Technology is no longer the exclusive domain of the IT department. Norman Marks thinks we should be talking about technology as a source of risk rather than just IT. What do you think?
Share your thoughts with Marks on a live webinar, June 5 at 2:00pm EDT, when he’ll discuss his point of view that IT is more than just a department. It’s made up of people, processes and addresses risks that typically arise from failings in those processes through the operation of IT general controls (ITGC).
From audit risks to cyber risks, Marks will help you understand that it may be necessary to take more risks than you might be comfortable with.
Find out more during this special webinar, June 5 at 2:00pm EDT.
Risk management often takes on different forms throughout the business. Some approaches are very strategically focused, some are very technology focused and some are even missing. During this webinar, Lockpath’s Sam Abadir will discuss how IT departments can identify risks in a way that is not only meaningful to their operations but also meaningful to other parts of the business. Abadir will talk about how this approach not only improves risk management but also makes IT a more valued part of the business.Read more >
Today’s business relies on distributed systems, applications and technologies to get things
done. As identities expand in mobile platforms, cloud-based software solutions and IoT, the
complexity of managing access to thousands of IT systems introduces a new type of risk to
information security programs – identity risk. In this session, Lockpath and Focal-Point will discuss:
- Challenges surrounding identity risk
- Methodology and best practices for managing identity risk
- The benefits of integrating identity management into a governance, risk and compliance (GRC) program
It seems clear that the basic frameworks and principles that have supported corporate risk and crisis management for the last twenty-five years are beginning to be outpaced by the scale and scope of the emergent risks that we are now facing.This webinar covers the main themes of corporate risk & crisis management and the development of organisational frameworks that can support effective risk and crisis management planning at the highest level. This webinar is based on the Level 5 Award in Corporate Risk and Crisis Management being hosted by the IRM from 29th-31st October.Read more >
Join this webinar to review the latest emerging risks benchmarking survey results from CEB, now Gartner and learn how your peers identify and manage the big over-the-horizon risks to their organisations. In particular:
• Understand the latest emerging risks affecting the corporate landscape
• Explore industry-specific perceptions of emerging risk
• Identify key risk indicators and metrics used to track emerging risks
• Uncover “Risk Meteors” that could quickly affect your organisation
During this presentation, you'll learn more about a method to manage cyber risk strategically. Organizations need to focus on the areas most at risk and where they can get the best value for their cyber security investments. Approaching this strategically allows the organization to engage with internal and external stakeholders about cyber risks.Read more >
Enterprise-level risk assessments are a business necessity today in light of data breaches, global outsourcing, and regulatory compliance challenges like GDPR. In this webinar, Lockpath and Focal-Point will discuss strategies and best practices for creating and leveraging enterprise risk assessments. Attendees will learn:
• Common goals and objectives for enterprise risk assessments
• How to define assessment metrics
• When to determine if a risk assessment is needed
• When to use an integrated assessment vs. an individual assessment
This is a can’t miss webinar for anyone responsible for enterprise-level risk and concerned about threats to business operations.
The complexity of third-party risk management increases every day, as does its importance to organizations that rely on third parties. Regulators are increasing their focus on potential third-party risk. Risk assessments for business processes and third party management are being integrated, mapped to organizational risks, and mined for patterns and trends. Some organizations are even developing and executing strategies for managing their supplier’s suppliers.
In this 60-minute webinar, Shared Assessment’s Tom Garrubba and Lockpath’s Sam Abadir discuss:
• The growing need for third party risk management programs.
• How incorporating third party risk management into an overall governance, risk and compliance (GRC) program can create greater value for your organization.
• And how the Shared Assessments Standard Information Gathering (SIG) questionnaire and the Lockpath® Keylight® Platform work together to streamline, navigate and create value in this increasingly complex third-party landscape.
The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.
Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:
- Why is vulnerability risk management more that scanning?
- How do you prioritize risks beyond CVE and CVSS scores?
- How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
-What are the common challenges in moving to a vulnerability risk management model?
Register for this webcast for insight into the changing demands on vulnerability management programs.
Following significant revisions to the FRC’s UK Corporate Governance Code in 2018, Risk Managers should consider how they should respond to the key features of the new Code. In parallel with assessment of the implications of the updated FRC Guidance on Board Effectiveness, this webinar will review the headline features: managing risk culture, the role of the Board in governance and risk, the importance of stakeholders in risk assessment and why Risk Managers should focus on Board effectiveness evaluations. Setting risk management in the context of more demanding governance requirements will bring greater recognition, but is also more challenging.Read more >
Join us on this webinar to listen to Graham Nicol present on why an effective and dynamic risk management framework is vital for the successful delivery of large projects, programmes or portfolios within an Infrastructure capital asset delivery environment. This webinar covers how to communicate the need and associated benefits of risk management to employees, delivery partners and stakeholders, how best to identify and assess risk (qualitatively and quantitatively), when to apply appropriate quantitative techniques, whilst challenging schedule integrity standards to support a QSRA. All of which should inform proactive decision making that aligns to projects/organisations risk culture.Read more >
Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.
According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.
The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors
Given these challenges can you afford NOT to utilise Security Ratings?
In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with
•Do security ratings threaten or compliment traditional methods of questionnaires and audits
•Why security ratings should be treated as a risk position rather than a vulnerability checklist.
•Data: sources, accuracy, coverage, currency
•Context : stakeholders, business impact
•Time to value : best approach to implementation
In this webinar you will:
- Learn how BitSight Security Ratings is transforming the market for Cybersecurity risk management;
- Understand the importance of the underlying Data Quality for an accurate understanding of a company’s exposure to Cybersecurity Threats;
- Find out how an organisation is using BitSight to gain better visibility, collaboration and monitoring of their cyber risk posture.
- Rui Serra, Senior Product Manager, at BitSight Technologies
- Tiago Pereira, Threat research Team Lead at Bitsight Technologies
- BitSight Technologies Customer
A single weak point in a line of code can create an open door for attackers. Threats originating from applications are now more pervasive than ever. We believe that the best defense against application vulnerabilities is a good offense.
In this webinar, we will share results from our recent primary research study that reveals:
• The top five application security risks
• Where these risks originate
• How to remediate these risks
• Best practices to protect your business, protect your customers
Hear how TransUnion's Jasper Ossentjuk developed a future-forward vendor risk management program by using BitSight Security Ratings to translate complex cybersecurity issues into simple business context.Read more >
Enterprises are becoming increasingly cognizant of the massive business risk posed by incidents of cyber attacks resulting in data breaches. Less well-known, and perhaps more potent a threat, is the danger posed by third-party vendors entrusted with sensitive data in the course of a business partnership. While an enterprise can have the best and most resilient internal IT practices, there are no such guarantees their external partners will take the same care. The consequences can be enormous.
The UpGuard Cyber Risk Team has made it its mission to find data exposures where they exist, aiding in securing them against malicious use and raising public awareness about the issues driving cyber risk today. In this talk, UpGuard CEO Mike Baukes will discuss how third-party vendor risk has proven a potent and pervasive threat in the digital landscape of 2017, as illustrated by a newly discovered third-party vendor data exposure case involving the leaking of sensitive data from major transnational corporations.
Learn how you can mitigate such third-party vendor risk and begin to evaluate and enforce your business partners’ cyber resilience against such threats.
Join Synack's CTO Mark Kuhr discuss a new risk management framework.Read more >
How are you measuring the effectiveness of your risk management program? Assessment strategies over the past few years have become increasingly more sophisticated, information-intensive and complex. Norman Marks makes it straightforward.
Our monthly educational discussion series continues with Norman Marks on Tuesday, September 25 at 2:00pm EDT. Marks will dive into the specifics of setting the right strategies and objectives to deliver value considering what might happen (risk), understanding how the achievement of objectives may be affected by events and situations as management and staff execute those strategies, and much more.
Make and bold move and grab your seat today. Straightforward is a good tale to hear.
The ‘Yield’ road sign is a great example of the intersection of compliance and risk. The universal requirement for ‘Yield’ or ‘Give-way’ is defined as the following:
The requirement that a driver shall “give way” to other vehicles means that he must not continue or resume his advance or maneuver if by so doing he might compel the drivers of other vehicles to change the direction or speed of their vehicle abruptly.
Individuals are left to their own interpretation of this definition, from performing a prolonged stop to accelerating at the sign. Enforcement is difficult. And so it is with the numerous ways that Compliance and Risk must coordinate and collaborate within your organization.
Norman Marks is a firm believer in taking a risk management approach to the business objective of operating in compliance with both laws and regulations and society’s expectations, even when they aren’t reflected in laws and regulations.
Share your thoughts with Marks on a live webinar, August 14 at 2:00pm EDT when he’ll discuss his point of view about the practical application of the concept of risk appetite and its impact on influencing the day-to-day taking of risk.