Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
You may know that email is a top vector for advanced threats targeting your organisation. But did you know that attackers have evolved their techniques to bypass even your most sophisticated email security tools? Your people, data, and brand reputation are at serious risk.
Join the Proofpoint for "How to Build an Advanced Email Security Strategy." to learn about:
• The latest email fraud techniques, including business email compromise (BEC), ransomware, and sandbox-evasion threats.
•Key steps to building an email security strategy that can adapt to and stop attacks before they reach the inbox.
• How to respond to and mitigate security risks faster and more reliably at a reduced cost.
The GDPR will apply in all EU member states in May 2018, organizations and businesses that are data owners and/or dealing with data belonging to EU citizens have the responsibility to ensure their processing abides by new data protection law and processors must themselves abide by rules to maintain records of their processing activities. If organizations and businesses are involved in a data breach, they are far more liable under GDPR than they were under the Data Protection Act.
Complying with the new regulations requires operating to high standards of data security and protection. If suffering a data breach that puts the rights and freedoms of individuals at risk, organizations must notify the people affected and the data protection authority (Information Commissioner's Office (ICO) in the UK) within 72 hours of becoming aware of it. Data breaches occur every day - and the EU have just increased the financial liability and consequences of inadequate security.
Hear from Mike Fowler, author of the popular white paper: Automation as a Force Multiplier in Cyber Incident Response. Mike will provide insight into how best to leverage automation to provide incident response and reporting consistency for GDPR.
Steve Ditmore will present IncMan™ – Security Automation and Orchestration features covering:
•Installation and set-up is measured in hours rather than days or weeks without the need for expensive professional services support.
•Review steps involved in a mitigating and controlling a data breach.
•Automation of menial enrichment activities, so incident responders can determine/contain and mitigate breaches more efficiently and effectively.
•Enhanced visibility creating a layered approach to information gathering.
•Incident management including response prioritization.
•How incident and notification workflows are automatically assigned to an incident.
Every organisation has invested recently in their assurance functions – budgets in compliance have grown by 10%, InfoSec by 17%, and ERM by 22% - but significant failures and incidents continue to occur. In addition, operational management regularly complain of assurance fatigue and ExCo’s increasingly demand a holistic approach to risk management or a “single view of the truth”.
Ian Beale, executive advisor at CEB, has more than 20 years' experience in the field of audit and risk. He relishes variety and new intellectual challenges, which proves useful in his role advising companies on critical and emerging risk and audit issues. On a daily basis, Ian works with global companies to identify risk priorities and areas of focus in a world that is rapidly changing.
Today’s reality is that organisations will continue to be confronted by increasingly frequent and complex cyber threats. It’s not a matter of if your organisation will be compromised, but when.
The Threat Lifecycle Management Framework (TLM) is a series of aligned security operations capabilities. It begins with the ability to see broadly and deeply across your IT environment and ends with the ability to quickly mitigate and recover from security incidents. The result? A reduction in your mean time to detect and mean time to respond without adding staff to accomplish the job.
In this webcast, Chris Martin, LogRhythm security expert, will explain what TLM is and demonstrate how the end-to-end security workflow helps reduce your mean time to detect and respond to cyber threats.
• The definition and details of the TLM framework
• How TLM enables you to sort through the noise to highlight and investigate concerning incidents
• How TLM works to streamline processes through automated workflow
• Specific use cases TLM can address to prevent major data breaches
Register now to learn how to enhance your threat detection and response capabilities with LogRhythm and Threat Lifecycle Management (TLM).
This short video provides an overview of how to integrate the DataMotion secure email platform with Salesforce. The platform allows users and developers to easily send sensitive data in and out of Salesforce in a secure manner.
EDRM recently released the EDRM Security Audit Questionnaire, designed to help corporations and law firms evaluate the security capabilities of cloud providers and third parties offering electronic discovery or managed services. In this webinar, two of the questionnaire’s designers will provide legal, IT, and corporate professionals with practical guidelines for conducting a security audit.
Presenters will introduce the questionnaire and walk through key benchmarks, weighting, scoring, and best practices for using the questionnaire to evaluate providers. The questionnaire is an Excel-based tool for scoring/assessing the security strengths and weaknesses in any organization. Webinar attendees are encouraged to download and review the Security Audit Questionnaire, available on the EDRM website, prior to the event.
Speakers will reserve time to answer audience questions about the security audit process. Jim Waldron, director of EDRM, and George Socha, cofounder of EDRM and managing director at BDO, will moderate the session.
DevOps increases teamwork, visibility and overall software quality. Yet, integrating security can be challenging for cultural and technological reasons.
This webinar, featuring Adrian Lane of Securosis and Tim Jarrett and Jeff Cratty of Veracode, dives into what DevOps is, explain how delivering secure code lends itself to the larger goals of DevOps, and discusses the challenging process and technical requirements for integrating security into DevOps.
Learn how you can have both development velocity and security without compromising either one.
This session will focus on presenting a next generation defense in depth model and answer the question on many CISO’s minds - is it still relevant? A model of defense in depth will serve as a backdrop to introduce you to a wide range of solutions from across the cybersecurity industrial complex that just may change how you view your defense in depth approach.
One of the most critical and complex issues companies face today is providing the right leadership and level of attention to growing risks related to cyber security. While Internal Audit plays a critical role in this area, challenges in planning, execution and communication can detract from providing what the board needs. In this webinar Taylor will take you into the board room to better understand the critical role played on both sides – the Board committees such as Audit and Risk, and Internal Audit. You will walk away with new insights to help your team be more successful.
Automation systems bring a great deal of value. Having the ability to produce better, faster, and more reliable results can go a long way in improving business agility and simplifying day-to-day tasks. Firewall automation also helps tighten security posture and ensure continuous compliance with internal policies and industry regulations.
Tufin presents the recommended steps to start your journey towards firewall automation. Join us for the first webinar of the series, focusing on rule decommissioning, to learn how you can initiate an immediate and substantial impact on your organization.
La question des usages indirects SAP® est d'actualité car les sociétés commencent à subir des redressements financiers de plusieurs millions d'euros.
L'impact de la récente décision de la Haute Cour de justice britannique sur les clients SAP® pourrait bientôt suivre en France. En effet, les contrats existants ont une définition de l’usage des logiciels SAP® qui ne correspond plus à la réalité de la gestion des licences comme le conçoit SAP® actuellement.
Venez assister à notre webinar du mardi 25 avril pour voir comment vous préparer à ce type d'audit et vous assurer une exposition financière minimum à ce risque, de plus en plus élevé.
Many organisations are still unclear as to how they will meet the requirements of the EU GDPR legislation which will come into effect in May 2018. Fundamentally organisations need to start preparing for this now.
In this webinar Steve addresses some of the key questions organisations are asking such as: does the EU GDPR regulation apply to me? how should I prepare for this legislation? and what additional resources do I need?
As a follow-up to our previous webinar, this panel discussion will dive into further detail about the GDPR. Presented by compliance experts Lisa Bentall (DQM GRC) and Jason Hart (Gemalto) we will answer some of the big questions raised in the previous webinar and open up to the live audience for an interactive Q&A.
Join Stacy Cannady, Cisco Systems and Richard Nass, Embedded Computing Design/OpenSystemsMedia in a webcast Monday, April 24, 10 a.m. Pacific/ 1:00 p.m. East to talk about the hottest issue today in the IoT and embedded design: security.
With Embedded Computing Design (ECD), the Trusted Computing Group (TCG) conducted an Internet of Things (IoT) Security Survey January to February 2017 to find if and how designers were addressing these concerns.
The webcast will look at how designers perceive security, whether they’re including security in their designs, challenges to embedded and IoT security, and their awareness and use of trusted computing.
Attendees will see survey results and hear from our experts on trending security issues and potential solutions to protecting devices, networks and data.
In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format. They provide insight into the path he took to become CISOs and how they are reinventing the role in the face of accelerating industry change.
With over 13 years of front-line experience dealing with advanced threat actors from around the globe, our Mandiant team know how the bad guys think and can help you win the battle against cyber attackers.
In this webinar, Stuart Davis and David Grout will cover:
- Best practices in regards to Security as a Service
- How organisations can move from an alert-led security to an intelligence-led security
- How FireEye can provide the adequate tools, processes and expertise required to build a next generation security program
Privileged accounts can be some of the most serious threats your company can face. As more and more processes are digitalized and activities externalized, the number of accounts accessing critical and strategic information escalates, extending the cyber threat across continents. Meanwhile, companies and individuals are becoming increasingly aware that any data or server can be accessed with the right privileges; it is therefore imperative to know who accesses critical resources, as well as when and why they do so to avoid any leak. By monitoring the users holding the keys to the kingdom - the privileged users, we are able to know what exactly happened on a system at any given time and how. Whether malicious or negligent, incidents caused by internal or external threats can be avoided quickly if visibility over the IS is restored. Session monitoring and recording dissuades malicious or negligent users while offering real-time alerts, traceability, and post-mortem analysis. Discover how some of the most dramatic cyberattacks to date could have been prevented had there been a Privileged Access Management solution in place to protect and secure target systems.
Hybrid Clouds are expected to gain prominence for hosting diverse enterprise workloads due to a variety of needs. For this model of cloud deployment, there exist broader security and specific privacy concerns driven primarily by data loss, data privacy and compliance to regulatory needs. Although Hybrid Clouds offer a degree of control and security of IT infrastructure, there is a need for unified cloud security management which offers a more holistic view of risk categorisation and standard security policies. How can working with a service provider, who can offer an optimized mix of technology and controls to seamlessly manage Security and Compliance, change the game for the enterprise?
Three-quarters of IT and finance leaders fear a software audit by Microsoft. More than Oracle, IBM or SAP. In fact, 68% say they have been audited by the world’s largest software publisher in the last 12 months alone* and this looks set to increase.
But software audits don’t need to be scary if you’re armed with the right information and insight.
The key is identifying and addressing the key points of failure in a Microsoft software audit:
Join Microsoft licensing guru, Rich Gibbons from ITAM Review and compliance pros from the world’s leading SAM technology provider, Snow Software, for a 45-minute masterclass in Microsoft audit readiness.
Cyber extortion is on the rise, and the public sector is particularly vulnerable. A study conducted by a leading cybersecurity threat management firm reported that state and local government networks are twice as likely as their commercial counterparts to be infected with either ransomware or malware.
Why are ransomware perpetrators increasingly setting their sights on the public sector? First, many agencies and public institutions rely on legacy systems that are challenged to meet all of today’s cybersecurity threats. Second, the proliferation of devices and technology platforms, including smartphones, tablets and mobile apps, are giving hackers more points of entry into public sector networks. Are you prepared for such an attack?
Join Bil Harmer, Strategist, Office of the CISO, Zscaler Inc., for a compelling webcast highlighting how ransomware can impact your organization and steps you can take to secure your network and systems.
Bil will also cover:
- How ransomware has evolved
- Lessons learned from recent attacks
- Why cloud sandboxing is so important
- Tips for mitigating ransomware
For more information about Zscaler, go to www.zscaler.com
Bil Harmer leads Zscaler’s Office of the CISO for the Americas, where he advises organizations on best practices for implementing cloud-based cybersecurity solutions. A veteran of the IT industry, he has helped startups, governments, and financial institutions design and implement security programs. Bil pioneered the use of the SAS70 coupled with ISO, to create a trusted security audit methodology used by the SaaS industry. A highly sought-after speaker, Bil frequently presents on security and privacy-related topics at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance.
If you’ve conducted discovery for litigation, investigations or audits, you know that “Murphy’s Law” dictates that a number of “pitfalls” and “potholes” could occur that can derail your project. These issues can add considerable cost to your discovery effort through unexpected rework and also cause you to miss important deadlines or even incur the wrath of a judge for not following accepted rules and principles for discovery. This webcast* will discuss some of the most common “pitfalls” and “potholes” that you can encounter during the discovery life cycle and how to address them to keep your discovery project on track.
+ Avoiding the Mistake in Assuming that Discovery Begins When the Case is Filed
+ How to Proactively Address Inadvertent Privilege Productions
+ Up Front Planning to Reduce Review Costs
+ How to Avoid Getting Stuck with a Bad Production from Opposing Counsel
+ Understanding Your Data to Drive Discovery Decisions
+ Minimizing Potential ESI Spoliation Opportunities
+ Ways to Avoid Potential Data Breaches
+ How to Avoid Processing Mistakes that Can Slow You Down
+ Common Searching Mistakes and How to Avoid Them
+ Techniques to Increase Review Efficiency and Effectiveness
+ Checklist of Items to Ensure a Smooth and Accurate Production
Doug Austin: Doug is the VP of Ops and Professional Services for CloudNine. At CloudNine, Doug manages professional services consulting projects for CloudNine clients. Doug has over 25 years of experience providing consulting, technical project management and software development services to numerous commercial and government clients.
Karen DeSouza: Karen is the Director of Review Services and a Professional Services Consultant for CloudNine. Karen is a licensed attorney in Texas and has over 15 years of legal experience. She also has a Bachelor of Science in Legal Studies - American Jurisprudence.
External penetration testing, also known as ethical hacking, is an independent engagement that can help pinpoint common attack vectors and patterns hackers look for in your network. Delta Risk research has identified the attack vectors bad actors most commonly use to get initial access to a network and spread across the rest of the organization. In this 45-minute webinar, our pen testers offer recommendations on how to combat various scenarios and outline the key mistakes defenders must avoid when protecting their security operations.
WHAT YOU’LL LEARN:
• Lessons learned from our 2016 external assessments
• Common weaknesses our testers exploited such as kerberoasting and password reuse
• Methods our testers use to quickly locate high value assets
• Vendor-neutral solutions for protecting sensitive information
• Why third-party penetration testing is in demand
About the Presenters:
Paul Brandau is the Managing Consultant with Delta Risk LLC. He has more than 10 years of experience in the cyber security domain providing a unique perspective on cyber exercises, operational (red team) assessments, and training in offensive network operations. He has helped design and lead a Red Team for the United States Department of Homeland Security. Prior to Delta Risk, his duties included reverse engineering malware and threat profile creation.
Mike Warren is VP of Cyber Resiliency Services for Delta Risk LLC. He has more than 14 years of experience in the cyber security domain providing a threat perspective, operational (red team) assessments, enterprise vulnerability assessments (blue team), and training in defensive and offensive network operations. Prior to Delta Risk, he was an active duty Air Force Communications and Information Engineer Officer.
Considered the gold standard for cybersecurity, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is being utilized by the Federal Government agencies to reduce risk.
Key Learning Objectives:
•Overview of the NIST CSF
•How the NIST CSF is currently being used by the Federal Government to compliment The Federal Information Security Management Act (FISMA )
•Possible future use cases
Join this webcast for a review on best practices for the NIST CSF being utilized by Federal, State and Local Government
Stop attacks such as ransomware and get HIPAA compliant for Healthcare. Understand the top 3 attacks in Healthcare, how to stop them using simple cloud-based tools and ensure HIPAA compliance for business continuity.
The nation's first state-mandated cybersecurity regulations regarding banking and financial services companies went into effect in New York state on March 1st. However, many businesses subject to the regulations are asking, what are these rules and how will they affect my business operations.
SecureWorks invites you to join us on April 27th for a webcast designed to help you understand these new mandates and develop an approach to ensure that your organization has a mature and effective security program in place that will not only help you achieve compliance but will improve your overall information security posture.
What you will learn:
• Which entities are covered by the mandate and what type of data needs protecting.
• The five core elements needed to establish a comprehensive cybersecurity program.
• Critical questions you should be asking your security program partner.
Hunt teams are relative newcomers within the security operations domain. Many companies say they are doing “hunt” but when we dig deeper, we find the capabilities are ad hoc, with no measurable indicators of success nor formal organizational support. That means hunt teams are growing in popularity and use, but there is no “gold standard” yet for how they work. With increasing scarcity of skilled resources in cyber security and lack of efficient tools, it is challenging to build successful hunt practices inside an organization.
Join this webcast to:
•Gain a clear understanding of the current challenges of hunt and investigation procedures
•Learn how to build “hunt” capabilities that search for security breaches
•Increase speed, simplicity and effectiveness across the entire workflow of hunt and investigation with ArcSight’s new solution
Mary Writz is a seasoned professional with more than 15 years of experience in cyber security and, under her services leadership role, her team filed 9 patents and built a successful hunt practice with a focus on Big Data, machine learning and visualization. Alona Nadler is a senior product manager for ArcSight with a background in Big Data analytics platform.
How do you ensure continuous acceleration of the pace of innovation and change, while ensuring that your workforce is enabled to achieve your ROI?
With SAP Learning hub you can:
•Reduce overall training costs & improve speed to ROI
•Get unlimited access to all learning content from SAP, including certification preparation titles. Thousands of learning maps, handbooks and e-learning titles available.
•Make learning content available globally, 24x7
•Provide social learning platforms led by subject-matter experts who enhance learning by answering questions and providing commentary
•Track learning progress
Join us live on Friday, April 28th, 11:00am, for a 30-minute FREE webinar & demo to discover how SAP Learning Hub helps you achieve your ROI and significantly decreases your training costs. SAP Education offers webinar participants a one-off 5% discount on an SAP Learning Hub professional edition subscription. Closing date for license orders is May 28 2017.
You’ve decided to move to the cloud. It’s faster, more scalable, and more agile. Security is a priority, but you don’t want it to slow you down. The foundational infrastructure delivered by cloud providers is secure, but protecting the applications, workloads, and data you run on top of it is your responsibility—and it’s a big one.
Watch ‘Is Your Security Keeping Pace with Your Cloud Initiatives?’, for a lively discussion on how to evolve your security strategy to account for innovation at cloud speeds. Our panel of experts will discuss:
- Why conventional security approaches falter in highly dynamic and elastic environments
- Key steps to eliminate choke points, keep pace with elastic workloads, and how to deploy security controls in minutes
- How to keep your internal and external customer’s applications and workloads secure while meeting compliance requirements
- Why a Security-as-a-Service can help you strike the optimum balance between risk, cost and cloud speed.
Join Jonathan Glass, Cloud Security Architect, Turner Broadcasting System, Chris Geiser, CTO of the Garrigan Lyman Group, and Allison Armstrong, VP of Technology and Product Marketing at Alert Logic, for a discussion on ‘Is Your Security Keeping Pace with Your Cloud Initiatives?’, and learn how it can. Register now!
Today’s endpoint security products do what they were designed to do, but they still leave gaps in protection. Comprehensive endpoint protection requires prevention, AV, endpoint detection and response (EDR) and other capabilities. Even when organizations adopt multiple point products, there are still gaps in their endpoint protection.
Some companies tout “next-generation endpoint security,” but what does that mean? Jim Waggoner, Sr. Director of Endpoint Product Management at FireEye will tell you how to make sure your next-generation endpoint security solution is delivering a comprehensive. In this webinar, you will:
> Learn about the current endpoint security landscape and the challenges it poses
> Find out what makes EDR capabilities valuable
> Understand why threat intelligence is important and how it affects endpoint threat detection and prevention
> Discover why a single endpoint agent should include (1) Multiple detection and prevention engines, (2) Integrated workflows from detection to investigation to remediation, and (3) Scalable, multiple form factors and breadth of OS support