Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.
Each day, with every customer transaction, employee task and business process, companies generate vast amounts of operational data that provides leaders and managers with insight into what is working well and what requires attention. Operational data is particularly important to those responsible for stewarding the information and technology assets of their organization.
In this context, operational data is particularly important to IT, which is why it is so critical to understand the three different types of operational data on which IT leaders rely.
Business operational data is all about the business processes and user experiences, which IT enables with the technology and services it provides. The reason organizations invest in technology is to improve the productivity and effectiveness of business operations. Process and user-related data evaluated over time provides a contextual picture into how effectively the technology is achieving that goal.
IT operational data is concerned with the content of “what” technology components are operating and being used. IT operational data is important as a part of the IT planning process to understand capacity utilization and determine where scalability constraints exist, as well as to understand the cost of services provided to users and to assess security and risk considerations of the business-technology ecosystem. Within IT service management processes, operational data is critical to ensure performance and availability Service Levels Agreements (SLAs) are honored, and to drive technology cost reduction through infrastructure optimization.
Operational data provides IT with the critical picture it needs to understand and optimize the role it plays in the context of the company.
It’s a fact: Digital Transformation is arguably the number one growth opportunity among today’s IT and business leaders. Organizations that embrace advanced technologies are attracting the best talent, optimizing productivity and creating enduring value for customers and shareholders.
Join us to engage with subject matter experts, network with peers and learn about new innovations that will streamline operational efficiencies and reinvent the way your organization performs with the advanced security you require in the cloud era.
Stop attacks such as ransomware and get HIPAA compliant for Healthcare. Understand the top 3 attacks in Healthcare, how to stop them using simple cloud-based tools and ensure HIPAA compliance for business continuity.
The nation's first state-mandated cybersecurity regulations regarding banking and financial services companies went into effect in New York state on March 1st. However, many businesses subject to the regulations are asking, what are these rules and how will they affect my business operations.
SecureWorks invites you to join us on April 27th for a webcast designed to help you understand these new mandates and develop an approach to ensure that your organization has a mature and effective security program in place that will not only help you achieve compliance but will improve your overall information security posture.
What you will learn:
• Which entities are covered by the mandate and what type of data needs protecting.
• The five core elements needed to establish a comprehensive cybersecurity program.
• Critical questions you should be asking your security program partner.
Hunt teams are relative newcomers within the security operations domain. Many companies say they are doing “hunt” but when we dig deeper, we find the capabilities are ad hoc, with no measurable indicators of success nor formal organizational support. That means hunt teams are growing in popularity and use, but there is no “gold standard” yet for how they work. With increasing scarcity of skilled resources in cyber security and lack of efficient tools, it is challenging to build successful hunt practices inside an organization.
Join this webcast to:
•Gain a clear understanding of the current challenges of hunt and investigation procedures
•Learn how to build “hunt” capabilities that search for security breaches
•Increase speed, simplicity and effectiveness across the entire workflow of hunt and investigation with ArcSight’s new solution
Mary Writz is a seasoned professional with more than 15 years of experience in cyber security and, under her services leadership role, her team filed 9 patents and built a successful hunt practice with a focus on Big Data, machine learning and visualization. Alona Nadler is a senior product manager for ArcSight with a background in Big Data analytics platform.
If you’ve conducted discovery for litigation, investigations or audits, you know that “Murphy’s Law” dictates that a number of “pitfalls” and “potholes” could occur that can derail your project. These issues can add considerable cost to your discovery effort through unexpected rework and also cause you to miss important deadlines or even incur the wrath of a judge for not following accepted rules and principles for discovery. This webcast* will discuss some of the most common “pitfalls” and “potholes” that you can encounter during the discovery life cycle and how to address them to keep your discovery project on track.
+ Avoiding the Mistake in Assuming that Discovery Begins When the Case is Filed
+ How to Proactively Address Inadvertent Privilege Productions
+ Up Front Planning to Reduce Review Costs
+ How to Avoid Getting Stuck with a Bad Production from Opposing Counsel
+ Understanding Your Data to Drive Discovery Decisions
+ Minimizing Potential ESI Spoliation Opportunities
+ Ways to Avoid Potential Data Breaches
+ How to Avoid Processing Mistakes that Can Slow You Down
+ Common Searching Mistakes and How to Avoid Them
+ Techniques to Increase Review Efficiency and Effectiveness
+ Checklist of Items to Ensure a Smooth and Accurate Production
Doug Austin: Doug is the VP of Ops and Professional Services for CloudNine. At CloudNine, Doug manages professional services consulting projects for CloudNine clients. Doug has over 25 years of experience providing consulting, technical project management and software development services to numerous commercial and government clients.
Karen DeSouza: Karen is the Director of Review Services and a Professional Services Consultant for CloudNine. Karen is a licensed attorney in Texas and has over 15 years of legal experience. She also has a Bachelor of Science in Legal Studies - American Jurisprudence.
Cyber extortion is on the rise, and the public sector is particularly vulnerable. A study conducted by a leading cybersecurity threat management firm reported that state and local government networks are twice as likely as their commercial counterparts to be infected with either ransomware or malware.
Why are ransomware perpetrators increasingly setting their sights on the public sector? First, many agencies and public institutions rely on legacy systems that are challenged to meet all of today’s cybersecurity threats. Second, the proliferation of devices and technology platforms, including smartphones, tablets and mobile apps, are giving hackers more points of entry into public sector networks. Are you prepared for such an attack?
Join Bil Harmer, Strategist, Office of the CISO, Zscaler Inc., for a compelling webcast highlighting how ransomware can impact your organization and steps you can take to secure your network and systems.
Bil will also cover:
- How ransomware has evolved
- Lessons learned from recent attacks
- Why cloud sandboxing is so important
- Tips for mitigating ransomware
For more information about Zscaler, go to www.zscaler.com
Bil Harmer leads Zscaler’s Office of the CISO for the Americas, where he advises organizations on best practices for implementing cloud-based cybersecurity solutions. A veteran of the IT industry, he has helped startups, governments, and financial institutions design and implement security programs. Bil pioneered the use of the SAS70 coupled with ISO, to create a trusted security audit methodology used by the SaaS industry. A highly sought-after speaker, Bil frequently presents on security and privacy-related topics at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance.
Considered the gold standard for cybersecurity, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is being utilized by the Federal Government agencies to reduce risk.
Key Learning Objectives:
•Overview of the NIST CSF
•How the NIST CSF is currently being used by the Federal Government to compliment The Federal Information Security Management Act (FISMA )
•Possible future use cases
Join this webcast for a review on best practices for the NIST CSF being utilized by Federal, State and Local Government
External penetration testing, also known as ethical hacking, is an independent engagement that can help pinpoint common attack vectors and patterns hackers look for in your network. Delta Risk research has identified the attack vectors bad actors most commonly use to get initial access to a network and spread across the rest of the organization. In this 45-minute webinar, our pen testers offer recommendations on how to combat various scenarios and outline the key mistakes defenders must avoid when protecting their security operations.
WHAT YOU’LL LEARN:
• Lessons learned from our 2016 external assessments
• Common weaknesses our testers exploited such as kerberoasting and password reuse
• Methods our testers use to quickly locate high value assets
• Vendor-neutral solutions for protecting sensitive information
• Why third-party penetration testing is in demand
About the Presenters:
Paul Brandau is the Managing Consultant with Delta Risk LLC. He has more than 10 years of experience in the cyber security domain providing a unique perspective on cyber exercises, operational (red team) assessments, and training in offensive network operations. He has helped design and lead a Red Team for the United States Department of Homeland Security. Prior to Delta Risk, his duties included reverse engineering malware and threat profile creation.
Mike Warren is VP of Cyber Resiliency Services for Delta Risk LLC. He has more than 14 years of experience in the cyber security domain providing a threat perspective, operational (red team) assessments, enterprise vulnerability assessments (blue team), and training in defensive and offensive network operations. Prior to Delta Risk, he was an active duty Air Force Communications and Information Engineer Officer.
Three-quarters of IT and finance leaders fear a software audit by Microsoft. More than Oracle, IBM or SAP. In fact, 68% say they have been audited by the world’s largest software publisher in the last 12 months alone* and this looks set to increase.
But software audits don’t need to be scary if you’re armed with the right information and insight.
The key is identifying and addressing the key points of failure in a Microsoft software audit:
Join Microsoft licensing guru, Rich Gibbons from ITAM Review and compliance pros from the world’s leading SAM technology provider, Snow Software, for a 45-minute masterclass in Microsoft audit readiness.
Hybrid Clouds are expected to gain prominence for hosting diverse enterprise workloads due to a variety of needs. For this model of cloud deployment, there exist broader security and specific privacy concerns driven primarily by data loss, data privacy and compliance to regulatory needs. Although Hybrid Clouds offer a degree of control and security of IT infrastructure, there is a need for unified cloud security management which offers a more holistic view of risk categorisation and standard security policies. How can working with a service provider, who can offer an optimized mix of technology and controls to seamlessly manage Security and Compliance, change the game for the enterprise?
Privileged accounts can be some of the most serious threats your company can face. As more and more processes are digitalized and activities externalized, the number of accounts accessing critical and strategic information escalates, extending the cyber threat across continents. Meanwhile, companies and individuals are becoming increasingly aware that any data or server can be accessed with the right privileges; it is therefore imperative to know who accesses critical resources, as well as when and why they do so to avoid any leak. By monitoring the users holding the keys to the kingdom - the privileged users, we are able to know what exactly happened on a system at any given time and how. Whether malicious or negligent, incidents caused by internal or external threats can be avoided quickly if visibility over the IS is restored. Session monitoring and recording dissuades malicious or negligent users while offering real-time alerts, traceability, and post-mortem analysis. Discover how some of the most dramatic cyberattacks to date could have been prevented had there been a Privileged Access Management solution in place to protect and secure target systems.
With over 13 years of front-line experience dealing with advanced threat actors from around the globe, our Mandiant team know how the bad guys think and can help you win the battle against cyber attackers.
In this webinar, Stuart Davis and David Grout will cover:
- Best practices in regards to Security as a Service
- How organisations can move from an alert-led security to an intelligence-led security
- How FireEye can provide the adequate tools, processes and expertise required to build a next generation security program
In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format. They provide insight into the path he took to become CISOs and how they are reinventing the role in the face of accelerating industry change.
You may know that email is a top vector for advanced threats targeting your organisation. But did you know that attackers have evolved their techniques to bypass even your most sophisticated email security tools? Your people, data, and brand reputation are at serious risk.
Join the Proofpoint for "How to Build an Advanced Email Security Strategy." to learn about:
• The latest email fraud techniques, including business email compromise (BEC), ransomware, and sandbox-evasion threats.
•Key steps to building an email security strategy that can adapt to and stop attacks before they reach the inbox.
• How to respond to and mitigate security risks faster and more reliably at a reduced cost.
You’ve decided to move to the cloud. It’s faster, more scalable, and more agile. Security is a priority, but you don’t want it to slow you down. The foundational infrastructure delivered by cloud providers is secure, but protecting the applications, workloads, and data you run on top of it is your responsibility—and it’s a big one.
Watch ‘Is Your Security Keeping Pace with Your Cloud Initiatives?’, for a lively discussion on how to evolve your security strategy to account for innovation at cloud speeds. Our panel of experts will discuss:
- Why conventional security approaches falter in highly dynamic and elastic environments
- Key steps to eliminate choke points, keep pace with elastic workloads, and how to deploy security controls in minutes
- How to keep your internal and external customer’s applications and workloads secure while meeting compliance requirements
- Why a Security-as-a-Service can help you strike the optimum balance between risk, cost and cloud speed.
Join Jonathan Glass, Cloud Security Architect, Turner Broadcasting System, Chris Geiser, CTO of the Garrigan Lyman Group, and Allison Armstrong, VP of Technology and Product Marketing at Alert Logic, for a discussion on ‘Is Your Security Keeping Pace with Your Cloud Initiatives?’, and learn how it can. Register now!
With their unique position at the centre of an organization, Architects can play a pivotal role to usher digital evolution and transformation in-line with business and IT objectives, including the adoption of Agile, DevOps and other disruptive paradigms.
Join Richard Sey, Head of Development Operations (DevOps), Siemens Energy Management, and Mark Daly, Client Architect, MuleSoft, on January 18 at 10am (GMT) for a live webinar as they look at the key role of the Architect in achieving the new IT Operating model. It will cover:
- A working example from Siemens Energy Management on how they have realised the new IT Operating Model from a business and Architect's perspective to drive operational efficiency, cutting development time by half
- A view of Enterprise Architecture and DevOps from a leader in the field
- What an organization needs to support delivery of the new IT Operating Model, including the creation of a Centre for Enablement (C4E), which has reduced dependency on Central IT in the Lines of Business at Siemens by 25%
Today’s endpoint security products do what they were designed to do, but they still leave gaps in protection. Comprehensive endpoint protection requires prevention, AV, endpoint detection and response (EDR) and other capabilities. Even when organizations adopt multiple point products, there are still gaps in their endpoint protection.
Some companies tout “next-generation endpoint security,” but what does that mean? Jim Waggoner, Sr. Director of Endpoint Product Management at FireEye will tell you how to make sure your next-generation endpoint security solution is delivering a comprehensive. In this webinar, you will:
> Learn about the current endpoint security landscape and the challenges it poses
> Find out what makes EDR capabilities valuable
> Understand why threat intelligence is important and how it affects endpoint threat detection and prevention
> Discover why a single endpoint agent should include (1) Multiple detection and prevention engines, (2) Integrated workflows from detection to investigation to remediation, and (3) Scalable, multiple form factors and breadth of OS support
Active Directory is an organization's greatest asset - and weakness. Attackers target this valuable database to access all users, credentials, computers, servers, applications, resources of the ENTIRE organization. Protecting it is required. Doing it from the endpoint before the attacker enters the network is essential.
Your AD risk can be eliminated. Listen to an easy and efficient way to protect what no other security technology is doing or can do today. Javelin AD Protect was built by former 'Red Team' government trained attackers and will educate you on why Active Directory is easy for hackers to gain the 'keys to the kingdom.'.
Manually turning data on cyber attacks, vulnerabilities, and exploits into actionable threat intelligence requires a significant investment of time and resources.
With security talent and budget in short supply, you need to get more from your data, faster.
Join Dr. Dhia Mahjoub, Principal Engineer of Cisco Umbrella Research, and Daniel Hatheway, Senior Technical Analyst at Recorded Future, to see how you can gain a more complete view of the threat landscape through a new, exciting integration.
Attendees will learn how to accelerate incident response and streamline security operations, now. Learn how:
-Cisco Umbrella Investigate provides access to a live view of domains, IPs, ASNs, and malware file hashes, enabling incident responders to pinpoint attackers’ infrastructures and predict potential threats.
-Recorded Future expands upon the Investigate data from technical, open and dark web sources to further reduce the risk of attackers in the shortest amount of time.
-Together, they automate threat intelligence across the broadest set of sources to provide the single best defense against threats.
Register today to see how you can make more informed decisions, faster.
Security 101: Don't ignore those prompts to patch, learn about how cybercriminals exploit vulnerabilities in unpatched environments. Throughout the VIPRE Security 101 series, speakers have come back to the importance of patching. Im many cases, prompts to update Adobe, Java, Chrome, iTunes, Skype and others are to fix newly discovered security vulnerabilties in those products. Cyberminimals exploit those vulnerabbiliteies to open a backdoor onto your systems to drop malware and infect your network. Learn how to address these issues with steps to protect and product considerations.
According to a recent SANS report, more than 60 percent of large-company CISOs brief the board at least annually and by the end of 2018, 70 percent of all boards will require CISOs to brief them quarterly.^
Deciding to what degree your security operations should be in-house vs outsourced is a major decision with significant cost and resource ramifications. Currently organizations globally face persistent security challenges, which collectively require people, process, technology, and strategy to address. This collection of challenges are further complicated by evolving business needs; expanding toolsets and platform options; and staffing retention and attrition. Join us to learn how a modern approach to security operations can help address these challenges.
SecureWorks Principal Cyber Security Operations Consultant and former Security Operations Center (SOC) manager, Travis Wiggins, will discuss how security leaders and practitioners can leverage his experience to more clearly define the requirements and make informed decisions about protecting your organization.
You Will Learn:
• Why making the right security operations decisions is critical to reduce business risk
• What to consider when planning a SOC and how to position the plan to leaders
• How to address talent retention, accountability, and scalability
• Why strategy and proper tools are key components in a successful SOC implementation
^ Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 - https://www.sans.org/reading-room/whitepapers/analyst/cyber-security-trends-aiming-target-increase-security-2017-37702
Kick-Start a Radical Change in the Evolution of Cybersecurity
Senior government and education officials are prime for the next evolution in cybersecurity. Although network defenders remain lockstep in outdated best practices, CIOs and CSOs are moving away from the coveted defense-in-depth strategies of the past and looking forward to more effective measures to implement the Cyber Kill Chain™ model.
In this C-level webinar, the CSO of Palo Alto Networks®, Rick Howard, will discuss how CIOs and CSOs can more effectively orchestrate their enterprise security posture. Rick will review the state of enterprise cyber defense and provide insight for executives on:
• Why the defense-in-depth model failed.
• Why its replacement, the Cyber Kill Chain, hasn’t realized its full potential.
• How to shift focus to automatic enterprise security orchestration.
• How to influence the board and radically change thinking from the top down.
Join us to learn more about this new and necessary direction in the evolution of cybersecurity.
Perimeterless IT infrastructure and its security is now an integral part of the operational strategies of India’s financial institutions. But the number, frequency, and impact of cyber attacks on Indian financial institutions have increased substantially, underlining the urgent need for banks to develop robust cyber security measures, and assess their security posture on a continuous basis.
The RBI Guidelines for Cyber Security assist financial institutions to achieve this through a new-era preventative security baseline.
During this webcast, Shailesh Athalye, Qualys Senior Manager, Compliance Research and Analysis, will discuss how financial institutions can easily address both the technical & procedural elements of the RBI Guidelines for Cyber Security in an automated manner using the highly scalable Qualys Cloud Platform.
La gestion des vulnérabilités est nécessaire pour réduire les failles et les risques de sécurité dans votre environnement.
Beaucoup d’organisations luttent encore pour mettre en place une solution efficace de gestion des vulnérabilités et des processus inhérents, et ce, en accord avec les contraintes de conformité de sécurité et réglementaire.
Dans la plupart des cas, le contrôle des trois fonctions essentielles du cycle de gestion des vulnérabilités reste un challenge: découverte, analyse et prioritisation, et correction.
Dans ce webinaire, vous allez découvrir comment:
*Tirer le meilleur parti de votre solution de gestion des vulnérabilités avec les outils Flexera Software
*Associer gestion des vulnérabilités de sécurité avec vos processus ITSM en place
*Améliorer efficacement votre sécurité informatique
The use of the knowledge and understanding of natural sciences, in particular the human body, applied to computer security is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex cyber threat landscape of computer systems. It is hoped that biologically inspired approaches in this area, including, but not limited, to the use of immune-based systems will be able to meet this challenge.
Join this webinar to understand more about these ideas to further foster the need to design and develop naturally inspired and sustainable protection and defence systems.
As New Jersey’s largest integrated healthcare delivery system and one of the country’s fastest-growing health organizations, RWJBarnabas Health has dealt with formidable cybersecurity and data privacy challenges, such as:
•Discovering and securing agentless clinical devices while maintaining availability
•Supporting compliance with regulatory mandates such as HIPAA and HITECH
•Merging highly mixed environments due to merger and acquisition activity
•Securing guest-, vendor-owned and IoT devices through network segmentation
During this webinar, RWJBarnabas Health’s Hussein Syed, Chief Information Security Officer, and Dominic Hart, Manager Information Security Architecture and Security, will discuss why agentless visibility and control are essential for securing healthcare environments.