability to correlate PowerShell events with all the other security intelligence LogRhythm collects from your enterprise.
Data volumes are growing in both size and complexity; we have increasingly less control and awareness of the data we hold. In this session, we will highlight the benefits of information governance practices enabling organisations to build intelligence about their own data and identify their critical information assets. In the event of a data breach or security incident, this information provides actionable intelligence, allowing you to discover and respond to an incident before the matter escalates into a crisis.
1. Understand the basic principles required to understand your data
2. See how leveraging intelligence can get you to the answer faster
3. Extract hidden links and relationships with analytics
Join Nuix and (ISC)² on Dec 07 (Wed) at 02:00p.m. (Singapore time) in learning how to add intelligence to investigations (focus on data breach investigations).
- Stuart Clarke, Chief Technical Officer, Cybersecurity, Nuix
- John Douglas, Technical Director, First Response
Por desgracia, el 2016 ha sido otro mal año para la seguridad informática. Si bien nuestro enfoque se centró en el aumento de las amenazas para los dispositivos del Internet de las cosas, a lo largo del año aparecieron diferentes amenazas de malware y varios eventos importantes en materia de seguridad. Todo esto tendrá una gran relevancia en el próximo año.
Nuestro webcast analizará el panorama de las amenazas en 2016 y se centrará en los aspectos a recordar ante la llegada del 2017.
Anche quest’anno la sicurezza informatica ha subito duri attacchi. L'attenzione verso le minacce che mirano ai dispositivi IoT è alta, ma nel corso dell'anno ci sono stati numerosi altri eventi negativi per la sicurezza e si sono diffusi nuovi malware. Tutto questo avrà ripercussioni sull’anno che sta per cominciare.
Questo webcast riesamina il panorama delle minacce 2016 considerando anche tutto ciò che è importante ricordare mentre avanziamo verso il 2017.
We all know that technology plays a role in our everyday life but do you know the extent of that role? Advertising tells us to spend more and more of our life online and embrace technology in our homes, cars and everywhere else a microchip can be placed.
But nowhere is there a message about the consequences of the misuse of that technology. 2016 has seen a rise in the number of incidents involving ransomware, IoT, and simply well intentioned connectivity gone wrong. That momentum is set to continue into 2017 and beyond.
Although past performance does not guarantee future results, this session will focus on what we have seen this year and what we expect to see in the near future.
We’re starting to see the refining of techniques that have been built over a number of years. The past 5 years have been dominated by ransomware and economic espionage. While they haven’t gone away, cybercrime has gotten bigger and bolder and the financial rewards have gotten much bigger. Cyber attacks have also started to become a part of the political landscape which has been particularly evident during US election where we have seen them being used for subversive purposes.
This webcast will review the threat landscape of 2016 with a focus on what we need to remember as we move into 2017.