IT Governance, Risk and Compliance

Community information
Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
  • View from the CISO Chair - Security as Business Risk with Tom Bowers, Principle Security Strategist, ePlus
  • Security event management continues to evolve as data breaches put more pressure on detective defenses providing continuous monitoring. Many companies have invested strongly in preventive defenses to stop attacks before they infect. Now the game changes to detecting the unknown and this requires scale and performance of SIEM solutions with increasing context for depth and visibility in the hands of security experts with an analytics mindset. Not everyone can play on this field, learn your options.

    Attendees will learn:
    - SIEM architecture changes for visibility
    - Increasing complexity of data analytics to explore
    - SIEM taxonomy and trade-offs between generations
    - Analyst recommendations & best practices
    - Why resources are key to SIEM success
  • Increasing data and network complexity give hackers more to steal and more ways to steal it. Most organizations cannot hire enough skilled IT security personnel to keep up.

    Join us for this informative and timely webinar, in which our experts will offer you seven golden strategies to mitigate IT risk and help you:

    • Reduce the greatest risks first
    • Stretch your team for optimal results
    • Creatively augment budget, skills and headcount.
  • Information technology brings many benefits to a business, but it also brings risks. Knowing how to assess and manage those cyber risks is essential for success, a powerful hedge against many of the threats that your business faces, whether you are an established firm or pioneering startup. ESET security researcher Stephen Cobb explains how cyber risk assessment and management can work for you.
  • The importance of protecting sensitive data is gaining visibility at the C-level and the Boardroom. It’s a difficult task, made even more so by the shortage of security experts. One option that more and more companies are pursuing is the use of managed security services. This can enable them to employ sophisticated technologies and processes to detect security incidents in a cost-effective manner. Should managed security be a component of your security mix?

    In this webinar, Ed Ferrara of Forrester and Mark Stevens of Digital Guardian will discuss:

     When does it make sense to utilize managed security services

     How to the scope the services your company contracts out

     Questions to ask when evaluating managed security services providers

     The key criteria for selecting managed security providers
  • In the last few years, security breaches have occurred in various shapes and forms and have shaken up many organizations, especially those in the retail industry. Approaches for auditing and assessment vary from one governance, risk, compliance (GRC) company to the next. Simply checking a box for each regulatory requirement is not sufficient. An approach to meet the challenges that go beyond compliance and address an appropriate security posture should be adopted by organizations.

    This webinar, presented by Dan Fritsche, Managing Director, Application Security at Coalfire Labs, will help you understand the potential costs of failing an audit or getting breached even after having passed a Payment Card Industry Data Security Standard.

    Topics covered include:

    Brand Damage
    Loss of Revenue
    Downtime
    Privacy Penalties
    Forensics Investigations
    Cyber Insurance Coverage

    The presentation will also highlight the steps that organizations can take to address cyber-security risks.
  • Willbros, a leading infrastructure contractor serving the oil and gas industry, leverages Amazon Web Services (AWS) and Trend Micro Deep Security to quickly design and deploy agile, secure cloud solutions to protect their vital data. Moving to AWS allows organizations to leave their infrastructure behind and start fresh – architecting for flexibility and scalability. However, bottlenecks are created when traditional on-premises security approaches and tools are used. Learn how Willbros unleashed innovation in the energy industry by taking a greenfield approach to security in AWS. Attend this practical webinar by AWS, Trend Micro and Willbros to learn how you can design a flexible, agile architecture that meets compliance requirements and protects your most valuable asset – your data. Jason Cradit from Willbros will share their experience on how they achieved building robust and secure pipeline management systems in the cloud.

    In this webinar you’ll learn how to:
    - Architect a secure application using a combination of AWS services, Trend Micro services, and configurations
    - Understand how host-based protection improves application security, as well as agility and flexibility
    - How to protect workloads from attack, without hampering performance
  • Die Inhalte sind migriert, technische Hürden gemeistert und SharePoint erfolgreich implementiert. Was viele Unternehmen jedoch unterschätzen – Mit der alleinigen Bereitstellung von SharePoint ist es in der Regel nicht getan. Das Zauberwort: User Adoption. Was nützt das modernste Deployment und die beste Software, wenn es den eigentlichen Usern an Vertrauen und Wissen im Umgang mit der Plattform fehlt und sie eine Verwendung der selbigen lieber umgehen?
    Patrick Lamber, SharePoint MVP, und Robert Mulsow, Senior Technical Solutions Professional bei AvePoint, haben es sich in diesem Webinar zur Aufgabe gemacht, Ihnen gemeinsam Best Practices für eine erfolgreiche Einführung und ressourcenschonende, richtlinienkonforme Verwaltung von SharePoint an die Hand zu geben, damit Ihre Endanwender SharePoint in vollem Umfang nutzen können und auch wollen.

    Anhand eines konkreten Beispielprojekts erfahren Sie:

    • Wie die Einführung von SharePoint nicht nur theoretisch zum Erfolg wird, sondern Endanwender sich ihren Arbeitsalltag gar nicht mehr ohne vorstellen können.
    • Welche Hindernisse, Vorurteile und Probleme es hierbei zu bewältigen gibt
    • Wie man es schafft, die Anwendung erfolgreich bei den unterschiedlichen Mitarbeitern im Unternehmen zu etablieren, damit SharePoint zum durchschlagenden Erfolg wird.
  • According to Gartner, “through 2019, more than 50% of data migration projects will exceed budget and/or result in some form of business disruption due to flawed execution."(1) Furthermore, 1 in 6 large IT projects go over budget by 200%, according to a Harvard Business Review article. It is widely recognized that application migration and consolidation projects are “risky business” – high-ticket items for the corporation, with a scary chance of failing. If you are undertaking any IT modernization or rationalization project, such as consolidating applications or migrating applications to the cloud or ‘on-prem’ application, such as SAP, this webinar is a must-see.

    The webinar is going to shine the light on the critical role that data plays in the success or failure of these projects. Application data consolidation and migration is typically 30% to 40% of the application go-live effort. There is a multitude of data issues that can plague a project like this and lead to its doom, and these are not always recognized and understood early on, which is the biggest problem.

    In this webinar, Philip Russom of TDWI will walk us through the potential data pitfalls a corporation should consider when undertaking an application consolidation or migration project. Philip will share best practices for managing data in order to minimize risks and ensure on-time and on-budget delivery of these projects. Rob will discuss Informatica’s unique methodology and solution to support these best practices. Rob will also share real-life examples on how Informatica is helping customers reduce risks and complete application consolidation and migration projects on budget and on schedule.

    1) Gartner report titled "Best Practices Mitigate Data Migration Risks and Challenges" published on December 9, 2014
  • Disruptive forces are accelerating a change in workplace technology, leaving organizational data at risk. In the past, IT was able to create a ‘walled garden’ with clearly set protocols for how data came in and out of the organization. This is no longer the case.
    As a response, Workshare recently hosted a series of roundtables and polls, where we asked CIOs and senior IT professionals how trends in the workplace are affecting their IT strategy.

    Join us as we discuss how these trends are influencing IT strategies today, as well as the best practice for reducing risk.
  • Cloud and data center security can be dauntingly complex, and selecting the right vendor to engage with is a critical decision for any enterprise. However, cloud and data center security can be a difficult market to navigate. Are vendors backing up their marketing claims? How do different approaches stack up next to each other? What factors need to be taken into consideration when comparing products? Trend Micro has teamed with analyst firm ESG to sort these questions out, and encourage organizations to think differently when it comes to cloud and data center security.

    ESG conducted an independent economic evaluation to investigate the differences between Trend Micro and traditional security approaches, and are conducting a live webinar to present their findings. ESG and Trend Micro will give insight into the cloud and data center security market, ESG’s Economic Value Validation methodology, and the conclusions that were reached about the value Trend Micro is providing to their customers. Join us to learn more!
  • The Top Five Best Practices for Controlling Third-Party Vendor Risks.

    Target, Home Depot, eBay — look at almost any of the seemingly never-ending string of mega-data breaches, and you’ll find a common thread. Stolen or compromised user credentials, belonging to a privileged user with wide-ranging access to sensitive systems, served as the initial attack path. Often — in as many as two-thirds of cases — those credentials belonged to a third-party; a vendor or business partner who’s been granted internal access to your network. With those credentials in hand, attackers are free to roam about your IT infrastructure, seeking out and exploiting their ultimate goals. It’s a frustrating — and dangerous — challenge. You have to provide access to vendors, contractors, and business partners — but doing so often introduces unacceptable security risks.
    But these risks are manageable. Join us to learn the top five best practices for regaining control of third-party access, and the processes and technology necessary to stop unauthorized access and damaging breaches. In this webcast, we’ll discuss:
    • The identity, access, and security governance processes needed to protect your network
    • How to ensure positive user identification to prevent credential theft and misuse
    • Techniques to limit access to only those resources required to satisfy work or business requirements
    • Preventing the unauthorized commands — and inadvertent mistakes — threatening your network
    • Establishing monitoring procedures that flag violations and speed forensic investigations
  • Source code management systems contain the crown jewels of a software company's intellectual property. Effective auditing gives you a picture of who's accessing that IP and when changes are being made. This information can satisfy compliance and security requirements and give you new insights into your development practices. In this webinar we'll explore standard and extended audit reports available for Subversion and Git administrators.
  • The need to share content -- securely, collaboratively, immediately -- is critical to your job. You’re working with outside agencies and business partners, sharing documents that contain sensitive data like product designs, ad campaigns and customer data, to name just a few.

    According to research from the Ponemon Institute, more than six out of ten people report having accidentally forwarded files to individuals not authorized to see them. It’s time to create some good habits that will allow you to collaborate with internal and external resources and be 100% compliant with the regulations that govern your industry.

    Please join us for an interactive presentation about how new habits and tools can make it easy for you to be efficient and compliant, without sacrificing speed or creativity.
  • Organizations across industries face an ongoing challenge to meet the stringent data-related regulatory compliance requirements. The major pain points boil down to accessing quality data that provides the necessary auditability and transparency required by auditors and regulators, and the ability to prove that sensitive data is being protected. Those data related problems present a daunting obstacle for your company to meet current as well as future compliance requirements.

    A holistic, agile data governance program can help companies address the above data challenges and become regulation–ready. A well-designed data governance program delivers the following:

    •Guaranteed access to clean, relevant, trusted and auditable data to create accurate and auditable reports to meet compliance mandates.
    •Improved operational efficiency by enabling a collaborative and repeatable process across key stakeholders
    •Enabling a true data-driven business environment for your organization to drive continued innovations and growth

    Please join us to hear David Loshin, established industry expert in data governance and data quality, and Rob Karel, VP of Strategy and Product Marketing at Informatica to discuss best practices for data governance, how organizations can leverage data governance programs to address existing and future compliance requirements, and how to turn your data governance program into a strategic initiative that drives significant business benefits for your organization.
  • Do you run mission critical applications in the cloud? If the answer is yes, then you already know how important it is to have visibility into all aspects of your infrastructure. An alert telling you your application is down is no longer sufficient. Today’s IT managers need to be made aware of potential problems before they arise.

    Join me, Dan Waymire, Sr. Account Manager at HOSTING, for a webinar on May 28th at 3 p.m. EST to learn how Hosting can provide unprecedented visibility into your infrastructure, allowing you to be one step ahead of service impacting events. Leveraging the industry leading ScienceLogic platform, I will cover the following:
    •A demonstration of how you can build real-time dashboards showing availability, utilization, and performance of your entire IT infrastructure
    •A walk-through of an Executive dashboard showing your leadership team the application availability in real time
    •IT manager dashboards capable of showing utilization & performance of web servers, database servers, switches, and firewalls all in a single pane of glass
  • Problem Management is one of the most useful processes within ITIL as it allows an organisation to identify the underlying issues that generate incidents over and over again and removes them. It supports the change from reactive to proactive and makes customers happy by providing information and a process on those annoying issues that keep coming back to haunt them, and when they can expect to see them gone forever. However, with all this to offer many organisations still struggle to get the funding to implement this process as its seen as a duplication of effort with incident management.

    Join Peter Hubbard, Pink Elephant, as he shows you how to set up this process on a part time, unfunded, but effective way. The point is not to say that Problem Management does not need a budget, its to show you how to build up support by doing the basics anyway and showing how much better it could be if the organisation DID fund it properly!
  • •¿Sabía que el 14 de julio finalizará el soporte del producto Windows Server 2003?
    oDespués de esta fecha , Microsoft dejará de emitir parches de seguridad , dejando a estos sistemas en un estado de vulnerabilidad alto frente a los ataques de día cero y otras formas de código malicioso.

    •Conozca a que riesgos se expone si no hace frente a esta situación y como Symantec le ayuda a proteger sus sistemas ante la finalización del soporte para estos sistemas.
  • Seit Edward Snowden ist bekannt, wie systematisch Informationen ausgespäht und manipuliert werden. Was hat sich seither wirklich verändert und was ist die konsequente Schlussfolgerung? Wir zeigen Ihnen, wie sie auf Basis einer angepassten Sicherheitsstrategie die richtigen Lösungen für Ihre Sicherheitsanforderungen finden.
  • End-point data protection is fundamentally changing. End-points have moved from desktop to mobile with BYOD, and the data protection envelope is extending beyond simple backup and recovery solutions to include continuous data availability, security, and compliance.

    During this webinar to learn how Syncplicity’s enterprise file sync and share solution helps extend the data protection envelope across your enterprise.
  • The End of Support (EOS) of Microsoft Windows Server 2003 in July 2015 will put millions of enterprise servers at risk. And according to a recent study by leading analyst firm Enterprise Strategy Group (ESG), “More than 80% of enterprise and midmarket organizations still support Windows Server 2003 to some extent.” Newly discovered vulnerabilities will not be patched or documented by Microsoft. Hackers know this and will be targeting new exploits at the considerable number of Windows Server 2003 servers still in use. In this webinar, ESG will share the significant findings from its recent survey of Microsoft Windows Server 2003 customers. Also, Trend Micro will discuss how to protect your legacy Windows 2003 server environment while you plan your move to newer platforms. Join us and learn how to:
    * Protect and secure your Windows 2003 Servers after EOS
    * Build a comprehensive security strategy with virtual patching (IPS), file integrity monitoring, and anti-malware
    * Ensure your organization is protected across physical, virtual, and cloud environments as you migrate to newer platforms such as Windows Server 2012 and Azure
  • As a security professional, information sharing with other organizations is big part of your job. However, when it comes to information about attacks and vulnerabilities, there are limited accepted resources—leaving knowledge sharing to an informal process with only a few select contacts.

    Now you can get better information about the top vulnerabilities that need your attention and what to do about them. Learn more about the US-CERT Top 30, a publication that provides guidance in the vulnerability field.

    Join this webcast for a closer look, so you can:

    > Learn about the top 30 vulnerabilities — that comprise most of targeted attacks against critical infrastructure

    > Understand how the US-CERT condenses — security data into a single report

    > Apply and implement recommendations — against your infrastructure

    > Share this new data point with your colleagues — at other companies
  • For many organizations, adherence to regulatory guidelines is the ruler by which to measure their security posture. While compliance is an important part of overall risk management, studies have shown that security education in areas like secure application development and security awareness can help in preventing attacks and deterring cybercriminal activity.

    In this interactive, online session, you will learn how course-based eLearning empowers employees to recognize potential security risks throughout their daily workflow. Hear examples of how organizations can implement effective, scalable training - enabling the business to protect its assets and software developers, testers and security leads to build secure applications from inception to deployment.
  • James Hanlon, Security Strategist at Symantec, looks at both the current cyber poisons and potential antidotes to the cyber security challenge. The discussion will focus current threat landscape and the changes we are seeing in regard to hacking and cyber attacks. It will pose the questions to whether global intelligence & data analytics is an approach that can be used counter the most advanced threats.
  • Attackers are getting smarter, while repurposing what we thought were outdated techniques. So, how can your organisation stay safe?

    In the past decade we’ve seen the emergence of the world’s youngest profession – the Cyber-Intruders. These actors, often working normal 9 to 5 hours, Monday to Friday, are paid to break into systems and steal sensitive information or scope out a target for their employer.

    Crime-as-a-service has become a reality in cyber-space, with specialisms emerging which make it akin to a mini-industrial revolution. The techniques they use are often novel, though not always. Out-dated technology as well as lessons unlearned by organisations mean that persistent attackers can breach networks with relative ease.

    This talk aims to present the current state of the cyber threat landscape, what are the latest tricks attackers are using, and what should organisations focus on to keep data and systems secure.