IT Governance, Risk and Compliance

Community information
Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
  • Willbros, a leading infrastructure contractor serving the oil and gas industry, leverages Amazon Web Services (AWS) and Trend Micro Deep Security to quickly design and deploy agile, secure cloud solutions to protect their vital data. Moving to AWS allows organizations to leave their infrastructure behind and start fresh – architecting for flexibility and scalability. However, bottlenecks are created when traditional on-premises security approaches and tools are used. Learn how Willbros unleashed innovation in the energy industry by taking a greenfield approach to security in AWS. Attend this practical webinar by AWS, Trend Micro and Willbros to learn how you can design a flexible, agile architecture that meets compliance requirements and protects your most valuable asset – your data. Jason Cradit from Willbros will share their experience on how they achieved building robust and secure pipeline management systems in the cloud.

    In this webinar you’ll learn how to:
    - Architect a secure application using a combination of AWS services, Trend Micro services, and configurations
    - Understand how host-based protection improves application security, as well as agility and flexibility
    - How to protect workloads from attack, without hampering performance
  • Die Inhalte sind migriert, technische Hürden gemeistert und SharePoint erfolgreich implementiert. Was viele Unternehmen jedoch unterschätzen – Mit der alleinigen Bereitstellung von SharePoint ist es in der Regel nicht getan. Das Zauberwort: User Adoption. Was nützt das modernste Deployment und die beste Software, wenn es den eigentlichen Usern an Vertrauen und Wissen im Umgang mit der Plattform fehlt und sie eine Verwendung der selbigen lieber umgehen?
    Patrick Lamber, SharePoint MVP, und Robert Mulsow, Senior Technical Solutions Professional bei AvePoint, haben es sich in diesem Webinar zur Aufgabe gemacht, Ihnen gemeinsam Best Practices für eine erfolgreiche Einführung und ressourcenschonende, richtlinienkonforme Verwaltung von SharePoint an die Hand zu geben, damit Ihre Endanwender SharePoint in vollem Umfang nutzen können und auch wollen.

    Anhand eines konkreten Beispielprojekts erfahren Sie:

    • Wie die Einführung von SharePoint nicht nur theoretisch zum Erfolg wird, sondern Endanwender sich ihren Arbeitsalltag gar nicht mehr ohne vorstellen können.
    • Welche Hindernisse, Vorurteile und Probleme es hierbei zu bewältigen gibt
    • Wie man es schafft, die Anwendung erfolgreich bei den unterschiedlichen Mitarbeitern im Unternehmen zu etablieren, damit SharePoint zum durchschlagenden Erfolg wird.
  • According to Gartner, “through 2019, more than 50% of data migration projects will exceed budget and/or result in some form of business disruption due to flawed execution."(1) Furthermore, 1 in 6 large IT projects go over budget by 200%, according to a Harvard Business Review article. It is widely recognized that application migration and consolidation projects are “risky business” – high-ticket items for the corporation, with a scary chance of failing. If you are undertaking any IT modernization or rationalization project, such as consolidating applications or migrating applications to the cloud or ‘on-prem’ application, such as SAP, this webinar is a must-see.

    The webinar is going to shine the light on the critical role that data plays in the success or failure of these projects. Application data consolidation and migration is typically 30% to 40% of the application go-live effort. There is a multitude of data issues that can plague a project like this and lead to its doom, and these are not always recognized and understood early on, which is the biggest problem.

    In this webinar, Philip Russom of TDWI will walk us through the potential data pitfalls a corporation should consider when undertaking an application consolidation or migration project. Philip will share best practices for managing data in order to minimize risks and ensure on-time and on-budget delivery of these projects. Rob will discuss Informatica’s unique methodology and solution to support these best practices. Rob will also share real-life examples on how Informatica is helping customers reduce risks and complete application consolidation and migration projects on budget and on schedule.

    1) Gartner report titled "Best Practices Mitigate Data Migration Risks and Challenges" published on December 9, 2014
  • Disruptive forces are accelerating a change in workplace technology, leaving organizational data at risk. In the past, IT was able to create a ‘walled garden’ with clearly set protocols for how data came in and out of the organization. This is no longer the case.
    As a response, Workshare recently hosted a series of roundtables and polls, where we asked CIOs and senior IT professionals how trends in the workplace are affecting their IT strategy.

    Join us as we discuss how these trends are influencing IT strategies today, as well as the best practice for reducing risk.
  • Cloud and data center security can be dauntingly complex, and selecting the right vendor to engage with is a critical decision for any enterprise. However, cloud and data center security can be a difficult market to navigate. Are vendors backing up their marketing claims? How do different approaches stack up next to each other? What factors need to be taken into consideration when comparing products? Trend Micro has teamed with analyst firm ESG to sort these questions out, and encourage organizations to think differently when it comes to cloud and data center security.

    ESG conducted an independent economic evaluation to investigate the differences between Trend Micro and traditional security approaches, and are conducting a live webinar to present their findings. ESG and Trend Micro will give insight into the cloud and data center security market, ESG’s Economic Value Validation methodology, and the conclusions that were reached about the value Trend Micro is providing to their customers. Join us to learn more!
  • The need to share content -- securely, collaboratively, immediately -- is critical to your job. You’re working with outside agencies and business partners, sharing documents that contain sensitive data like product designs, ad campaigns and customer data, to name just a few.

    According to research from the Ponemon Institute, more than six out of ten people report having accidentally forwarded files to individuals not authorized to see them. It’s time to create some good habits that will allow you to collaborate with internal and external resources and be 100% compliant with the regulations that govern your industry.

    Please join us for an interactive presentation about how new habits and tools can make it easy for you to be efficient and compliant, without sacrificing speed or creativity.
  • The Top Five Best Practices for Controlling Third-Party Vendor Risks.

    Target, Home Depot, eBay — look at almost any of the seemingly never-ending string of mega-data breaches, and you’ll find a common thread. Stolen or compromised user credentials, belonging to a privileged user with wide-ranging access to sensitive systems, served as the initial attack path. Often — in as many as two-thirds of cases — those credentials belonged to a third-party; a vendor or business partner who’s been granted internal access to your network. With those credentials in hand, attackers are free to roam about your IT infrastructure, seeking out and exploiting their ultimate goals. It’s a frustrating — and dangerous — challenge. You have to provide access to vendors, contractors, and business partners — but doing so often introduces unacceptable security risks.
    But these risks are manageable. Join us to learn the top five best practices for regaining control of third-party access, and the processes and technology necessary to stop unauthorized access and damaging breaches. In this webcast, we’ll discuss:
    • The identity, access, and security governance processes needed to protect your network
    • How to ensure positive user identification to prevent credential theft and misuse
    • Techniques to limit access to only those resources required to satisfy work or business requirements
    • Preventing the unauthorized commands — and inadvertent mistakes — threatening your network
    • Establishing monitoring procedures that flag violations and speed forensic investigations
  • Source code management systems contain the crown jewels of a software company's intellectual property. Effective auditing gives you a picture of who's accessing that IP and when changes are being made. This information can satisfy compliance and security requirements and give you new insights into your development practices. In this webinar we'll explore standard and extended audit reports available for Subversion and Git administrators.
  • Organizations across industries face an ongoing challenge to meet the stringent data-related regulatory compliance requirements. The major pain points boil down to accessing quality data that provides the necessary auditability and transparency required by auditors and regulators, and the ability to prove that sensitive data is being protected. Those data related problems present a daunting obstacle for your company to meet current as well as future compliance requirements.

    A holistic, agile data governance program can help companies address the above data challenges and become regulation–ready. A well-designed data governance program delivers the following:

    •Guaranteed access to clean, relevant, trusted and auditable data to create accurate and auditable reports to meet compliance mandates.
    •Improved operational efficiency by enabling a collaborative and repeatable process across key stakeholders
    •Enabling a true data-driven business environment for your organization to drive continued innovations and growth

    Please join us to hear David Loshin, established industry expert in data governance and data quality, and Rob Karel, VP of Strategy and Product Marketing at Informatica to discuss best practices for data governance, how organizations can leverage data governance programs to address existing and future compliance requirements, and how to turn your data governance program into a strategic initiative that drives significant business benefits for your organization.
  • Do you run mission critical applications in the cloud? If the answer is yes, then you already know how important it is to have visibility into all aspects of your infrastructure. An alert telling you your application is down is no longer sufficient. Today’s IT managers need to be made aware of potential problems before they arise.

    Join me, Dan Waymire, Sr. Account Manager at HOSTING, for a webinar on May 28th at 3 p.m. EST to learn how Hosting can provide unprecedented visibility into your infrastructure, allowing you to be one step ahead of service impacting events. Leveraging the industry leading ScienceLogic platform, I will cover the following:
    •A demonstration of how you can build real-time dashboards showing availability, utilization, and performance of your entire IT infrastructure
    •A walk-through of an Executive dashboard showing your leadership team the application availability in real time
    •IT manager dashboards capable of showing utilization & performance of web servers, database servers, switches, and firewalls all in a single pane of glass
  • Problem Management is one of the most useful processes within ITIL as it allows an organisation to identify the underlying issues that generate incidents over and over again and removes them. It supports the change from reactive to proactive and makes customers happy by providing information and a process on those annoying issues that keep coming back to haunt them, and when they can expect to see them gone forever. However, with all this to offer many organisations still struggle to get the funding to implement this process as its seen as a duplication of effort with incident management.

    Join Peter Hubbard, Pink Elephant, as he shows you how to set up this process on a part time, unfunded, but effective way. The point is not to say that Problem Management does not need a budget, its to show you how to build up support by doing the basics anyway and showing how much better it could be if the organisation DID fund it properly!
  • •¿Sabía que el 14 de julio finalizará el soporte del producto Windows Server 2003?
    oDespués de esta fecha , Microsoft dejará de emitir parches de seguridad , dejando a estos sistemas en un estado de vulnerabilidad alto frente a los ataques de día cero y otras formas de código malicioso.

    •Conozca a que riesgos se expone si no hace frente a esta situación y como Symantec le ayuda a proteger sus sistemas ante la finalización del soporte para estos sistemas.
  • Seit Edward Snowden ist bekannt, wie systematisch Informationen ausgespäht und manipuliert werden. Was hat sich seither wirklich verändert und was ist die konsequente Schlussfolgerung? Wir zeigen Ihnen, wie sie auf Basis einer angepassten Sicherheitsstrategie die richtigen Lösungen für Ihre Sicherheitsanforderungen finden.
  • End-point data protection is fundamentally changing. End-points have moved from desktop to mobile with BYOD, and the data protection envelope is extending beyond simple backup and recovery solutions to include continuous data availability, security, and compliance.

    During this webinar to learn how Syncplicity’s enterprise file sync and share solution helps extend the data protection envelope across your enterprise.
  • The End of Support (EOS) of Microsoft Windows Server 2003 in July 2015 will put millions of enterprise servers at risk. And according to a recent study by leading analyst firm Enterprise Strategy Group (ESG), “More than 80% of enterprise and midmarket organizations still support Windows Server 2003 to some extent.” Newly discovered vulnerabilities will not be patched or documented by Microsoft. Hackers know this and will be targeting new exploits at the considerable number of Windows Server 2003 servers still in use. In this webinar, ESG will share the significant findings from its recent survey of Microsoft Windows Server 2003 customers. Also, Trend Micro will discuss how to protect your legacy Windows 2003 server environment while you plan your move to newer platforms. Join us and learn how to:
    * Protect and secure your Windows 2003 Servers after EOS
    * Build a comprehensive security strategy with virtual patching (IPS), file integrity monitoring, and anti-malware
    * Ensure your organization is protected across physical, virtual, and cloud environments as you migrate to newer platforms such as Windows Server 2012 and Azure
  • As a security professional, information sharing with other organizations is big part of your job. However, when it comes to information about attacks and vulnerabilities, there are limited accepted resources—leaving knowledge sharing to an informal process with only a few select contacts.

    Now you can get better information about the top vulnerabilities that need your attention and what to do about them. Learn more about the US-CERT Top 30, a publication that provides guidance in the vulnerability field.

    Join this webcast for a closer look, so you can:

    > Learn about the top 30 vulnerabilities — that comprise most of targeted attacks against critical infrastructure

    > Understand how the US-CERT condenses — security data into a single report

    > Apply and implement recommendations — against your infrastructure

    > Share this new data point with your colleagues — at other companies
  • For many organizations, adherence to regulatory guidelines is the ruler by which to measure their security posture. While compliance is an important part of overall risk management, studies have shown that security education in areas like secure application development and security awareness can help in preventing attacks and deterring cybercriminal activity.

    In this interactive, online session, you will learn how course-based eLearning empowers employees to recognize potential security risks throughout their daily workflow. Hear examples of how organizations can implement effective, scalable training - enabling the business to protect its assets and software developers, testers and security leads to build secure applications from inception to deployment.
  • James Hanlon, Security Strategist at Symantec, looks at both the current cyber poisons and potential antidotes to the cyber security challenge. The discussion will focus current threat landscape and the changes we are seeing in regard to hacking and cyber attacks. It will pose the questions to whether global intelligence & data analytics is an approach that can be used counter the most advanced threats.
  • Attackers are getting smarter, while repurposing what we thought were outdated techniques. So, how can your organisation stay safe?

    In the past decade we’ve seen the emergence of the world’s youngest profession – the Cyber-Intruders. These actors, often working normal 9 to 5 hours, Monday to Friday, are paid to break into systems and steal sensitive information or scope out a target for their employer.

    Crime-as-a-service has become a reality in cyber-space, with specialisms emerging which make it akin to a mini-industrial revolution. The techniques they use are often novel, though not always. Out-dated technology as well as lessons unlearned by organisations mean that persistent attackers can breach networks with relative ease.

    This talk aims to present the current state of the cyber threat landscape, what are the latest tricks attackers are using, and what should organisations focus on to keep data and systems secure.
  • Knowing that your company has been compromised is just the first step in a long road to erase the threat.

    Many companies take weeks and sometimes months to address compromised machines due to a lack of real-time notifications or, in many cases, a deep understanding of the malware profile.

    Tiago Pereira, Threat Intel at AnubisNetworks will share the methodology used by AnubisNetworks which comprises the combination of Cyberfeed threat intelligence capabilities with the expertise of the security team to dissect and understand the botnet behaviour, destroying capabilities and threat risk for organizations. The first part of the webinar will be dedicated to explaining the methodology and the second how it was applied in a real case study.

    In this webinar you will learn:
    - AnubisNetworks’ sinkhole techniques and botnet research methodology
    - Case study: understand a botnet:

    o DGA mechanisms

    o Decipher the network protocol

    o Uncover the malware capabilities
  • Organisations around the globe are struggling to cope with the quantum speed and sophistication of attacks by organised cyber criminal syndicates and going forward will need to prepare to be targeted 24x7 by multiple assailants. Criminal organisations have become more sophisticated, mature and are migrating their activities online at greater pace. They have begun to develop complex hierarchies, partnerships and collaborations that mimic large private sector organisations and are taking their activities global. Organisations that wish to keep pace with these developments and remain financially viable will need to take action now.

    This webcast will share guidance and tips on how organisations can identify and protect the areas of their business that could be impacted by cybercrime activity.
  • Learn how to prevent the inevitable intrusions from compromising sensitive data! There is no silver bullet, but there is a solution.

    It’s widely accepted that perimeter breaches are inevitable – the bad guys are getting in. There is no silver bullet and there aren’t enough dollars in any IT security budget to address every vulnerability. But the loss of sensitive data from a breach is NOT inevitable.

    Data Loss Prevention (DLP) is a proven solution that stops the theft of sensitive data. The problem is, DLP is not widely deployed. Why? Put simply, DLP is hard. But just because it’s hard, doesn’t make it a less necessary component of your security strategy.

    In this webinar, Dan Geer and featured speaker Heidi Shey of Forrester will discuss:

    • Why and how CISOs need to get past the DLP horror stories and limited usage to prevent the inevitable intrusions from compromising sensitive data

    • What’s required for DLP to be a success

    • New DLP solution deployment options that get you all the data protection, without the deployment and management headaches.
  • DevOps is now over 5 years old and many advancements have been made.

    In this talk, we will review what's going on in the space, and discuss current trends and where we envision DevOps is going over the next few years. Specifically, we will cover the rise of containers, the "move to the donkeys", the greater incorporation of security into the development pipeline, the movement on network and databases as code, cultural backlash and trends.

    This will be a panel style talk with Karthik Gaekwad (@iteration1) , Ernest Mueller (@ernestmueller), James Wickett (@wickett) with plenty of time with questions at the end of the talk.
  • The End of Support (EOS) of Microsoft Windows Server 2003 in July 2015 will put millions of enterprise servers at risk. And according to a recent study by leading analyst firm Enterprise Strategy Group (ESG), “More than 80% of enterprise and midmarket organizations still support Windows Server 2003 to some extent.” Newly discovered vulnerabilities will not be patched or documented by Microsoft. Hackers know this and will be targeting new exploits at the considerable number of Windows Server 2003 servers still in use. In this webinar, ESG will share the significant findings from its recent survey of Microsoft Windows Server 2003 customers. Also, Trend Micro will discuss how to protect your legacy Windows 2003 server environment while you plan your move to newer platforms. Join us and learn how to:
    * Protect and secure your Windows 2003 Servers after EOS
    * Build a comprehensive security strategy with virtual patching (IPS), file integrity monitoring, and anti-malware
    * Ensure your organization is protected across physical, virtual, and cloud environments as you migrate to newer platforms such as Windows Server 2012 and Azure