Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
- InnoSec is the winner of the EU commission Horizon 2020 grant based on its innovation in GDPR and cyber risk -
GDPR is an urgent issue that has companies scrambling to be compliant by May of 2018. Any organization that processes EU citizen data is in scope and the penalties are severe.
Alignment with the requirements can reduce the chances of triggering a Data Protection Authority (DPA) to investigate a company’s privacy practices after the GDPR takes effect in May 2018. DPAs can impose a fine on companies of up to 4% of annual global revenues for egregious violations of the GDPR. Member states can also add to these fines. The Netherlands, for instance, has more than doubled its own fining capacity to 10% of annual revenues. European privacy advocates are pressuring DPAs to fully exercise these new powers after May 2018.To manage this risk, multinationals should have a means to demonstrate alignment with the GDPR requirements and communication of this program with DPAs that have jurisdiction over their major European operations.
InnoSec’s GDPR solution provides privacy impact and risk assessments which measure the confidentiality and integrity of the system and the risk associated to it meeting articles 1,2, 5, 32, 35 and 36. Additionally, we provide a readiness gap analysis for managing, planning and budgeting for GDPR.
Most e-commerce, educational and multi-national organizations process EU citizen data and are in scope for GDPR. Moreover, most organizations are not ready according to Gartner and his means the race to the finish line requires as much automation as you can afford. InnoSec provides a means for companies to save money and time with their GDPR assessment and gap analysis offering.. Our GDPR offering automates the assessment process and provides a gap analysis readiness feature, that also ensures that organizations can plan, budget and manage their GDPR program.
Nicola Franchetto will discuss in a practical and business oriented way, the new provisions of the GDPR and how the PLA Code of Conduct supports compliance with the forthcoming EU Data Protection Legislation. More precisely, Franchetto will highlight the true privacy compliance “game changers” introduced by the GDPR and offer the audience practical inputs on how to set up a sound and effective corporate Data Protection Compliance Programme, which will also include having a PLA in place with Cloud Service Providers.
Would you leave sensitive data out in the open making yourself a target to thieves looking for a victim? That is exactly what your business is doing if it fails to identify vulnerabilities in their business applications. Cyber attackers are looking at your business applications for security vulnerabilities so they can get access and wreak havoc. It’s time to find and fix security vulnerabilities before the hackers do. Wondering where to start and what to do? This webinar will help you build a comprehensive plan to minimize threats and protect your company. Join this webinar to hear application security experts: Discuss methods for scanning & evaluating potential security vulnerabilities in out-of-the box and home grown business applications Teach methods for quickly detecting and eradicating software flaws Make recommendations for how to choose and implement vulnerability scanning tools Explain how to reduce security vulnerabilities during internal application development Examine the widespread use of open-source code and how it may expose your business to security threats
9 months until the GDPR deadline - are you completely up-to-speed?
Our panel of data protection experts will be discussing the compliance considerations that you need to be assessing for May 2018 along with suggesting next steps from a cyber and general security standpoint.
We'll also be asking YOU at what stage you're at in terms of your preparations via a series of interactive benchmarks as we go through the session to get a sense of where the security community is at in terms of preparations.
GDPR and its May 2018 deadline are now fully the minds of the vast majority of security professionals and with massive fines on the horizon for non-compliance, now is a better time than ever to get to grips with the legislation and ensure that your organisation is secure and compliant.
It’s vital that your business has carried out the relevant preparations for compliance by then to make sure you don’t get whacked with a huge fine of up to £15m or 4% of your organisation’s global annual turnover.
Not only are there potentially huge financial repercussions, but leaving your business open to attack and your customers at risk can cause serious reputational damage.
The European Union (EU) General Data Protection Regulation (GDPR) is designed to ensure the data privacy and protection of all EU citizens. It applies to any organisation – regardless of geographical location – that collects or processes personal data on EU residents, and institutes high penalties for non-compliance.
Join this interactive session to learn how you can improve your security to meet GDPR compliance by increasing your network traffic visibility. With the ability to monitor and send the right traffic to the right tools at the right time, the GigaSECURE® Security Delivery Platform can form the backbone of any GDPR compliance project.
In this presentation, you will learn how to bring pervasive visibility into network traffic that is needed to:
- Eliminate monitoring blind spots
- Vastly improve the accuracy and precision of data risk detection
- Help organisations meet the GDPR challenge
About the Presenter
Adrian is the Technical Director EMEA for Gigamon. He has had a keen interest in network security ever since, whilst working for Lucent Technologies, they introduced the Lucent Managed Firewall. Adrian also worked for leading web security firm CacheFlow, before joining NetScreen and, post-acquisition remaining with Juniper Networks where he held a number of senior sales engineering roles. Adrian joined Gigamon in 2016.
The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy. Acknowledging identity threats like phishing and man-in-the-middle attacks, the GDPR applies to all companies processing and holding the personal data of those residing in the European Union, regardless of the company’s location.
An excerpt from the GDPR describes authentication as ‘key to securing computer systems’ and as the first step ‘in using a remote service or facility, and performing access control’. The document also outlines various GDPR-compliant authentication solutions, such as smart card, OTP push apps, and FIDO Universal 2nd Factor (U2F).
Yubico’s enterprise solution - the YubiKey - combines support for OpenPGP (an open standard for signing and encryption), FIDO U2F (a protocol that works with an unlimited number of applications), and smart card / PIV (a standard that enables RSA or ECC sign/encrypt operations using a private key stored on the device) all in one multi-protocol authentication device. This makes it a strong and flexible solution for companies required to comply with GDPR. Attend this webcast and learn:
•How GDPR will impact the way organizations worldwide store and access the personal information of EU citizens
•How to leverage open standards to achieve GDPR compliance for strong authentication
•How a multi-protocol authentication device protects organizations from phishing and man-in-the-middle attacks
With the advent of Big Data comes not only new ways to optimise business and marketing processes, but also new concerns over the control and privacy of personal data.
These have given rise to local and regional data protection laws and regulations such as the General Data Protection Regulation (GDPR), a modernisation of data protection laws in the European Union, and the Australian data breach notification law, an amendment to the Privacy Act 1988 (Cth) which introduces a mandatory scheme for eligible organisations and federal agencies to report data breaches.
Data breach notifications give individuals greater control over their personal data and promote transparency over information handling practices, fostering consumer trust in businesses. The law requires businesses to prepare and assess risks to maintain brand confidence even if an incident becomes the next data breach headline.
Join this webinar to learn about:
- New challenges introduced by the Australian mandatory data breach notification law
- Key steps in the journey towards data privacy compliance
- How to monitor insider threats
- How to leverage these regulations to gain trust and ensure great customer experiences
We look forward to your participation in this free webinar.
Join the journey towards being data-focused and customer-centric using Big Data and Data Warehouse technologies.
In this webcast, you will understand what it means to take the journey from a data-focused approach and get faster insight without infrastructure concerns.
Learn how to:
- Use Azure public cloud for big data
- Setup a SQL DW, a Hadoop cluster and ask questions against large data sets
- Utilize Microsoft's best in class big data and analytics solutions and how it can power your journey into adopting, analyzing and utilizing big data
With the increasing demand for BYOD in the workplace, many organizations are adopting Mobile Device Management (MDM) solutions. However MDM is seen by many as cumbersome and invasive and has struggled to see meaningful adoption among employees. Fortunately, Cloud Access Security Brokers (CASBs), like Bitglass, offer an easy-to-use alternative for securing corporate data stored in public cloud applications on both managed and unmanaged devices.
Join this interactive webinar session to learn:
- The challenges companies face while deploying MDM
- Alternative solutions used to secure employee-owned devices without agents
As a valued Tufin customer we invite you to learn how to begin the journey towards automation. We will discuss the challenges of automation and how you can take the first step towards automating firewall administration tasks.
In this webinar, you will learn how to gain immediate productivity benefits from the first phase of firewall change automation, such as;
•Discover and decommission unused and forgotten rules with a streamlined, automated process
•Understand the implications of server decommission and automate the process
•Realize the benefits of automating changes to object groups
Register now to save time and resources, reduce your workload, and quickly tighten your security posture with practical firewall automation.
This webinar will focus on the cultural shift from tightly controlled business networks of yesterday to the converged fabric adopted by businesses today. BYOD is becoming a normality for most organisations and it doesn't have to be a heavy burden for security teams with the right policies, people and technology in place. We'll dive into some of the options available for these challenges in this webinar and how having the right BYOD strategy can play an integral role in an organisation's preparation for EU GDPR compliance.
- The security options available today to enable an efficient and safe BYOD strategy
- How implementing a strong BYOD strategy can help compliance
- How you can reduce the risk of suffering a damaging cyber-breach
In this talk, we will give a short introduction into hybrid app development, present specific attacks and discuss how Android developers are using Apache Cordova. In the second half of the talk, we will focus on the secure development of hybrid apps: both with hands-on guidelines for defensive programming as well as recommendations for hybrid app specific security testing strategies.
Dr. Achim D. Brucker (https://www.brucker.ch) leads the Software Assurance & Security Research Team (https://logicalhacking.com) at the University of Sheffield, UK. Until December 2015, he was a Security Testing Strategist in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP. He is a frequent speaker at security conferences.
The first half of 2017 was the tipping point for cyber threats in Northern Europe. Organizations had to defend themselves against two cyber attacks involving rapid spreading malware. The latest incident severely disrupted global enterprises, causing significant downtime and impacting their revenue.
Such high-profile, large-scale attacks show us that no organisation is safe from the reach of cyber-criminality. Post-GDPR, responding to these attacks will become all the more critical as breaches will have to be reported to the relevant regulatory body. By understanding your current security posture - internal processes and technology – combined with the external threat landscape – organisations can prepare themselves should a breach occur.
In this webinar, you will learn how to assess your risk profile, evaluate your operational strengths and weaknesses as well as your tactical approach to responding to co-ordinated, targeted attacks.
You’re preparing for GDPR. You’re auditing your information. You’re reviewing your security systems. But is this enough? Join us at Part Two of this BrightTALK webinar series where Symantec experts and a guest speaker from Forrester discuss how to ensure your security strategy is primed for GDPR.
You’ll learn the proven milestones to bring together the people, policies and processes that will make your GDPR preparations more successful – and how other businesses have done so.
Other topics will include:
•Identifying gaps in your strategy
•How to prioritise remediation and investments
•How to protect user identities and authentication so that they can’t be used to break into your personal and sensitive information.
Os dados do último Relatório Global de Fraude & Risco da Kroll demonstram que as empresas brasileiras ainda apresentam deficiências na detecção de fraudes, o que contribui para que boa parte delas passe despercebida.
Junte-se aos especialistas da Kroll para uma discussão sobre as maneiras mais eficientes de estruturar uma investigação interna, com exemplos reais do trabalho desenvolvido pela principal consultoria global de gestão de riscos corporativos e investigações.
Part 4 of 7: NIST Cybersecurity Framework for Healthcare Webinar Series
Put on your detective hats with the DETECT function of the NIST CSF. Too often healthcare organizations are breached without ever knowing it.
In this webinar, we’ll look at how the NIST CSF helps healthcare organizations set up technologies and policies to make sure they know, in a timely manner, when they’ve been breached, how they were breached and, most importantly, what they can do to mitigate this risk in the future.
We will take a deeper dive into the core components of the DETECT function, including the categories of anomaly/event detection, continuous monitoring and effective detection processes.
It can be difficult to learn that your organization has been breached, but that knowledge is crucial to improving overall cybersecurity operations.
To view upcoming NIST Cybersecurity Framework for Healthcare Webinar Series Part 5-7 https://resource.elq.symantec.com/LP=4235
Big things are happening in software. Agile Software Development and DevOps are delivering innovations at a rate never seen before. Prompting many to ask 'Is this the end of ITIL?'.
There is a perception that DevOps and ITIL cannot play well together. That an you must choose one over the other or risk catastrophic failure. This is simply not true.
Many do not realize that DevOps relieson core concepts and processes of ITIL to be successful. Ignoring this relationship means missing out on service improvements that may be introduced and developed by integrating key areas of the ITIL framework and the collective body of knowlege that is DevOps.
In this webinar we will take a close look at the simple things organizations can do to get most out of a balanced blend of traditional and modern IT practices.
Learn how the EU General Data Protection Regulations affect US based companies.
Join CyberDefenses and Privacy Ref's Bob Siegel to review how the GDPR directly impacts US based corporations. These far-reaching regulations impact any company that stores or transmits identifying information of any individual within the EU.
In this webinar, you will be introduced to the basic elements of the GDPR and you will discuss the requirements that require action for US focused companies.
About Bob Siegel:
President and founder of Privacy Ref, Inc., Bob Siegel, started the company in 2012. After his time as Senior Manager of Worldwide Privacy and Compliance at Staples, Inc., Bob applied his experience and expertise to assisting companies implement and maintain strong privacy programs. Bob has worked with many different organizations, dealing with programs of all sizes and regulatory needs.
Always seeking to improve his own understanding of all things privacy, Bob has earned certifications from the International Association of Privacy Professionals. These include certifications in US private and public sector, European, and Canadian privacy laws. Bob has also earned certifications in Information Technology Privacy and Privacy Program Management. Bob Siegel has also been recognized as a Fellow of Information Privacy by the IAPP for his outstanding dedication to the privacy community. He has also served on the IAPP's Certification Advisory Board for the CIPM program and the IAPP's Publication Advisory Board. Bob also serves on the IAPP’s teaching faculty leading classes in the areas in which he is certified.
CyberDefenses is a premiere cyber security services organization, providing advanced security services to the commercial and federal sectors. CyberDefenses Academy provides advanced training the IT, security and privacy professionals that wish to be at the top of their field.
The General Data Protection Regulation (GDPR) clock is ticking and the time to act is now. Organizations around the world are developing their GDPR plans. Non-compliance has significant costs…up to 4% of an organization’s annual revenue.
Join us to learn:
- What is GDPR
- Deep dive into relevant data security articles of the GDPR
- Review how different technology can address some of the GDPR data security requirements
The General Data Protection Regulation (GDPR) goes into effect in May 2018. It’s predicted that over 50% of companies affected will not be in full compliance in time. With fines as much as 4% annual revenue, cybersecurity experts, executives and boards are paying attention.
What are the main obligations under the GDPR which will apply to your organization?
How can you identify the gaps that exist between your existing programs and GDPR requirements?
What changes are needed and which technologies can help to achieve compliance?
What is a pragmatic timetable, in what order of priority, and at what cost?
Join ESG Sr. Principal Analyst, Jon Oltsik, Symantec Director, Global Product Marketing and GTM Strategy, Salah Nassar, and Steven Grossman, Bay Dynamics’ Vice President of Strategy as we discuss how to:
- Identify what data matters for GDPR compliance
- Implement a framework for change
- Leverage DLP and behavioral analytics for data governance
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.
Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?
Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
Are you an (ISC)² member with questions about your certification and member benefits, or want to keep in touch with (ISC)² news in EMEA? Are you thinking about joining, and curious to hear more about what membership means and how (ISC)² can help you?
Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session
Creating a seamless connected environment that supports smart community citizen services, streamlines operations, supports economic development is already a challenge for community officials. There are many different needs and directions to begin the conversion to an “intelligent” environment. Communities are also planning and building not just for current needs, but also for future connectivity infrastructure that will be used by autonomous vehicles, smart buildings, connected homes, AR/VR, eRetail, eHealthcare, smartgrid and more.
This webcast will discuss such questions as:
> What issues are city officials prioritizing for resolution through smart community applications?
> How are communities planning for and deploying small cell infrastructure?
> Which departments are involved in communications infrastructure?
> How can suppliers navigate the multiple departments involved in decision making?
> What business models are cities negotiating with their technology product partners?
> What are some of the lessons learned from cities that you can translate into your own business offering?
Jascha Franklin-Hodge, CIO, Boston, MA
Kate Garman,Smart City Coordinator, Seattle, WA
Peter Marx, currently in the position of VP, GE Digital and former CTO, City of Los Angeles
The General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive will both be enforced as of May 2018. You may think you’re ready for these laws, but covered companies may need to improve the security of personal data they hold, and of their networks and information systems. Data breaches and security incidents will have to be reported. As they prepare for the GDPR and NIS, it is imperative that organisations understand their cybersecurity risks and invest appropriately.
Information security has not kept pace with the new reality of a software-driven world. Traditional defenses are proving inadequate in this environment. We’ll discuss how organizations should evolve their security strategies as users and applications become the risk focal point. Attend this session and learn about new approaches such as:
• Work with the way developers work.
• Cover not only the apps an organization develops internally, but also those it purchases or assembles from components.
• Move beyond the software development lifecycle to the full software lifecycle, covering apps from inception through production.
Data is the lifeblood of today's business. As the volume of generated data continues to grow, so does the number of data breaches. It's more critical than ever for organizations to adopt database audit and protection solutions. But not all solutions are created equal.
What are the key capabilities that IT and security teams should evaluate? Join Terry Ray as he discusses key considerations for selecting a database audit and protection solution.
About the Presenter:
Terry Ray is the Chief Technology Officer for Imperva, Inc., the leading provider of data security solutions. Terry works directly with Imperva’s largest customers to educate on industry best practices, challenges and regulations. He also, operates as an executive sponsor to strategic customers who benefit from a bridge between both company’s executive teams. During his 12 years at Imperva, he has deployed hundreds of data security solutions to meet the requirements of customers and regulators from every industry. Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, Gartner, IANS and other professional security and audit organizations in the Americas and abroad.
Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects? Are developers to blame? Is it just the nature of software?
We’ll discuss the four primary ways that vulnerabilities end up in your software. Attendees at this session will understand the main sources of vulnerabilities and how to prevent them -- a good first step in making apps less like a red carpet for cyberattackers, and more like a moat. We’ll get attendees up to speed on the following:
• Insecure coding
• A threat landscape that never quits
• Indiscriminate use of components
• Programming language choice
According to Akamai, attacks at the application layer are growing by more than 25% annually. But many organizations still struggle to understand how to get started with application security, or what good looks like.
To shed light on the application security process, this session will outline the steps most of Veracode's customers take to develop a mature application security program. Attend and hear about Colin’s experience developing and managing an application security program from the ground up and learn:
• The different AppSec phases most organizations are currently in
• The next steps to take when moving toward a more comprehensive AppSec program
• Lessons learned, best practices and pitfalls to avoid -- from someone who’s been there
• What a comprehensive, mature AppSec program entails
If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and from waterfall to DevOps. We have learned a lot along the way and I’m eager to share the story. In this session learn:
· A basic Understanding of Waterfall, Agile and DevOps from a people, process and technology point of view
· Considerations when transitioning between these methodologies
· An approach to leading the change in your own company
· How Security can best be integrated into DevOps
Securing a global enterprise requires security, development, vulnerability management, compliance and risk professionals to understand the engagement and inflection points in the software development lifecycle—and their roles to accelerate it.
Join Veracode for a two part session featuring "Securing the Enterprise in a DevOps World" with David Wayland, and an interactive panel discussion to continue the conversation on securing the enterprise in a DevOps World. This open round table discussion will be led by Veracode Co-Founder and CTO, Chris Wysopal. We will have time for Q&A so bring your questions!
The discussion will touch upon:
· Are you crawling, walking or running with your DevOps initiative?
· Pitfalls? Success?
· How are you connecting the dots for the business and the board on how your application security initiative is mitigating risk?
Panelists: David Wayland, Head of Enterprise Application Security—Fortune 500 Financial Firm, Pete Chestna, Director of Developer Engagement—Veracode, Joseph Feiman Chief Innovation Officer—Veracode.
Today’s reality is that your organization will continue to be confronted by increasingly frequent and complex cyber threats.
The Threat Lifecycle Management Framework (TLM) is a series of aligned security operations capabilities. It begins with the ability to monitor and search across your IT environment and ends with the ability to quickly mitigate and recover from security incidents. The result? Faster time to detect and time to respond, without adding staff to accomplish the job.
See how LogRhythm’s Threat Lifecycle Management Platform can help your team sort through the noise to quickly discover and neutralize concerning incidents.
Organizations are rapidly embracing multi-cloud architectures that span software-defined data centers (private clouds) and public cloud environments. To help organizations protect their cloud-based applications and data from cyberattacks, PAN-OS® 8.0 expands the VM-Series with new models and optimized performance, making it the broadest, most powerful line of virtualized firewall appliances on the market.
New scalability and resiliency features for Microsoft® Azure® and Amazon® Web Services enable organizations to build secure cloud-centric architectures. Workflow automation features for VMware® NSX® and KVM with OpenStack® help streamline VM-Series deployments.
The cloud promises to enable organisations to be more flexible, agile and responsive to the needs of their business and the demands of customer and partners. As physical infrastructure has become invisible to end-users, the role of service providers and channel partners has changed. Faced with public and private options, many firms are taking a XaaS approach, embracing the best of both private and public worlds - implementing hybrid architectures to deliver on-demand access to compute resources, capacity, and services, while also providing greater levels of control, security, and visibility of data and applications. In this webinar, Rory Duncan, Research Director with 451 Research will outline the opportunities for Service Providers and channel partners delivering cloud services, examining topics such as support, managed services, data protection and data sovereignty for facilitating cloud consumption.