Centralizing Compliance Controls: Achieving Scale and Cutting Costs

Marc Blackmer, Senior Product Marketing Manager, Solutions at HP Enterprise Security
Organizations often approach regulatory compliance with one-off projects, deploying a set of controls for each regulation. This approach to enterprise-wide management of compliance can become expensive and difficult to sustain, let alone develop and expand to meet growing demands. This presentation will address how a centralized system coupled with an IT governance framework may be used to achieve multiple compliance regulations and manage them efficiently with a consolidated view across an entire organization.
May 22 2012
44 mins
Centralizing Compliance Controls: Achieving Scale and Cutting Costs
Join us for this summit:
More from this community:

IT Security

Webinars and videos

  • Live and recorded (4543)
  • Upcoming (146)
  • Date
  • Rating
  • Views
  • Successful organizations run on key metrics and IT security should be no different. But which security metrics should operations, management and the boardroom be focused on? Factories focus on “days without an accident” Is the cyber parallel “days without a breach?”
    What to measure, how to measure, and how to communicate performance is key to improving the security team’s effectiveness and standing within the organization. Information like:
    - Which departments have access to which servers?
    - Who are the privileged users and when are they most active?
    - Where are the assets with vulnerabilities that can be reached from outside?
    - When are security defenses like firewalls likely to maxout?
    Join Dr. Larry Ponemon, Chairman & Founder of the Ponemon Institute, for key results of a new research study on security metrics and change management, and Jody Brazil, Founder, President and CTO of FireMon, for a pragmatic perspective on generating actionable metrics from your network security infrastructure and reducing the risks of relentless change.
  • Successful organizations run on key metrics and IT security should be no different. But which security metrics should operations, management and the boardroom be focused on? Factories focus on “days without an accident” Is the cyber parallel “days without a breach?”
    What to measure, how to measure, and how to communicate performance is key to improving the security team’s effectiveness and standing within the organization. Information like:
    - Which departments have access to which servers?
    - Who are the privileged users and when are they most active?
    - Where are the assets with vulnerabilities that can be reached from outside?
    - When are security defenses like firewalls likely to maxout?
    Join Dr. Larry Ponemon, Chairman & Founder of the Ponemon Institute, for key results of a new research study on security metrics and change management, and Jody Brazil, Founder, President and CTO of FireMon, for a pragmatic perspective on generating actionable metrics from your network security infrastructure and reducing the risks of relentless change.
  • You are invited to register for our upcoming COSO webinar, COSO 2013: Mapping Controls to Principles. Transitioning to the New COSO Framework is top of mind for many organizations. How do you get started? How do you map controls to principles or vice versa? What are some of the preliminary findings organizations are seeing as they head down the path to implement the framework?

    Please submit top-of-mind questions during the webinar registration process.

    CPE credits will be provided to qualifying attendees.
  • *On this webcast we're giving away a pass to our partner event: the Chicago Cyber Incident Response Summit, between June 21-23, 2014*

    Let’s face it, there’s unrelenting pressure on IT to enable competitive advantage through new technology and use of data assets‒-but the business is driving initiatives that can push sensitive production data into more and more exposed areas. The key question is ‘How can you enable the business to be agile AND take a more proactive, programmatic approach to security at the same time?’ With the advanced threats that are pervasive today, it’s becoming increasingly dangerous for organizations to deploy new technologies and processes, and then reactively address the implications for data security in the ecosystem. You need a blueprint to reverse this trend in your organization.

    In this webinar, William Stewart, Senior Vice President of Booz Allen Hamilton and Jeff Lunglhofer, Principal of Booz Allen Hamilton–a leading management technology and consulting firm driving strategic innovation for clients–will discuss the top trends in cyber threat mitigation, data privacy, data governance, and data security, with Mark Bower, VP Product Management and Solutions Architecture at Voltage Security.

    Attend this webinar to learn more about how to:
    •Increase responsiveness and security in your IT environment and architecture
    •Fight pervasive threats from inside and outside attack with data-centric technologies
    •Raise your organization’s overall data privacy, compliance, and security profile
    •Implement a new data de-identification framework across production, test & dev, and analytics use cases
    •Proactively enable critical business initiatives
    --Can't attend live? Register below to receive a link to the recorded webcast.
  • The future of work sees changes to how employees work, how managers lead, and how organizations are structured. However, technology still remains the central nervous system of organizations and things like enables flexible work, collaboration, communication, and BYOD. In short, IT helps organizations be competitive. But how is IT changing in the context of new work behaviors and expectations, a multi-generational workforce, the cloud, globalization, and many of the other trends that are shaping the world of work? Join us in this session as a panel of experts debates and explores how IT is changing and what the future of IT looks like.
  • Malware today is very different from just a few years ago. Traditional AV technology is no longer able to consistently and fully remediate or defend against today’s most advanced threats. New and emerging threats such as ransomware, social engineering driven attacks and micro variant financial threats are just some examples of difficult to remediate infections. This presentation will take a look at the malware landscape and explain why these tactics are so effective against traditional AV technology. We will examine three specific families of infections and highlight their tactics to evade detection and what issues occur with remediation. Lastly, we will talk about Webroot’s innovation and how our SecureAnywhere AV solution is capable of defending against, and remediating today’s most advanced threats.
  • Malware today is very different from just a few years ago. Traditional AV technology is no longer able to consistently and fully remediate or defend against today’s most advanced threats. New and emerging threats such as ransomware, social engineering driven attacks and micro variant financial threats are just some examples of difficult to remediate infections. This presentation will take a look at the malware landscape and explain why these tactics are so effective against traditional AV technology. We will examine three specific families of infections and highlight their tactics to evade detection and what issues occur with remediation. Lastly, we will talk about Webroot’s innovation and how our SecureAnywhere AV solution is capable of defending against, and remediating today’s most advanced threats.
  • Join us to hear from product expert Rob Singh to learn more about Mocana Atlas Certificate Enrollment
  • Collaboration is crucial when it comes to your marketing team. No matter if you're based locally or globally, the concept of work and the way we interact is completely changing. With smartphones and tablets taking over our lives, efficient collaboration, coordination, and consistency around marketing campaigns and messaging can be challenging when running a marketing organization.

    Join this webinar to discover:

    - The latest and greatest in marketing automation and file sharing platforms
    - Content collaboration tools that save time and keep branding consistent between teams
    - How centralizing assets can ease global content translation and localization
    - Real-time content and campaign sharing that can spark new ideas and educate your organization
  • Today’s Health IT leaders face a difficult task in handling mobile device security and policy compliance, particularly given the mobile transformation happening in healthcare today. Driven in part by the adoption of new care models like remote patient monitoring and telemedicine, and the Bring Your Own Device, or BYOD trend, the consumerization of IT is driving end-user demand for ubiquitous access – to networks, to clouds, to applications, to everything – from any device, anywhere at any time.

    In this webinar, we will highlight the challenges of mobile device security, management and policy today. We will consider the issues faced by Health IT teams when managing different operating systems across a myriad of devices, some of which are user-owned. Finally we’ll look at how Juniper Networks solutions address a broad spectrum of security and end-user experience issues, as we walk through a day in the life of a mobile clinician. Register now to attend!
  • Channel
  • Channel profile
Up Down
  • Cybercrime video Recorded: Mar 13 2014 3 mins
    Cyber criminals continue to steal data and interrupt business at alarming rates. The average annualized cost of cyber crime is $7.2 million per company per year, with a range of $375K to a staggering $58 million, according to a global study by the Ponemon Institute. That’s an increase in cost of 30 percent over last year’s global results. The most costly criminal activities come from malicious insiders, denial-of-service and web-based attacks – and no industry is immune. Fortunately, there are ways to fight back.

    In this short video you’ll learn:
    *How proactive security measures can save millions of dollars
    *What seven security technologies are key to winning the cyber crime war
    *Where to get more information and guidance
  • Stay out of the headlines for breaches / non-compliance with security analytics Recorded: Jan 23 2014 62 mins
    Tight alignment between compliance and security capabilities can make each component stronger than it would be by itself. Organizations that blend the two not only more effectively combat targeted attacks and data breaches, but also more easily meet compliance requirements and avoid expensive fines. Learn how leading organizations are leveraging continuous monitoring and incident response management to achieve a more secure and compliant enterprise.
  • 2013 4th Annual Cost of Cyber Crime Study Results Recorded: Nov 20 2013 61 mins
    Join us for the 2013 results presentation of the 4th Annual Cost of Cyber Crime Study, conducted by Ponemon Institute and sponsored by HP Enterprise Security. This study, based on a benchmark sample of U.S. organizations, shows that cyber attacks not only increased 12 percent last year, the costs associated with those attacks increased by an average of 26 percent or $2.6 million per organization. Findings from the report also show that each week, an organization can expect two of the many cyber attacks launched against it to succeed.

    Join us for this important webinar and learn how:
    • All industries and all sizes of organizations fall victim to cyber crime, but to different degrees.
    • Denial of service, malicious insiders and web-based attacks comprise the most costly crimes.
    • Attacks can be mitigated by SIEM, enterprise governance, application security testing and other prevention-focused strategies and technologies.
  • 2013 4th Annual Cost of Cyber Crime Study Results: Asia Recorded: Oct 31 2013 60 mins
    2013 Cost of Cyber Crime Study: Australia & Japan

    Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for Australia and Japan. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 64 Australian and Japanese organizations participated. According to the findings, cyber attacks increased 12 percent in Australia and 32 percent in Japan. The costs associated with this increase in Australia were $772,903 and ¥265 million in Japan. “Findings from the report also show that each week Australian and Japanese organizations experienced on average 1.4 successful attacks per company”
  • 2013 4th Annual Cost of Cyber Crime Study Results: Europe Recorded: Oct 30 2013 62 mins
    2013 Cost of Cyber Crime Study: UK, Germany & France

    Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for the United Kingdom and Germany. For the first time, the research was conducted in France. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 110 UK, German and French organizations participated. According to the findings, cyber attacks increased 16 percent in the UK and 21 percent in Germany. The costs associated with this increase in the UK and Germany were £904,886 and €830,169, respectively. For the first time, it was determined that the average cost of a cyber attack in France was €3.89 million. Findings from the report also show that each week UK and German organizations experienced on average 1.3 successful attacks per company. French organizations experienced an average of 1 cyber attack per company.
  • 2013 4th Annual Cost of Cyber Crime Study Results: Americas Recorded: Oct 29 2013 61 mins
    Join us for the 2013 results presentation of the 4th Annual Cost of Cyber Crime Study, conducted by Ponemon Institute and sponsored by HP Enterprise Security. This study, based on a benchmark sample of U.S. organizations, shows that cyber attacks not only increased 12 percent last year, the costs associated with those attacks increased by an average of 26 percent or $2.6 million per organization. Findings from the report also show that each week, an organization can expect two of the many cyber attacks launched against it to succeed.

    Join us for this important webinar and learn how:
    • All industries and all sizes of organizations fall victim to cyber crime, but to different degrees.
    • Denial of service, malicious insiders and web-based attacks comprise the most costly crimes.
    • Attacks can be mitigated by SIEM, enterprise governance, application security testing and other prevention-focused strategies and technologies.
  • Threat Central – Cloud based Threat Intelligence Sharing Recorded: Oct 9 2013 24 mins
    In the new generation of cyber defense, security intelligence becomes a key element. Recent technology advances provide the foundation for a new type of threat intelligence sharing platform to organize, collaborate, and manage risk more effectively. This sharing platform makes your security program more effective with actionable protection.
  • The lost art of vulnerability research Recorded: Oct 2 2013 51 mins
    What grade would you give your company on using vulnerability research to protect your organization from new security threats?
    If not an A+, learn best practices from Frost and Sullivan’s Chris Rodriguez, senior industry analyst on network security.

    In this webinar, we’ll discuss current threats that have been mitigated by leading vulnerability research and share how timely vulnerability research can help your organization prepare.
  • Insiders, Outsiders and Big Data Recorded: Sep 11 2013 46 mins
    The challenges you face today in protecting your organization from insiders, outsiders, and hacktivists include incomplete threat intelligence, minimal visibility into unstructured data, and insufficient context. In addition, modern network security systems generate such an enormous volume of events that it is hard to take action on all of them. Learn about techniques and technologies that you can use to handle high volumes of structured and unstructured data to derive true intelligence from today’s modern security systems.
  • Top 5 myths of SIEM Recorded: Jul 9 2013 24 mins
    While security threats continue to mount, many organizations have deployed or have considered deploying security information and event management (SIEM) solutions in order to combat data theft and cyber-attacks across the enterprise. SIEM solutions are essential for helping security analysts perform forensic analysis and detect threats, as well as meet industry compliance requirements.

    In this presentation, we will review some common misperceptions surrounding SIEM technology to help IT Security Professionals separate truth from fiction behind common myths about SIEM. Without proper information, Security Executives sometimes have a hard time justifying SIEM investments to their management. Worse yet, a SIEM solution that is not deployed properly may not produce the desired results. Prevent this from happening by learning the top 5 myths of SIEM.
  • Mobile Malfeasance - Exploring Trends in Dangerous Mobile Code Recorded: Jun 18 2013 61 mins
    Please join us as we explore the OWASP Mobile Top 10 classification system and metrics from a large case study of a real enterprise facing the deployment and assessment of a large number of mobile applications. Developers, Managers, and team leads will leave with resources and guidelines to start mobile security both at the process level and code level, including how to handle external mobile development teams they might contract.
  • Business Driven Continuous Compliance Recorded: Jun 13 2013 40 mins
    While a key driver for adapting security technologies, compliance is still a huge burden for most organizations. In the presentation we will discuss novel approaches to both lower the cost of compliance and derive relevant business value from the process. Changing the compliance process from a periodical manual process into a continuous automated process ensures real time visibility into your compliance posture as well as the ability to react in real time to compliance issues rather than just after the fact. By overlaying the information collected with your enterprise IT asset model, the real time compliance information can also contribute to business driven risk management and help in making the right investment decisions in information security.
  • Gaining Threat Intelligence and Combating the Four Most Common Attack Vectors Recorded: Jun 12 2013 36 mins
    The HP Security Research team (HPSR) is hard at work monitoring the threat landscape for new campaigns, profiling actors to understand their motivations, identifying the tools they use and determining how credible certain threats might be. It’s part of a long-term strategy for developing a new threat intelligence-sharing model. Why is that important? It will provide real-time info from the larger security community-- enterprises like yours, industry security organizations and security vendors-- that can be used to automate and catch these breaches immediately.

    Learn about HP’s findings, including these culprits: injection flaws, DDoS, various phishing techniques and zero day vulnerabilities. How can you address the inevitable breaches that will occur?
  • Why Your Cloud Provider Security Logo Doesn’t Mean a Thing Recorded: May 16 2013 49 mins
    As more applications have moved to the cloud, the industry has seen a proliferation of application security issues. In 2012, several cloud service providers were breached as a direct result of application security vulnerabilities. Before you choose a cloud service provider, make sure that it answers the series of security questions created by the Cloud Security Alliance (CSA). CSA has created a checklist of industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings – creating more transparency for enterprises. The speakers will walk attendees through this blueprint, helping them to become more adept at identifying service provider security readiness. They'll also discuss some of the most common application vulnerabilities, including unencrypted passwords, SQL Injection, and those that impact poorly architected mobile apps.
  • PCI DSS 2.0 - Section 10: Creating a successful logging and monitoring program Recorded: May 1 2013 37 mins
    PCI is an ongoing process in which each year should build upon the previous. Too many organizations treat PCI compliance as a box that must be checked, but not the ongoing maturity process it was designed to be. PCI has 12 requirements; we will focus on building a foundation to support Section 10: the requirement to track and monitor all access to cardholder data. This session will provide an overview of the proper way to institute a PCI logging and monitoring program. The topics covered will include policy and standards, proper organizational and team alignment, as well as real world examples of successful PCI logging programs. The intended audience for this session is anyone in charge of or working in a PCI regulated organization. The session will be led by Colin Henderson, Principal Security Consultant with HP.
  • Your VP Just Resigned, What Did He Take With Him? Recorded: Apr 17 2013 49 mins
    Your VP just resigned and took a position at your biggest competitor. Did you remember to examine the Salesforce logs to see if he downloaded your entire customer database and history of purchases? Do you even have access to those logs? And if you did, and found the obvious, how would it help now? Catching Bradley Manning who stole sensitive government information, Ross Klein who took with him an entire hotel brand concept and Gary Min that copied chemical formulas was too late for the US government, DuPont and Starwood hotels respectively.

    In this presentation we look into how to proactively monitor user activity to detect potential threats from employees before the damage occurs. Focusing on how to effectively collect activity logs and analyze them against user, role and entitlement information, to detect abnormal activity, predict which employees may pose more threat if not loyal and to reduce the associated risk.
  • Enhance Your Security Operations with Big Data Recorded: Mar 13 2013 37 mins
    More and more security operations centers are transforming their operations from being reactive, to proactive and even predictive. Hear how big data technologies like Autonomy IDOL can be leveraged with traditional security monitoring tools for Social Network Monitoring and Data Loss Prevention (data in motion) to drive value and empower a “next generation SOC.”
  • Mobile Application Integrity: Being Good When No One is Watching (Your Security) Recorded: Feb 14 2013 49 mins
    Mobile devices are a hot trend amongst security topics this year. While most cover the angle of the device management, only few go into testing the applications. Since the mobile application vulnerability landscape is still young, there is a need to classify these vulnerabilities so that development teams can focus and root them out of their codebases. Join us as we explore the OWASP Mobile Top 10 classification system and metrics from a large case study of a real enterprise facing the deployment and assessment of a large number of mobile applications. Developers, Managers, and team leads will leave with resources and guidelines to start mobile security both at the process level and code level, including how to handle external mobile development teams they might contract. Get ahead of upcoming PCI compliance by addressing your mobile software early!
  • Top 10 Tips to be Compliant and Secure Together Recorded: Jan 17 2013 45 mins
    Compliance and security are better together and there are tools and resources that can be combined to achieve both. Learn the top 10 tips - such as continuous monitoring, assessing the controls, and cost-effective audit logs - to understand and implement best practices of compliance and security together.
  • Modular Security For Today’s Cyber Threats and Cloud-Based Data Centers Recorded: Jan 17 2013 49 mins
    Network security is not just about eliminating bad traffic, it is also about making sure applications and critical data are always available to the right audience at the right time. The right network security architecture can provide security for physical assets, but also extend protection for virtual and cloud computing infrastructures without impacting performance. In fact, unlike in the past, a network security product should never be considered a bottleneck due to deep packet inspection, but should actually be capable of improving bandwidth and performance.

    About the Presenter:
    Sanjay Raja, Director of Product Marketing for HP TippingPoint, is responsible for marketing of HP TippingPoint’s Network and Cloud Security solutions. He has over 12 years of experience in various Product Marketing, Product Management, and Alliances roles primarily in IT Security. He has been in the IT industry for the last 18 years with experience in Security, Networking, Servers and Storage and Network and Application Performance Testing. In addition he has authored several papers and presented at various industry events on security, compliance and testing. Prior to HP he has worked at Cabletron Systems, 3Com, Nexsi Systems, Spirent Communications, Top Layer Networks, Symantec and most recently Crossbeam Systems. Sanjay currently holds a B.S.EE and MBA from Worcester Polytechnic Institute.
Leading Security Intelligence & Risk Management Enterprise Platform
HP is a leading provider of security and compliance solutions for modern enterprises that want to mitigate risk in their hybrid environments and defend against advanced threats. Based on market leading products from ArcSight, Fortify, and TippingPoint, the HP Security Intelligence and Risk Management (SIRM) Platform uniquely delivers the advanced correlation, application protection, and network defense technology to protect today’s applications and IT infrastructures from sophisticated cyber threats. Visit HP Enterprise Security at: www.hpenterprisesecurity.com.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Centralizing Compliance Controls: Achieving Scale and Cutting Costs
  • Live at: May 22 2012 3:00 pm
  • Presented by: Marc Blackmer, Senior Product Marketing Manager, Solutions at HP Enterprise Security
  • From:
Your email has been sent.
or close
You must be logged in to email this