Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
Identity Access Management is a complex matrix of requirements meant to assure that only the right people have access to your data. This requires the creation of a rules, roles, and a method for preserving information about access rights. In other words, we create 'big data' that then must be mined to find the most risky individuals and risky behaviors. By starting with a risk-based approach, finding those behaviors and individuals is easier. Explore with us as we examine how risk values can be assigned as you build the database so that analyzing and reporting become easier.
As mitigating third party risk becomes an essential business function across many industries, business relationships will be tested. Organizations must now subscribe to a “trust, but verify” philosophy to ensure their third parties are secure. To verify vendor security, organizations now use BitSight Security Ratings, which are gathered externally and don’t rely on any vendor input.
On August 27 at 1:00 pm EST join Debbie Umbach, Director of Product Marketing at BitSight as she discusses the best practices for implementing vendor security ratings. Viewers will learn:
- different approaches for incorporating BitSight Security Ratings into vendor risk management (VRM) programs, whether your program is just getting started or is well underway
- how companies have used BitSight Security Ratings to notify key vendors of security incidents
- how vendor ratings can allow for more effective communication and thus greater transparency
Non-targeted, opportunistic, targeted, and insider are 4 threat types, or groupings, that have been understood by the security community at large for years. These groupings of threats are largely based on motivation, prevention, detectability, cost, and impact to those affected. On the defensive side, the concept of defense in depth where you secure the outer perimeter to prevent threats, monitor the interior perimeter for anomalous behavior, and apply tight restrictions to the most sensitive data and system has also been a proven approach to minimizing the impact of threats.
Join Wade Woolwine and Mike Scutt from Rapid7’s threat detection and incident response team to discuss how making threat groupings, the attack lifecycle, and defense in depth part of your overall security program planning can help you apply your resources in a way to maximize prevention, detection, and response for a more effective ROI.
As the threat landscape continues to evolve and expand, how best can your security solution adapt to the changes? To keep up with the pace, IT security needs quick and accurate information in order to identify and remediate these incidents. The new updates for Trend Micro OfficeScan and Trend Micro Control Manager offers you just that. A better security with products working together to provide customized defense to help you rapidly adapt and respond to this ever evolving threats.
Join this webinar to learn:
1.Trend Micro’s new technology to protect against Ransomware
2.What’s new with the release of OfficeScan 11 SP1 and Control Manager 6.0 SP3
3.How does our “Connected Threat Defense” fits in your company security
When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective.
In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions.
Security Researcher, Cameron Camp, discusses seven ways in which malware threatens your virtual systems and the increasingly mission critical data and services that those systems handle. Given a thriving black market in stolen information, and the wide availability of the tools with which to acquire it, no virtual attack vector is likely to be neglected by the bad guys, from compromised executables in virtual server images to virtual networking connections between mobile end points. Drawing on the latest malware research, Camp looks at how malicious code is adapting, and may be adapted, to penetrate virtual systems.
Cloud applications are fueling the data sprawl issues plaguing today’s businesses. With the rapid adoption of popular cloud applications and other cloud services, organizations must change the way data is managed, protected, and governed.
The dispersion of data to laptops and mobile devices made up the first wave of data moving outside the data center. IT must now address a second: end user data going into the cloud. So how do organizations address their enterprise data availability and governance needs in this new world? With a new approach that follows the user and not their device.
With Henry Baltazar, Sr. Research Analyst at Forrester Research, you will learn about:
- The risks and data challenges posed by the adoption of popular cloud applications
- Strategies to ensure data archiving, search and audit and eDiscovery for cloud application data
- Opportunities to manage and control dispersed data, whether residing on laptops, mobile devices or in the cloud in a single, unified view
Get inspired by real world cloud migration success stories. Tom Flanagan, Vice President of Technology, Alain Pinel Realtors and Steve Novoselac, Director of Digital Technology, Trek Bicycle Corporation, share their first-hand experiences of moving to the cloud, along with insights and pointers for your own successful transition.
Test Kitchen makes it easy for you to test cookbooks on a variety of platforms. With Test Kitchen, you can quickly create test nodes, converge them, and then run tests against them to verify their state.
Join Chef engineer Fletcher Nichol as he explains how to use Test Kitchen to write and maintain Chef cookbooks with confidence. Fletcher will discuss:
- How to set up your workstation
- How to create a new Chef cookbook that runs on your target platform
- How to deal with new operating system and Chef client releases
- How to play in the world of Windows
In the landscape of vulnerability management, you know that effective prioritization of vulnerabilities is the difference between "playing the numbers game" and truly being an InfoSec rock star. But too often, our primary resource--the CVSS--is relied on too heavily, with disastrous consequences.
Michael Roytman, Chief Data Scientist at Kenna, will explain what IT security professionals miss by placing too much trust in CVSS when it comes to prioritization efforts. He will also explain what information should absolutely be taken into consideration in order to focus on vulnerabilities posing the greatest risk. Topics covered include:
- Why CVSS sometimes gets it wrong
- Specific examples of serious exploits being given low scores
- What IT security professionals should do to supplement CVSS
- How the proper use of threat intelligence can accelerate your vuln management program
Are you ready for your next security audit from one of your most important customers? This webinar will help you gauge your readiness and identify areas you need to improve.
Sophisticated cybercriminals have identified third party suppliers and service providers as a lucrative back door to steal sensitive corporate information. Consequently, many companies are facing increasing pressure to meet stringent data protection audits from their largest clients.
Based on our experience with a range of customers who have had to meet stringent partner data protection security audits, we’ve identified the most common data protection audit questions.
– The 12 most common questions in a client data protection audit
– What the client is really looking for with each question
– Guidance on your “audit readiness”
A recent report by Forrester Research identified security as being the "top concern" for enterprise technology and business decision-makers for IoT*. While the Internet of Things offers great potential for businesses to create new services and improve operational efficiencies, it offers a greater potential for security breaches.
Join us for a compelling webcast that will walk you through the latest security insights for combating IoT risks.
We will also discuss:
- Key trends driving IoT
- Vulnerabilities within your organization that you need to be aware of
- The latest strategies and techniques cyber-criminals are using today
- What your organization can do to address these security risks
Availability is one of the core principles in the security CIA triad and one which business leaders tend to grasp more so than other technical risks associated with security. Customers want and expect access to their finances anytime and from anywhere. How is the financial industry grappling with distributed denial of service (DDoS)? What is the financial impact to an institution under DDoS attack? Are financial services firms witnessing an increase in DDoS attacks and duration? If so, what countermeasures are in place to ensure availability does not suffer?
Lastly, what is the financial services industry relying on as sources of intelligence?
Join us to hear answers to these questions and more as IANS Research and Arbor Networks present poll results from financial services’ security executive management surveyed.
Organizations spend billions on data security solutions and tools. Yet, high profile data breaches continue unabated. Join our live webinar on Tuesday, August 25, 2015 at 10:00 am PT/1:00 pm ET to find out how to identify and tackle these blind spots that put your business at risk.
Be honest: you don’t know how your employees are sharing sensitive information outside the company.
You’re not alone. Half of respondents to a recent Ponemon Research survey acknowledged they don’t have visibility into how employees are using file sharing applications. Cloud collaboration solutions make your business more productive, but without proper controls they can quickly lead to data loss, security breaches, and regulatory failures.
Join Intralinks, a leader in secure content collaboration solutions, and Netskope, a pioneer and leader in safe cloud enablement, as they discuss:
· How to uncover and secure file sharing applications being used in the organization
· Ways of enforcing regulatory compliance and governance across the enterprise, to ensure that information is always within your control
· Approaches that will help support pending data privacy legislation
Target lost 40,000,000 records in 2014 in a breach that cost them $148 million dollars. Ouch. They had lots of fancy tools watching the perimeter, but fell short when it came to securing insider access.
Protecting against insider threats, whether malicious or accidental, is extremely difficult, especially when 71% of employees say that they have access to information they aren’t supposed to see.
Despite past investments, obtaining a trusted 360-degree view your customer information across business lines to increase wallet share, streamline client on boarding, and improve customer experience has been difficult to achieve in the financial services industry. If these challenges are familiar to you, you are not alone. But what does it take to achieve success and become Customer Ready?
It starts with treating data as a critical business asset, investing in a repeatable data governance program, supported by the latest data management solutions. Solutions that automate the creation, governance, and sharing of trusted customer profiles across the business that require a single, trusted, and consistent view of their customers, accounts, products, and business relationships.
Join us for this special one-hour webinar as Informatica experts show the latest and proven Customer Ready solutions adopted by leading financial institutions to support the industry’s most pressing needs from growing revenue to complying with new and existing regulations. During this session, you will see how Informatica solutions can help:
*Automate the connection, cleansing, reconciliation and enrichment of disparate customer data on an ongoing basis
*Relate customer profiles across product and business lines with critical data about interrelated customer, accounts, products, services, and employees to gain a multi-dimensional view of customers’ preferences and interactions
*Future-proof customer-centric strategies with flexible technology that quickly adapts to changing business needs and new data sources
Register today and learn how great data can fuel your financial enterprise with trusted customer profiles.
Detecting, Analyzing, and Mitigating Advanced Threats, Presented by Charles Hesifer, Security Engineer, ThreatTrack Security
Your traditional security solutions are not cutting it. The number of data breaches in 2015 is on a trajectory to surpass that of 2014. We need a purpose-built solution – one that works against today’s advanced and unknown attacks.
Register now for this webinar where you will:
- Learn why protecting at the perimeter is an on-going challenge
- Find out the importance behind detection, visibility and mitigation across your network
- Hear how ThreatTrack offerings can help proactively protect against unknown threats and give you visibility into attacks in progress
The consumerization of IT, bring your own device (BYOD), and software-as-a-service (SaaS) provide organizations with impressive productivity gains, but bring with them the challenge of secure management. Grady Boggs, Principal Security Specialist, illustrates the Microsoft comprehensive cloud solution, the Enterprise Mobility Suite (EMS), and details how users can stay productive while keeping corporate information safe and secure.
Our dependencies are clear. Organisations have become virtual, and all of this progress relies on systems and infrastructure that no one organisation maintains, and there is no turning back. Significant time and resources are being dedicated to coping with mistakes and oversights, while remediation time following system or data compromise is steadily getting longer.
Industry has been cornered into a reactionary position addressing incidents as they occur.
Such concerns are set to dominate discussions at the 2nd Annual (ISC)² Security Congress EMEA, October 20-21 in Munich, Germany.
Join (ISC)², Infosecurity Magazine and two of the several top notch (ISC)² Security Congress EMEA speakers to examine our progress, how to challenge our reactionary position, and what is required to look forward to the future.
Moderator: Michael Hine, Deputy Editor, Infosecurity Magazine
Panellists: Adrian Davis, Managing Director, (ISC)² EMEA; Yiannis Pavlosoglou, Director of IT Risk, UBS; Georg Freundorfer, Director Security EMEA, Oracle
WIN A FREE TICKET TO CONGRESS!
(ISC)² is giving away 3 delegate passes for the 2015 (ISC)² Security Congress EMEA, to delegates who view the webinar for a minimum of 50 minutes. Winners will be announced live at the end of the webinar and subsequently emailed with information on how to redeem their prizes. The free pass is valid for all sessions including pre-conference workshops and networking opportunities. For further details on the prize draw and full T&C’s, please copy and paste the following link to your browser: http://bit.do/isc2emeacongressprize
Traditionally, most organizations have used email for sending files to colleagues or clients. However, as files increase in size and email attachment limits are an issue, employees are forced to either use old-fashioned FTP or circumvent company regulations by turning to insecure consumer-grade applications. 72% of the people we surveyed do! Let us tell you about a better way.
Join us to learn 4 key best practices:
1) Don’t mess with what users know – continue to use Microsoft Outlook to drive file transfers (just don’t leave it to Outlook to deliver them)
2) Don’t leave it to users to decide when something is too big or too sensitive to send by email
3) Do make the experience better and faster for users (as opposed to more complicated and slower)
4) Have a policy (and protection) that covers email-based sharing even when mobile
With Workshare, employees can email links to files, eliminating the need for attachments, while continuing to us the familiar Outlook to do it. Policy-enforcement means companies can secure, track, and expire file access and activity beyond the corporate firewall.
Workshare also uses its customizable policy engine to ensure that the content that is shared is secured and removed of any sensitive information before it is shared.
Intelligently scan and secure documents too large or too important to send by email. IT can set policies to determine when a file is too large to send, or critically when to block or clean a file if it contains sensitive hidden data that would expose the company to risk.
Knowing what IT assets you have and how to protect them is increasingly a challenge as globalization, virtualization and mobile assets create new endpoints and new opportunities for hackers to infiltrate. Now you can move beyond traditional scanner-based approaches to strengthen endpoint security with a free solution from Qualys.
Discover how the Qualys AssetView gives you a fast, actionable view of all IT assets while helping to:
> Gain comprehensive, scalable and always up-to-date view of endpoints — with continuously updated inventory of asset details, scaling to millions of assets
> Deliver fast, accurate and actionable data — with a new layer of intelligence into the current state of endpoints, including details about services, file systems and registries as well as information to manage and secure systems
> Minimize impact on systems and networks — by keeping itself lightweight and up-to-date to eliminate the need to reboot
> Handle virtualized environments with ease — by keeping track of the constant proliferation of images inside and outside of the environment
Join Gartner Research Vice President, Tim Zimmerman and Fortinet Product Marketing Manager, Matt De Vincentis in a Fortinet sponsored webinar, as they answer some of the common security questions related to cloud-managed enterprise Wi-Fi infrastructure.
Verschlüsselung ist langsam, kompliziert und schwer zu managen! Diese Vorurteile sind lange überholt. Verschlüsselung ist heute wichtiger Bestandteil einer umfassenden Sicherheitsstrategie.
Armin Simon zeigt Ihnen in diesem Webinar, wie Sie als Security-Verantwortlicher Verschlüsselung in Ihrem Unternehmen auf ein solides Fundament stellen. Welche Ansätze haben sich bewährt und wie finden Sie die für Ihr Unternehmen passendste Lösung?
Any data breach is costly and disruptive, but for pharmaceutical businesses, medical device companies, and others in the life sciences field, the need to protect and manage sensitive data (PHI, PII, and IP) make these challenges even more complex. The real world costs of compromised data can be staggering, not just in fines, but in employment and business reputation loss as well.
Join FDA IT compliance expert Angela Bazigos,Chief Compliance Officer of Morf Media, and Druva to learn how life sciences companies are managing their sensitive data in an environment of increasing risk and regulation. You’ll discover how to protect and manage this data to meet compliance regulations and significantly decrease the risk of data exposure, including that of highly-regulated HIPAA data.
Register for this webinar to learn about the:
* Increasing risk to PII, PHI, and IP data in an age of breaches and growing data dispersion
* Changing regulatory landscape that adds greater complexity to corporate workflow
* Best practices to monitor and respond to compliance and legal requirements for dispersed sensitive data, including mobile technologies and cloud services
* Proactive approach to compliance to help your business avoid data risks and better address compliance and legal requirements
Angela Bazigos, is the Chief Compliance Officer of Morf Media. She has 40 years of experience in Life Sciences spanning GLP, GCP, GMP, Medical Devices & 21 CFR 11 and has a patent aimed at speeding up Software Compliance.
Ken Rosen, Co-Founder of PerformanceWorks
Ron Weismann, CMO of PerformanceWorks
In this webinar, we will show with concrete examples why it is so important to implement correct user and data security controls to secure your cloud and virtual environments. You will see how easily controls can be bypassed and compromised, why software keys are simply not good enough, and how your personal life threatens your business and work life. This presentation will stress the importance of using data and user centric security models vs. conventional data security practices. Join (ISC)² and Gemalto-Safenet in this webinar to learn what we call: unsharing your data.
Organisations worldwide continue to struggle to attract and retain skilled information and cybersecurity professionals. Overcoming this challenge requires a more imaginative, business and people-centric approach to the recruitment of security professionals. However, once you have the right people in place, it is imperative to retain them and use their skills to embed positive-information security behaviours throughout the organisation.
So in an era where cyber security is a C-suite business challenge, how can board colleagues work with security professionals and others within the enterprise to address these issues?
Join Steve Durbin, Managing Director of ISF Ltd, for a 45 minute webcast, where he will discuss how organisations can develop and implement an information security awareness culture that will engage with employees at all levels.
Data visualization tools empower Business Analysts to synthesize millions of variables and piles of spreadsheets into functional dashboards. Unfortunately, in many companies, the need for better data is not part of the drive for better dashboards.
The reality is, today’s data visualization tools are only as good as the data they reflect. Helping users consolidate, transform and deliver the most accurate and up-to-date information is critical to leveraging your dashboards and the data behind them. In this live webinar, you’ll learn:
• actionable steps to improving data prep for data visualization
• why agile data governance and management is key to data visualization success
• strategies for adopting an agile, self-service approach to data access, analytics and visualization.
Lyndsay Wise joined EMA in 2015 as Research Director for Business Intelligence (BI) and Data Warehousing, focusing on data integration, data governance, cloud technologies, data visualization, analytics, and collaboration. In 2007, Lyndsay founded WiseAnalytics, a boutique analyst and consulting firm focused on business intelligence for small and mid-sized organizations. She has over 10 years experience in software research, BI consulting, and strategy development, specializing in software evaluation and best-fit solution selection. Lyndsay is also the author of Using Open Source Platforms for Business Intelligence: Avoid Pitfalls and Maximize ROI.
The Cloud provider market is crowded and offerings vary greatly from provider to provider. How do you ensure that a Cloud product meets the particular needs of your business? Assistant General Counsel Dennis Garcia discusses how one goes about choosing a Cloud provider and provides tips and tricks as to how to approach the move to the Cloud within your organization to ensure a successful transition.
How do you create a secure Chef workflow in a DevOps organization? In this webinar, Senior Solutions Architect Matt Stratton and Support Engineer Josh Glass will share ways to secure the Chef server, the Chef client, and the workstation where you run Chef DK and knife commands. They will also discuss some techniques for implementing these security best practices in a DevOps organization.
Digital transformation is happening faster than you think. Traditional businesses are evolving into “composable enterprises” built out of connected software services and applications. Today, businesses need to quickly connect applications, data and devices, and their ability to stitch all these parts together determines whether they win or lose in the market.
In this webinar, you’ll learn 3 ways to prepare your business for the future, including how to leverage your existing assets, develop a mobile and SaaS strategy, and use connectivity for greater agility, flexibility, and revenue. R ‘Ray’ Wang, Principal Analyst and Founder of Constellation Research, and Ross Mason, MuleSoft’s founder and VP of Product Strategy, will discuss lessons learned from top businesses and trends among CIOs who have successfully navigated today’s hyper-connected business environment.
How well is sensitive data understood and protected in organizations? Are you protecting what should be protected? In this session, you will hear the details of how and why sensitive data risk and protection should be the foundation of modern information security strategies and tactics. Given the eventuality of network breaches, organizations must do all they can to ensure that their data is understood and protected to reduce the magnitude and scope of data loss. We will reference a survey conducted by the Ponemon Institute and Informatica on what organizations know about their sensitive data, how data security controls are used, and the key issues and challenges of securing sensitive and private data. While security and privacy professionals have enumerable tools for information security, what they should target and protect is not clearly understood. Better data protection comes from understanding the risks of sensitive data and precisely applying controls to mitigate sensitive data loss.
This data-centric approach to security provides numerous and immediate value for organizations to improve their data security and privacy profile, including:
• Uncovering the unknowns of data risk as mobile, cloud & big data create exponential growth by identifying how sensitive data is growing and spreading across organizations and its associated risk
• Targeting risks and data controls to focus security investments on the systems where sensitive data is created, shared and at risk
• Improving security efficiencies, automating sensitive data risk analysis, and providing on-demand risk audit for regulatory compliance
Please join us at this webinar to hear Adrian Lane, Security Analyst at Securosis, and Bill Burns, CISO at Informatica, discuss best practices and strategies for data-centric security. Josh Alpern, VP Business Development at Informatica, will also share his hands-on efforts in helping Informatica customers reduce sensitive data risk and improved breach resiliency.
Our SURVIVAL GUIDE webinar series has taught you how to FIX all of your problems and to make sure that your changes and policies are ENFORCED.
Now it’s time to make your life easier AUTOMATING the repetitive and time-consuming processes involved with managing your SharePoint deployments.
Sounds great, right? But what does that mean? How would you like to:
* Get end users the resources they need quickly by providing clear direction about what services are available and how to use them?
* Offer an out-of-the-box service catalog for your users to choose from?
* Fulfill requests for provisioning, administration, security, content and lifecycle management changes without having to burden IT?
* Automatically tag, classify, and apply retention policies from the creation of documents to full site collections?
Register now to join AvePoint Field Product Manager Edmund White, as he shows you how our SURVIVE GUIDE can automate the steps involved in configuring, managing, and enforcing SharePoint governance and compliance policies.
Don’t JUST SURVIVE, be a force for change and get back to focusing on more strategic, higher-value operations.
Resource management is one of the most trending topics in Project Portfolio Management. The itd Assignment Editor allows users to plan assignments directly via the CA PPM web interface without connecting to Open Workbench or Microsoft Project.
Requesting capacity for projects is now simpler and easier than ever.
Joerg Leute will demonstrate and explain in this webcast how to use CA PPM and the itd assignment Editor to improve the resource management process.
How Targeted Threat Hunting Inspects Your Network for Cyber Attacker Presence.
Many organizations have some form of information security protection in place but also wonder "Have I already been compromised?" A cyber threat such as malware or even a large scale Advanced Persistent Threat could be hiding in file systems and several other areas of your network that may go unnoticed by the untrained eye. A deep inspection of your networks is an excellent way to identify the presence of compromises and entrenched threat actors operating in your environment.
During this interactive webinar, Justin Turner, Delivery Team Manager from the Targeted Threat Hunting & Response Team, will share why it is critical to identify targeted threat indicators of attacker presence and leverage threat intelligence to provide context to determine how to engage and resist the adversary.
In addition you will:
- Learn what Targeted Threat Hunting is and why it is important.
- Hear real-world examples of previous incidents and how targeted threat hunting was used to remove entrenched adversaries.
- Receive a standard list of questions that should be answered during an engagement.
Cyber criminals are also gearing up for the Christmas rush, as they know that the IT team is often too busy keeping Point of Sale systems and servers running smoothly to be on the lookout for signs of attack. What’s more, according to our recent survey, nearly 20% of businesses actually turn off antivirus during rush periods to avoid slowdowns.
The challenge is securing cardholder data and maintaining PCI compliance during this vulnerable period.
Join (ISC)² and Bit9 to learn about the potential cyber threats facing your organisation this Christmas holiday season and what you can do about it.