Executive IT Forums

Channel profile:

Empowering the GRC Community

The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Subscribers (9,969)
Managing Third-Party Risk to Strengthen IT Vendor Governance Drew Wilkinson,Booz Allen Hamilton; Yo Delmar, MetricStream; Vivek Shivananda, Rsam Managing third-party risk is a big undertaking. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate though IT Vendors within the supply chain. Not only are the risks associated with third-party vendors increasing, but regulators are turning their attention to the need for organizations to manage IT vendor risk more effectively.

Organizations should start by compiling a comprehensive inventory of all partnering third-parties and their associated risks, which will enable management to segment IT vendor risk accordingly and focus efforts by priority. They should also designate a business owner for managing third-party relationships, and provide them with the right decision-making powers to establish a disciplined governance and escalation framework for dealing with incidents that occur.

By implementing such best practice organizations can streamline, automate and integrate IT Vendor governance, risk management, compliance, and audit programs, to build a new, more effective paradigm of supply chain performance. Join this education session as we address these key concepts and challenges for managing third-party risk to strengthen IT vendor governance.
Read more >
Oct 29 2015 5:00 pm
60 mins
Save your seat
  • Date
  • Rating
  • Views
  • Inadequate security and dedicated cyber attackers have led enterprise data breaches to increase at an alarming pace. Staggering numbers of affected customers - and financial losses - are sending shock waves through the business world, and creating a sense of urgency around identifying solutions. Finding a way to ward off cyber intruders has become a critical challenge.

    There is a need to create value around company data. One way to do this is to ensure that the workforce knows and understands the threats that are out there and the measures that are in place to protect against them. Data security is not one size fits all, nor is a data security communication plan. Finding the ideal fit for any company may take trial and error, but an educated and mindful workforce will serve to support the mission of IT security teams tasked with keeping confidential information secure. Join this educational panel webinar to hear experts discuss how to realize data security potential across an enterprise.
  • As corporate information technology infrastructure increases in size and complexity, corporations are recognizing the need for a better mechanism for assessing IT's role and alignment to the key corporate initiatives. What began as a series of best practices has evolved into the field known as IT governance.

    IT governance is no longer just a theoretical concept, it is a fundamental business necessity, and an iterative process which requires senior management commitment over the long term in order to see results. By implementing a business risk approach to IT governance corporations can deliver immediate benefits to the entire organization.

    Join Eric Kavanagh, the Bloor Group; Paul Quanrud, TCS; Keith Breidt, BAH; and Yo Delmar, MetricStream; for this educational session as they address some of the key concepts and challenges with IT governance. They will answer as many questions as we can fit in to the 45 minute Q&A, and will provide research materials for you to takeaway.

    If you would like to attend please confirm your position below.
  • The total number of fraudulent payment card transactions has grown every year since 2006, and experts are calling 2014 "the year of the breach." The Ponemon Institute found that each breach cost the average retailer $8.6 million in related expenses, and the price tag connected with a data breach increased across the board, reaching $20.8 million for financial service firms, $14.5 million for technology companies and $12.7 for communications providers.

    With attacks continually on the rise, it's more important than ever that merchants protect themselves from the potentially huge financial losses and damages to their brand and customer loyalty associated with a data breach. Join this educational session to gain insights and some key steps to prevent payment card breaches across your organization.
  • With the increased regulation and scrutiny of the past decade, it is important for organizations to implement best practices in order to maintain control and achieve compliance with evolving regulatory requirements.

    Compliance teams of the brave new world are set up to discuss risks with the key business leaders, and have sufficient resources to ensure company compliance programs are implemented effectively. Their software applications for managing enterprise governance, risk management, and compliance (eGRC) continue to mature with impressive features and functions, and they are making notable strategic advances by linking these three business functions for more informed decision-making, to reduce risk exposure, lower audit costs, and demonstrate compliance.

    To replicate similar success in your eGRC program, you will need to focus on selling GRC value, practicing good GRC project management, and embedding GRC into corporate culture. Join this educational panel webinar as our experts delve deeper into this, and identify the best practices for implementing an eGRC program in 2015.
  • Data breaches are a widespread problem with over 1.1 billion records compromised in the last 10 years. According to the Verizon 2014 Data Breach Investigations Report, the vast majority of breaches occurred against small to mid-sized companies.

    As a result many retailers are focused on bolstering payment security and reducing fraud by implementing solutions such us EMV, End-to-end encryption (E2EE), and Tokenization. These solutions can work in tandem to protect merchants, and enable them to exceed regulatory requirements by securing card data across all payment environments.

    In this session our experts will present and define the three technologies, address the drivers that are leading the United States to implement EMV, and explain the complementary role of Tokenization with respect to EMV and End-to-end encryption.
  • * On this webcast we're giving away a pass ($2,490 value) to our partner event: The 3rd Annual Stress Testing USA Congress being held in NYC on March 18-19, 2015. All attendees will be included in the draw.

    The clock is ticking for enterprises that have not yet upgraded their payment card processing systems to be compliant with Payment Card Industry Data Security Standard (PCI DSS) 3.0. Since Jan. 1, 2015 , there is increasing urgency to not only understand the most important changes in PCI DSS 3.0, but also to be ready for a rigorous QSA assessment against those changes. Since PCI 3.0 is bigger, harder and more expensive than the previous iteration, merchants have their work cut out for them.

    PCI DSS founding member, Visa Inc. recently changed its policy on compliance assessments for the PCI DSS. More specifically, Visa decided that merchants who meet a stringent set of criteria including processing 75% of transactions using "Chip and PIN" enabled terminals, may be able to apply for an exemption from PCI DSS assessment requirements. Unfortunately, not all merchants are aware of the change, and fewer understand what it means.

    In this special presentation, our expert panel will explain the changes and their implications, and offer a detailed review of PCI DSS 3.0 to help enterprises prepare for assessments and make PCI compliance a whole lot easier.
  • In 2015 the size of the digital universe will be tenfold what it was in 2010. Large-scale data breaches are on the rise across all sectors, and enterprise data security initiatives must evolve to address new and growing threats. Consumer transactions, personally identifiable information, customer records, and the like, all flowing together into the Hadoop ‘data lake’, will enable critical business insights but also means Hadoop installations will be a rich target for cyber-crime.

    Organizations are now faced with more stringent and expanding regulations, and must implement better governance, more effective risk management policies, and smarter data management approaches to enable them to do a much better job of controlling their business through the information explosion. As companies look at GRC technology, they should assess the capability of these solutions to deliver continuous monitoring of controls, key risk and security indicators, policies, and ensure they are natively integrated with critical business systems.

    We invite you to attend this round-table webinar as our panel of experts will discuss top guidelines for Hadoop security and governance in 2015, and provide guidance for assessing new technology solutions to ensure they will achieve your objectives.
  • More than 100 million Americans have lost personal information in a data breach over the last year, and identity theft is the fastest growing crime in the US. As a result, President Obama has launched a government initiative to support the US migration to EMV and improve information sharing on cyberfraud threats, and nearly half of US merchant terminals are expected to accept EMV cards by the end of next year.

    As of October 1 of 2015, merchants and acquirers—not card issuers—will bear the financial burden resulting from fraudulent use of counterfeit, lost and stolen cards. It's a risk that's only mitigated by demonstration and documentation of EMV compliance. Beyond the liability shift, EMV holds promise as an enabler of secure mobile and e-commerce payments, with attractive PCI (Payment Card Industry) Security Standards-related benefits for merchants. Those who implement EMV contact- and contactless-enabled POS devices may be excused from PCI audits and the costs associated with them, creating further incentive to adopt EMV.

    In this webinar, we'll discuss the details behind the migration to EMV, how the technology works, and some top security guidelines for EMV and Mobile Payments in 2015.
  • Albert Einstein once observed: "Technological progress is like an axe in the hands of a pathological criminal." His words were eerily prophetic of the continuous news of data breaches in the retail and banking sectors.

    Data breaches can be financially catastrophic as they drive costs to repair the damage, costs to secure their systems, costs to repay the consumers, losses in profits, losses in consumer confidence, and lawsuits seeking damages for alleged negligence. Intense media and Congressional scrutiny have classified all data breaches as direct attacks on privacy, and any company that has possession of personal identification information should consider itself in possession of potentially explosive material.

    Although the headline-making breaches are highly sophisticated, most attacks simply exploit lax security practices. In fact, Verizon's 2014 Data Breach Investigations Report found that 78 percent of the attacks were of very low or low difficulty. That means that in more than three-quarters of all breaches, attackers used basic methods that required few resources and no software customization. That's the bad news. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.

    Join our panel of experts as they discuss how to implement data security best practices, and how to prepare your experts with a crisis response plan to avoid being another headline.
  • Encrypting ransomware is a key term in the title as just ransomware is broad and can include threats that are very different, easy to detect, and don't encrypt files at infection - the key differentiation point that gives these threats the upper hand against AV.

    The presentation is going to be on all the encrypting ransomwares we've seen thus far. It will cover in-depth features of each one and how malware authors made improvements as time went on. There is quite a few so it will be a full presentations worth (cryptolocker, dir-crypt, cryptowall, cryptodefense, zero-locker, critroni, synolocker, cryptographic locker). I'll show from start to finish of an infection and what a user will experience and will highlight social engineering tactics along with the methods of payment circumventing money mules.

Embed in website or blog