Managing Information Security Risk

Dr. Jeremy Ward, Security Services Development Lead, HP Enterprise Security
This presentation looks at the issues faced by organizations in their management of information security risk. It considers how risk can be better managed by bringing together key stakeholders in a proactive and integrated approach; and it shows how HP can help with our end-to-end services.
Aug 17 2012
47 mins
Managing Information Security Risk
Join us for this summit:
More from this community:

IT Governance, Risk and Compliance

Webinars and videos

  • Live and recorded (2839)
  • Upcoming (88)
  • Date
  • Rating
  • Views
  • Join us for this short monthly webinar, in which we will provide you with the latest updates and insights into the constantly evolving online threat landscape. Using information sources such as the Symantec Global Intelligence Network, we will help you understand how you can continue to protect your company and your infrastructure.

    The goal is simple: to make the Internet safer to transact business – for you, your customers and everyone else with whom you interact online.
  • Now that NIST has published Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity, the long awaited CSF, what are the implications for companies? How can the CSF help your business improve its defenses? Cameron camp investigates.
  • Are attacks on your network and users still occurring, despite continuing efforts to stay on top of security? What impact would malware have on your business if it was able to gain internal access and steal sensitive information?

    Without solutions that can disrupt the chain of events that occur during an advanced attack, many businesses are still being infiltrated and losing data every day. This webinar will cover the best practices in disrupting attacks with content security solutions - connected to optimize protection.
    Join this webinar as:
    •You will learn the tactics used by attackers today to infiltrate businesses
    •You will hear about the leading technologies available to disrupt advanced attacks
    •You will walk away with the knowledge to assess your own environment, and optimize your security
    Businesses today face more advanced attacks than we’ve ever seen in the past – and defending against them takes a connected approach which can disrupt the multiple points of infiltration and exfiltration used in the process of a breach. With most attacks seen in the wild using phishing emails to reach their target, a web link or malicious file to deliver a payload, and an outbound stream of communication to exfiltrate data – implementing a Secure Email Gateway, Secure Web Gateway, and Data Loss Prevention technology together will provide a barrier difficult for even the most advanced attacks to overcome.

    Don’t miss this webinar if you have a stake in the security of your most valuable information, or are directly responsible for the implementation of security solutions to protect it. Register now for this 30 minute webinar.
  • As most IT Pros are aware, as of April 8th, 2014, Microsoft will stop releasing security patches for Windows XP. Unfortunately, most folks will not be able to migrate all Windows XP machines by that deadline. How will you limit the security risks posed by these now vulnerable assets? Join us for this webinar outlining practical strategies to help you cover your assets.
    In this session we'll cover:
    The primary attack vectors you need to consider
    Immediate actions you can take to limit the exposure of your XP assets
    Warning signs to watch out for that could signal an attack
    How to closely monitor your vulnerable assets with AlienVault USM
  • MDM implementations begin by solving the most pressing business problem in a single hub, mostly on-premise. They then expand to another use case, domain, or region, and might evolve to another MDM hub on cloud or in a different country. Whatever the journey might be, how do you tie the different hubs together in a hybrid or federated hub-of-hubs MDM architecture? Come to this session to learn how certain leading companies are solving this conundrum!

    In this webinar, you will learn:
    -What are the initial use cases that dictate MDM
    -How to determine if you should use the same MDM instance or a different one when expanding your use case
    -When to use on-premise versus cloud MDM

    In addition, we will explore examples of companies using hybrid MDM to manage multiple MDM hubs as well as evolving to the holy-grail of MDM architecture: Hub-of-hubs or federated MDM.
  • Cyberspace is typically the prime mechanism for conducting business. It also plays a key role in the socio-cultural lives of staff, customers and suppliers. By the end of 2013, revelations about how governments had been surrendering commercial and personal privacy in the name of national security left trust very badly shaken. And the timing couldn’t be much worse: many CEOs are ramping up their demands to take even greater advantage of cyberspace. So if this is where things are now, how will all of this look by 2016? How will new threats hurtling over the horizon complicate matters even further? Just what will organisations be able to rely on? And most importantly, are they powerless or can they do something now? This webcast spotlights the threats we'll be dealing with over the coming 24 months along with advice on the best ways of handling them.
  • As more and more companies look to take advantage of all of the benefits afforded with cloud-based infrastructures, the discussion often quickly turns to “How do we get there?” For some companies, this single migration question can create an insurmountable roadblock that either keeps them from moving to the cloud or severely delays their migration. Join Michael McCracken, HOSTING’s Director of Professional Services, as he explores different cloud migration strategies along with the benefits and risks associated with each of those strategies.
  • Anti-virus is not enough. McAfee Complete Endpoint Protection add defense in depth against the full threat spectrum from zero-day exploits to hacker attacks, as well as mobile devices such and tablets.
  • Protiviti has conducted the second-annual Executive Perspectives on Top Risks Survey. We obtained the views of more than 370 board members and C-suite executives about risks that are likely to affect their organisation in 2014.

    Join Managing Director, Mike Purvis and Director, Dirk Verwohlt for a discussion of the report findings.
  • With the release of PCI-DSS version 3.0 many organizations that are already PCI compliant or are working towards becoming PCI compliant are wondering what these changes will mean to their organization. In this webinar we will take a look at what has changed (and what hasn’t) and the impact this will have on how organizations approach PCI compliance.
  • Channel
  • Channel profile
Up Down
  • Big Data Security Demystified Recorded: Apr 8 2014 48 mins
    The presentation will discuss both the promises and challenges presented by big data analytics to information security. To help take advantage of the former without the penalty of the latter, we will learn about the building blocks of a big data security solution and explore the most cost-effective uses of big data analytics to enhance security.
  • Why Vendor-driven Threat Intelligence is not Sufficient Anymore Recorded: Mar 11 2014 43 mins
    While threat intelligence promises to help with the effective detection of advanced threats, it usually achieves the opposite: detecting the most predictable attackers. To be included as part of a vendor provided threat intelligence feed, an attacker must have tried attacking several potential victims before, and must have used the exact same method to be captured in the threat intelligence feed.

    In this presentation we will see how to make threat intelligence valuable for detecting advanced targeted threats directly aimed at your organization. We will see how to create a threat intelligence feed close to the target, as a shared effort between departments, subsidiaries or organizations working closely together to ensure identification of targeted threats. In addition we will see how to extend the term intelligence into additional detection mechanisms such as behavioral patterns.
  • Securing your On-line Applications with Fortify on Demand Recorded: Feb 25 2014 40 mins
    Web applications continue to represent a major source of risk to organizations. Not only is the number of web application growing but the associated risk is increasing as they are evolving from informational web-sites to interactive sites that capture customer data. The IT security teams are aware of the problem but all too often do not have then bandwidth to effectively assess these application or the budget to engage expensive penetration testers to do the work on their behalf. The problem is compounded as now it’s not only web-sites that need to be secured but Facebook and mobile applications too.

    In this webinar, you will learn how Fortify on Demand, HP’s cloud based application security testing service, can provide a cost effective solution to all your application security testing requirements. With Fortify on Demand you can start testing within a day, scale rapidly to test all your applications, whether they are developed in-house or produced by third-parties, and importantly support the developers to fix any vulnerabilities that we find.
  • The Insider Threat – Today’s Greatest Security Challenge Recorded: Feb 18 2014 47 mins
    In today’s ever evolving threat landscape and with the increasing requirements by the business users for access to business information from various locations and from a multitude devices, the Information Security Professional is required to understand the threats and the mitigation techniques available to them. During this presentation we will explore the attackers motivation and understand their eco-system and then we will look at how users are being leveraged to gain access to our business information. Lastly we will look at ways we can mitigate the kill chain at various stages and provide better reporting to the business stake holders.
  • How can You Secure Your Mobile Applications? Recorded: Jan 22 2014 49 mins
    The rapid adoption of mobile devices has created significant security risks and challenges for IT organizations. In a recent study by HP of 120 mobile applications for a single enterprise customer found that 66% of applications contained vulnerabilities that could have led to the disclosure of personal data or the compromise of a back-end system.

    In this webinar you will learn more about these vulnerabilities and how you can identify and remediate these risks.
  • La Sécurité de votre SI dans le contexte du Big Data Recorded: Jan 15 2014 48 mins
    Depuis de nombreuses années déjà, le système d’information est devenu un support indispensable à la stratégie et aux activités des Entreprises et des Organisations. L’essor du Big Data confirme l’évolution du SI avec l’accès à des données hétérogènes et en grand nombre. Malheureusement, l’apparition de nouvelles menaces, ainsi que la pression règlementaire démontrent le caractère indispensable de la gouvernance du SI et de la gestion opérationnelle de la sécurité et impliquent l’adoption d’une posture de sécurité dynamique.

    Face à ces enjeux,les entreprises doivent non seulement trouver les meilleurs experts et savoir les garder, mais elles doivent aussi s’organiser avec des équipes et des processus adaptés à leurs exigences et enfin, elles doivent s’appuyer sur technologies éprouvées qui leur permettent d’anticiper et de détecter les menaces.

    Dans ce contexte d’enjeux toujours plus important, les technologies de SIEM sont devenues essentielles. La technologie HP ArcSight, solution leader dans le marché du SIEM, a contribué à améliorer de manière significative la posture de sécurité de milliers de clients à travers le monde. Ces clients sont des acteurs de secteurs industriels de l’aéronautique et de la défense, l’énergie, les services, la finance, la santé, les hautes technologies, l’assurance, la distribution et les technologies de communications.
  • Addressing Advanced Threats with a Joined-Up Security Approach Recorded: Dec 5 2013 39 mins
    With the modern and emerging threat landscape, it is clear that adding more and more layers isn’t going to provide the answers that it once did. Using a joined-up approach, it is possible to start to build a true solution that helps manage the risks and threats, and to provide visibility that wasn’t previously possible. Addressing security at the network and application layers and proving a real-time view of the risks and threats as they happen, it’s now possible to start to address these new emerging threats.

    Importantly though, by using this approach, it is possible to be prepared today and tomorrow to provide pro-active identification and resolution to the threats.
  • Controlling the Uncontrollable - Application Security in 3 Simple Steps Recorded: Nov 12 2013 44 mins
    The business is demanding more apps and more channels for customer engagement. In turn you know this means more risk. The app development team is swamped just trying to keep up, and your security team is stuck in the middle, trying to secure what you already have - let alone all this new stuff. Sound familiar?

    Join us for 45 minutes where you will learn:
    - Why the developers are struggling to deliver secure applications
    - Why the business doesn't seem to 'get' application security
    - How you can start managing your application risk, today, for free
  • 2013 4th Annual Cost of Cyber Crime Study Results: Europe Recorded: Oct 30 2013 62 mins
    2013 Cost of Cyber Crime Study: UK, Germany & France

    Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for the United Kingdom and Germany. For the first time, the research was conducted in France. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 110 UK, German and French organizations participated. According to the findings, cyber attacks increased 16 percent in the UK and 21 percent in Germany. The costs associated with this increase in the UK and Germany were £904,886 and €830,169, respectively. For the first time, it was determined that the average cost of a cyber attack in France was €3.89 million. Findings from the report also show that each week UK and German organizations experienced on average 1.3 successful attacks per company. French organizations experienced an average of 1 cyber attack per company.
  • The Rising Tide of Information Sharing Recorded: Sep 11 2013 39 mins
    Evidence is mounting that current IT security models are simply no longer sufficient to support the hybrid enterprise. The extensive flow of enterprise information, well beyond the traditional purview of IT, necessitates an expansion of security scope to identify and control vulnerabilities. Lack of focus can be putting your information at risk.

    This session reviews findings from the HP Enterprise Security Services Security Assessment Report. The report utilizes data and survey responses on customer security maturity assessments.
  • Anti-Fragile: How to Strengthen your Enterprise Security with Big Data Recorded: Sep 11 2013 43 mins
    While organizations continue to battle cyber criminals, it seems that security professions are always fighting a losing war. However, a new weapon has been building up within the domain of most organizations, one that can help tip the balance in favor of the good guys. Find out how we can take the massive amounts of information we are generating and turn it to help bring valuable intelligence that can stop cyber-attacks from compromising your enterprise
  • The Enterprise Security Kill Chain Recorded: Aug 14 2013 43 mins
    The Enterprise Security Kill Chain concept describes the five steps of a security breach. This session will describe the steps that attackers use and suggestions that organisation can use to identify and mitigate these attempts and reduce risk.

    About your speaker:
    Rich Agar CISSP has been working in the IT industry since the late 1990’s. He has worked as a freelance consultant, at systems integrators and vendors with various customers across the UK and Europe. Rich holds a Master’s degree in Information Security from Royal Holloway, University of London, and is currently working as a Solutions Architect for Enterprise Security at Hewlett Packard.
  • Your Network is Full of Fish: How do You Ensure Compliance? Recorded: Jul 29 2013 33 mins
    Enterprises today have become highly extended environments with multiple users inside the network at any given time. That extended enterprise also includes multiple vendors and suppliers, but nearly half of reported breach incidents are the result of a mistake by a trusted supplier. Protecting the enterprise from both inadvertent and malicious errors requires extension of enterprise compliance requirements across the supply chain.

    In this webinar, we will cover security compliance services that enhance budgeting and spending effectiveness, expand visibility, reduce complexity, and improve compliance reporting; resulting in better cost control, faster incident reaction, reduced risk exposure, and better audit response.
  • How to proactively protect against emerging DDoS threats Recorded: Jul 11 2013 47 mins
    Distributed denial-of-service (DDoS) and web application attacks can be critical threats to your enterprise. Defending against them takes a comprehensive cloud-based managed service coupled with on-premise DDoS appliance solutions. Learn how to effectively maintain availability and defend your enterprise from denial-of-service attacks using HP’s new Distributed Denial of Service Protection Services.
  • Proactive Risk Management - A Use Case Approach Recorded: Jul 11 2013 35 mins
    In this webinar, Michi will discuss how an organization can take the requirements of their infrastructure around operational controls, compliance and security to extend and expand them into a Security Intelligence solution.

    Using a use case approach, organizations can look to extend and build upon their existing systems and controls to provide real-time warnings and feedback that allows them to make informed decisions focused around their business needs. Rather than just having a "top 10 attacker" reports and dashboards, how about a system that focuses around application lines and how this impacts business is more useful.
  • Security Lessons from Cybercriminals Recorded: Jun 12 2013 43 mins
    Cybercriminals are increasingly banding together, organizing more sophisticated attacks that are more predatory in nature. Cybercrooks’ rapid adoption of new technologies and efficacy in information sharing has trumped traditional static enterprise defenses. In order for organizations to stay protected, they must learn from their adversaries.

    What lessons can we learn from cybercriminals that can be applied to boost an organization’s overall security strategy?

    Paul Brettle, HP’s EMEA Security Specialist Manager, will examine the means and motivations driving cybercriminal behavior and how improvements such as benchmarking can persuade criminals to look elsewhere for targets while helping security professionals develop stronger defenses.
  • SAP – The blind Spot in Security Monitoring Recorded: Jun 4 2013 62 mins
    “The new information security frontier is applications, and for many this means SAP, which is the backbone of IT in many organizations but is little understood by most. While the number of security notes and patches for SAP increases exponentially, solutions still focus on authorization and entitlement management, leaving a security gap in areas such as misconfiguration, patch management and application security and abuse of trust.

    In the Webinar we will discuss AgileSI, an innovative solution which utilizes an approved SAP add-on and HP ArcSight to help protect your SAP systems.

    iT-CUBE SYSTEMS is a privately held company headquartered at Munich, Germany. The company was awarded in December 2012 with the Deloitte Technology Fast 50 Award Germany.
  • Stop Chasing Clouds: You Can Securely Adapt Recorded: May 15 2013 39 mins
    Enterprise is adapting to embrace new technologies and capture new opportunities. Cloud capabilities are attractive, but concerns for information security remain. In this webinar, Dr. Jeremy Ward will discuss how you can adapt and embrace change, while maintaining the security of your infrastructure and information. The key points discussed will include choosing a security service that helps you form better cloud security strategies that manage data risk, reduce complexity, identify vulnerabilities, and ease user access; resulting in improved security governance, enhanced visibility, increased cost control, and reduced risk exposure.
  • How Do You Respond to Risk? The Use Case Approach Recorded: Apr 17 2013 39 mins
    Synopsis:
    In this webinar we will discuss how an organization can take the requirements of their infrastructure around operational controls, compliance and security to extend and expand them into a Security Intelligence solution.

    Using a use case approach, organizations can look to extend and build upon their existing systems and controls to provide real-time warnings and feedback that allows them to make informed decisions focused around their business needs. Rather than just having a "top 10 attacker" report and dashboard, how about a system that focuses around application lines and how this impacts business?

    About the speaker:
    For the past 5 years Paul has been working for the market leading Security Information and Event Management (SIEM) solution, HP ArcSight. Spending considerable time assisting organizations across the EMEA region to define their needs, understand their threats and risks and architect SIEM solutions to address this.

    Focusing on: Risk management, threat intelligence, SIEM solutions and architecture, log management, correlation and vulnerability management.
  • Your VP Just Resigned, What Did He Take With Him? Recorded: Apr 17 2013 49 mins
    Your VP just resigned and took a position at your biggest competitor. Did you remember to examine the Salesforce logs to see if he downloaded your entire customer database and history of purchases? Do you even have access to those logs? And if you did, and found the obvious, how would it help now? Catching Bradley Manning who stole sensitive government information, Ross Klein who took with him an entire hotel brand concept and Gary Min that copied chemical formulas was too late for the US government, DuPont and Starwood hotels respectively.

    In this presentation we look into how to proactively monitor user activity to detect potential threats from employees before the damage occurs. Focusing on how to effectively collect activity logs and analyze them against user, role and entitlement information, to detect abnormal activity, predict which employees may pose more threat if not loyal and to reduce the associated risk.
Begin the journey to your secure enterprise
The days of locked down security are over. Today’s enterprise must be as fluid as the clients they serve, sharing information whenever, wherever and on whichever device they choose. This new fluidity requires a comprehensive approach to security to enable interaction while driving operational effectiveness and reducing business risk.
Getting to your secure enterprise is a journey and we have designed capabilities to help you get there.
Are you ready to begin the journey to your secure enterprise?
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Managing Information Security Risk
  • Live at: Aug 17 2012 2:00 pm
  • Presented by: Dr. Jeremy Ward, Security Services Development Lead, HP Enterprise Security
  • From:
Your email has been sent.
or close
You must be logged in to email this