Hi [[ session.user.profile.firstName ]]

IT Governance, Risk and Compliance

  • CISO Says: Interview with Darron Gibbard, CTSO, Qualys
    CISO Says: Interview with Darron Gibbard, CTSO, Qualys Darron Gibbard, CTSO, Qualys, Adrian Davis, Managing Director (ISC)² EMEA Apr 27 2017 11:00 am UTC 60 mins
    In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format. They provide insight into the path he took to become CISOs and how they are reinventing the role in the face of accelerating industry change.
  • From Incident Response to a Continuous Monitoring & Active Threat Hunting
    From Incident Response to a Continuous Monitoring & Active Threat Hunting Stuart Davis, Director, Mandiant & David Grout, Systems Engineering Director, FireEye Apr 27 2017 11:30 am UTC 45 mins
    With over 13 years of front-line experience dealing with advanced threat actors from around the globe, our Mandiant team know how the bad guys think and can help you win the battle against cyber attackers.


    In this webinar, Stuart Davis and David Grout will cover:
    - Best practices in regards to Security as a Service
    - How organisations can move from an alert-led security to an intelligence-led security
    - How FireEye can provide the adequate tools, processes and expertise required to build a next generation security program
  • Privileged accounts: the most powerful backdoor used by hackers
    Privileged accounts: the most powerful backdoor used by hackers Grant Burst and Chad Carter Apr 27 2017 2:00 pm UTC 60 mins
    Privileged accounts can be some of the most serious threats your company can face. As more and more processes are digitalized and activities externalized, the number of accounts accessing critical and strategic information escalates, extending the cyber threat across continents. Meanwhile, companies and individuals are becoming increasingly aware that any data or server can be accessed with the right privileges; it is therefore imperative to know who accesses critical resources, as well as when and why they do so to avoid any leak. By monitoring the users holding the keys to the kingdom - the privileged users, we are able to know what exactly happened on a system at any given time and how. Whether malicious or negligent, incidents caused by internal or external threats can be avoided quickly if visibility over the IS is restored. Session monitoring and recording dissuades malicious or negligent users while offering real-time alerts, traceability, and post-mortem analysis. Discover how some of the most dramatic cyberattacks to date could have been prevented had there been a Privileged Access Management solution in place to protect and secure target systems.
  • How secure is your Hybrid Cloud roadmap? (US/EU focus)
    How secure is your Hybrid Cloud roadmap? (US/EU focus) Aaron Sherrill (451 Research) and Avinash Prasad (Tata Communications) Apr 27 2017 2:00 pm UTC 60 mins
    Hybrid Clouds are expected to gain prominence for hosting diverse enterprise workloads due to a variety of needs. For this model of cloud deployment, there exist broader security and specific privacy concerns driven primarily by data loss, data privacy and compliance to regulatory needs. Although Hybrid Clouds offer a degree of control and security of IT infrastructure, there is a need for unified cloud security management which offers a more holistic view of risk categorisation and standard security policies. How can working with a service provider, who can offer an optimized mix of technology and controls to seamlessly manage Security and Compliance, change the game for the enterprise?
  • Microsoft Audit Success: The five key failures to avoid
    Microsoft Audit Success: The five key failures to avoid Michael Krutikov, Rich Gibbons (ITAM) Apr 27 2017 3:00 pm UTC 45 mins
    Three-quarters of IT and finance leaders fear a software audit by Microsoft. More than Oracle, IBM or SAP. In fact, 68% say they have been audited by the world’s largest software publisher in the last 12 months alone* and this looks set to increase.

    But software audits don’t need to be scary if you’re armed with the right information and insight.

    The key is identifying and addressing the key points of failure in a Microsoft software audit:

    •SQL connections
    •SQL virtualization
    •Managing Office editions
    •Self-Provisioning of Office 365
    •Azure sprawl

    Join Microsoft licensing guru, Rich Gibbons from ITAM Review and compliance pros from the world’s leading SAM technology provider, Snow Software, for a 45-minute masterclass in Microsoft audit readiness.


    * Snow Software research, December 2016
  • RANSOMWARE: Your Money or Your Data Protecting the Public Sector from Ransomware
    RANSOMWARE: Your Money or Your Data Protecting the Public Sector from Ransomware Bil Harmer, Strategist, Office of the CISO, Zscaler Apr 27 2017 5:00 pm UTC 60 mins
    Cyber extortion is on the rise, and the public sector is particularly vulnerable. A study conducted by a leading cybersecurity threat management firm reported that state and local government networks are twice as likely as their commercial counterparts to be infected with either ransomware or malware.
    Why are ransomware perpetrators increasingly setting their sights on the public sector? First, many agencies and public institutions rely on legacy systems that are challenged to meet all of today’s cybersecurity threats. Second, the proliferation of devices and technology platforms, including smartphones, tablets and mobile apps, are giving hackers more points of entry into public sector networks. Are you prepared for such an attack?

    Join Bil Harmer, Strategist, Office of the CISO, Zscaler Inc., for a compelling webcast highlighting how ransomware can impact your organization and steps you can take to secure your network and systems.

    Bil will also cover:

    - How ransomware has evolved
    - Lessons learned from recent attacks
    - Why cloud sandboxing is so important
    - Tips for mitigating ransomware

    For more information about Zscaler, go to www.zscaler.com

    Bil Harmer leads Zscaler’s Office of the CISO for the Americas, where he advises organizations on best practices for implementing cloud-based cybersecurity solutions. A veteran of the IT industry, he has helped startups, governments, and financial institutions design and implement security programs. Bil pioneered the use of the SAS70 coupled with ISO, to create a trusted security audit methodology used by the SaaS industry. A highly sought-after speaker, Bil frequently presents on security and privacy-related topics at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance.
  • Pitfalls and Potholes to Avoid in Your eDiscovery Projects
    Pitfalls and Potholes to Avoid in Your eDiscovery Projects Doug Austin and Karen DeSouza, Esq. Apr 27 2017 5:00 pm UTC 75 mins
    If you’ve conducted discovery for litigation, investigations or audits, you know that “Murphy’s Law” dictates that a number of “pitfalls” and “potholes” could occur that can derail your project. These issues can add considerable cost to your discovery effort through unexpected rework and also cause you to miss important deadlines or even incur the wrath of a judge for not following accepted rules and principles for discovery. This webcast* will discuss some of the most common “pitfalls” and “potholes” that you can encounter during the discovery life cycle and how to address them to keep your discovery project on track.

    Webcast Highlights

    + Avoiding the Mistake in Assuming that Discovery Begins When the Case is Filed
    + How to Proactively Address Inadvertent Privilege Productions
    + Up Front Planning to Reduce Review Costs
    + How to Avoid Getting Stuck with a Bad Production from Opposing Counsel
    + Understanding Your Data to Drive Discovery Decisions
    + Minimizing Potential ESI Spoliation Opportunities
    + Ways to Avoid Potential Data Breaches
    + How to Avoid Processing Mistakes that Can Slow You Down
    + Common Searching Mistakes and How to Avoid Them
    + Techniques to Increase Review Efficiency and Effectiveness
    + Checklist of Items to Ensure a Smooth and Accurate Production

    Presenters Include:

    
Doug Austin: Doug is the VP of Ops and Professional Services for CloudNine. At CloudNine, Doug manages professional services consulting projects for CloudNine clients. Doug has over 25 years of experience providing consulting, technical project management and software development services to numerous commercial and government clients.

    
Karen DeSouza: Karen is the Director of Review Services and a Professional Services Consultant for CloudNine. Karen is a licensed attorney in Texas and has over 15 years of legal experience. She also has a Bachelor of Science in Legal Studies - American Jurisprudence.

    * Submitted for MCLE in Texas and Florida
  • Hacker Secrets Revealed: 5 Security Mistakes to Avoid
    Hacker Secrets Revealed: 5 Security Mistakes to Avoid Paul Brandau & Mike Warren, Delta Risk Apr 27 2017 5:00 pm UTC 60 mins
    External penetration testing, also known as ethical hacking, is an independent engagement that can help pinpoint common attack vectors and patterns hackers look for in your network. Delta Risk research has identified the attack vectors bad actors most commonly use to get initial access to a network and spread across the rest of the organization. In this 45-minute webinar, our pen testers offer recommendations on how to combat various scenarios and outline the key mistakes defenders must avoid when protecting their security operations.

    WHAT YOU’LL LEARN:
    • Lessons learned from our 2016 external assessments
    • Common weaknesses our testers exploited such as kerberoasting and password reuse
    • Methods our testers use to quickly locate high value assets
    • Vendor-neutral solutions for protecting sensitive information
    • Why third-party penetration testing is in demand

    About the Presenters:
    Paul Brandau is the Managing Consultant with Delta Risk LLC. He has more than 10 years of experience in the cyber security domain providing a unique perspective on cyber exercises, operational (red team) assessments, and training in offensive network operations. He has helped design and lead a Red Team for the United States Department of Homeland Security. Prior to Delta Risk, his duties included reverse engineering malware and threat profile creation.

    Mike Warren is VP of Cyber Resiliency Services for Delta Risk LLC. He has more than 14 years of experience in the cyber security domain providing a threat perspective, operational (red team) assessments, enterprise vulnerability assessments (blue team), and training in defensive and offensive network operations. Prior to Delta Risk, he was an active duty Air Force Communications and Information Engineer Officer.
  • The NIST Cybersecurity Framework (CSF): A Federal Use Case
    The NIST Cybersecurity Framework (CSF): A Federal Use Case Ken Durbin, CISSP Strategist: CRM & Threat Intel, Symantec Apr 27 2017 5:00 pm UTC 60 mins
    Considered the gold standard for cybersecurity, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is being utilized by the Federal Government agencies to reduce risk.

    Key Learning Objectives:

    •Overview of the NIST CSF

    •How the NIST CSF is currently being used by the Federal Government to compliment The Federal Information Security Management Act (FISMA )

    •Possible future use cases

    Join this webcast for a review on best practices for the NIST CSF being utilized by Federal, State and Local Government
  • Stop attacks such as ransomware and get HIPAA compliant for Healthcare
    Stop attacks such as ransomware and get HIPAA compliant for Healthcare Sridhar Karnam, Director of Product Marketing at Arctic Wolf Networks Apr 27 2017 6:00 pm UTC 45 mins
    Stop attacks such as ransomware and get HIPAA compliant for Healthcare. Understand the top 3 attacks in Healthcare, how to stop them using simple cloud-based tools and ensure HIPAA compliance for business continuity.
  • New York’s New Cybersecurity Regulations: Explained!
    New York’s New Cybersecurity Regulations: Explained! Mihir Mistry, Senior Security Manager Apr 27 2017 6:00 pm UTC 60 mins
    The nation's first state-mandated cybersecurity regulations regarding banking and financial services companies went into effect in New York state on March 1st. However, many businesses subject to the regulations are asking, what are these rules and how will they affect my business operations.

    SecureWorks invites you to join us on April 27th for a webcast designed to help you understand these new mandates and develop an approach to ensure that your organization has a mature and effective security program in place that will not only help you achieve compliance but will improve your overall information security posture.

    What you will learn:
    • Which entities are covered by the mandate and what type of data needs protecting.
    • The five core elements needed to establish a comprehensive cybersecurity program.
    • Critical questions you should be asking your security program partner.
  • 6 Lessons for Cyber Threat Hunters
    6 Lessons for Cyber Threat Hunters Mary Karnes Writz and Alona Nadler, HPE Apr 27 2017 6:00 pm UTC 60 mins
    Hunt teams are relative newcomers within the security operations domain. Many companies say they are doing “hunt” but when we dig deeper, we find the capabilities are ad hoc, with no measurable indicators of success nor formal organizational support. That means hunt teams are growing in popularity and use, but there is no “gold standard” yet for how they work. With increasing scarcity of skilled resources in cyber security and lack of efficient tools, it is challenging to build successful hunt practices inside an organization.

    Join this webcast to:
    •Gain a clear understanding of the current challenges of hunt and investigation procedures
    •Learn how to build “hunt” capabilities that search for security breaches
    •Increase speed, simplicity and effectiveness across the entire workflow of hunt and investigation with ArcSight’s new solution

    Mary Writz is a seasoned professional with more than 15 years of experience in cyber security and, under her services leadership role, her team filed 9 patents and built a successful hunt practice with a focus on Big Data, machine learning and visualization. Alona Nadler is a senior product manager for ArcSight with a background in Big Data analytics platform.
  • Keep your SAP skills up-to-date and build new knowledge- anytime, anywhere
    Keep your SAP skills up-to-date and build new knowledge- anytime, anywhere Julian Hayes, Education Account Executive at SAP Apr 28 2017 10:00 am UTC 30 mins
    How do you ensure continuous acceleration of the pace of innovation and change, while ensuring that your workforce is enabled to achieve your ROI?
    With SAP Learning hub you can:
    •Reduce overall training costs & improve speed to ROI
    •Get unlimited access to all learning content from SAP, including certification preparation titles. Thousands of learning maps, handbooks and e-learning titles available.
    •Make learning content available globally, 24x7
    •Provide social learning platforms led by subject-matter experts who enhance learning by answering questions and providing commentary
    •Track learning progress

    Join us live on Friday, April 28th, 11:00am, for a 30-minute FREE webinar & demo to discover how SAP Learning Hub helps you achieve your ROI and significantly decreases your training costs. SAP Education offers webinar participants a one-off 5% discount on an SAP Learning Hub professional edition subscription. Closing date for license orders is May 28 2017.
  • Maximize Scale & Agility: Leveraging Public Cloud Best Practices & Optimization
    Maximize Scale & Agility: Leveraging Public Cloud Best Practices & Optimization Aaron Newman, CloudCheckr CEO/Co-founder Apr 28 2017 5:00 pm UTC 60 mins
    Building your workloads on AWS unleashes speed and agility. To keep your foot on the pedal and stay aggressive, you need to infuse governance and best practices into your patterns.

    Join CloudCheckr Co-Founder/CEO Aaron Newman in this webcast as he walks you through best practices and strategies for successfully scaling out your AWS environment. In this webinar, learn how to

    - Stay lean and maximize spend

    - Ensure proper controls are in place

    - Apply cost optimization strategies

    - Manage right sizing services and administrative privileges
  • [Video Interview] Tarah Wheeler on the Ethics of Hacking Back and AI in Security
    [Video Interview] Tarah Wheeler on the Ethics of Hacking Back and AI in Security Josh Downs, BrightTALK & Tarah Wheeler, Principal Security Advocate, Symantec May 2 2017 1:00 pm UTC 30 mins
    - BrightTALK at CRESTCON & IISP Congress -

    BrightTALK caught up with Symantec's Tarah Wheeler for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

    Topics up for discussion:

    - The ethics of 'hacking back'

    - AI & Machine learning and the influence it'll have on security

    - Cyber security in the financial sector

    - Cyber warfare and the new tactics coming through

    - Vulnerabilities in the IoT and what we can do about them

    Enjoy!
  • Is Your Security Keeping Pace with Your Cloud Initiatives?
    Is Your Security Keeping Pace with Your Cloud Initiatives? Jonathan Glass, Turner Broadcasting System, Chris Geiser, Garrigan Lyman Group, and Allison Armstrong, Alert Logic May 2 2017 3:00 pm UTC 60 mins
    You’ve decided to move to the cloud. It’s faster, more scalable, and more agile. Security is a priority, but you don’t want it to slow you down. The foundational infrastructure delivered by cloud providers is secure, but protecting the applications, workloads, and data you run on top of it is your responsibility—and it’s a big one.

    Watch ‘Is Your Security Keeping Pace with Your Cloud Initiatives?’, for a lively discussion on how to evolve your security strategy to account for innovation at cloud speeds. Our panel of experts will discuss:

    - Why conventional security approaches falter in highly dynamic and elastic environments
    - Key steps to eliminate choke points, keep pace with elastic workloads, and how to deploy security controls in minutes
    - How to keep your internal and external customer’s applications and workloads secure while meeting compliance requirements
    - Why a Security-as-a-Service can help you strike the optimum balance between risk, cost and cloud speed.

    Join Jonathan Glass, Cloud Security Architect, Turner Broadcasting System, Chris Geiser, CTO of the Garrigan Lyman Group, and Allison Armstrong, VP of Technology and Product Marketing at Alert Logic, for a discussion on ‘Is Your Security Keeping Pace with Your Cloud Initiatives?’, and learn how it can. Register now!
  • Smarter Endpoint Security: How to Go Beyond Prevention
    Smarter Endpoint Security: How to Go Beyond Prevention Jim Waggoner, Sr. Director, Endpoint Product Management May 2 2017 3:00 pm UTC 60 mins
    Today’s endpoint security products do what they were designed to do, but they still leave gaps in protection. Comprehensive endpoint protection requires prevention, AV, endpoint detection and response (EDR) and other capabilities. Even when organizations adopt multiple point products, there are still gaps in their endpoint protection.

    Some companies tout “next-generation endpoint security,” but what does that mean? Jim Waggoner, Sr. Director of Endpoint Product Management at FireEye will tell you how to make sure your next-generation endpoint security solution is delivering a comprehensive. In this webinar, you will:

    > Learn about the current endpoint security landscape and the challenges it poses
    > Find out what makes EDR capabilities valuable
    > Understand why threat intelligence is important and how it affects endpoint threat detection and prevention
    > Discover why a single endpoint agent should include (1) Multiple detection and prevention engines, (2) Integrated workflows from detection to investigation to remediation, and (3) Scalable, multiple form factors and breadth of OS support