Hi [[ session.user.profile.firstName ]]
Sort by:
    • Vulnerability Risk Management; Not Just Scanners Anymore
      Vulnerability Risk Management; Not Just Scanners Anymore Steven Grossman, VP of Strategy, Bay Dynamics with Guest Speaker, Forrester Sr. Security & Risk Analyst, Josh Zelonis Recorded: Oct 24 2017 4:00 pm UTC 57 mins
    • The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.

      Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:

      - Why is vulnerability risk management more that scanning?
      - How do you prioritize risks beyond CVE and CVSS scores?
      - How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
      -What are the common challenges in moving to a vulnerability risk management model?

      Register for this webcast for insight into the changing demands on vulnerability management programs.

      Read more >
    • The Silent Killer: How Third-Party Vendor Risk Threatens Everyone
      The Silent Killer: How Third-Party Vendor Risk Threatens Everyone Mike Baukes, CEO, UpGuard Recorded: Oct 11 2017 5:00 pm UTC 44 mins
    • Enterprises are becoming increasingly cognizant of the massive business risk posed by incidents of cyber attacks resulting in data breaches. Less well-known, and perhaps more potent a threat, is the danger posed by third-party vendors entrusted with sensitive data in the course of a business partnership. While an enterprise can have the best and most resilient internal IT practices, there are no such guarantees their external partners will take the same care. The consequences can be enormous.

      The UpGuard Cyber Risk Team has made it its mission to find data exposures where they exist, aiding in securing them against malicious use and raising public awareness about the issues driving cyber risk today. In this talk, UpGuard CEO Mike Baukes will discuss how third-party vendor risk has proven a potent and pervasive threat in the digital landscape of 2017, as illustrated by a newly discovered third-party vendor data exposure case involving the leaking of sensitive data from major transnational corporations.

      Learn how you can mitigate such third-party vendor risk and begin to evaluate and enforce your business partners’ cyber resilience against such threats.

      Read more >
    • Crucial Components of Digital Risk Monitoring
      Crucial Components of Digital Risk Monitoring Nick Hayes - Forrester Research, Security and Risk Analyst, Forrester Research - Arian Evans - VP Product Strategy Recorded: Nov 1 2016 1:25 pm UTC 59 mins
    • RiskIQ Webinar feature Forrester Research

      The network perimeter that organizations have long relied on for protection from cyber-threats has evaporated. Businesses are engaging with their customers, vendors and partners across web, social and mobile channels. Threat actors are following suit, increasing the digital risk that organizations face. According to The Forrester Wave™: Digital Risk Monitoring, Q3 2016 (which cited RiskIQ as a Leader):,”Without comprehensively and persistently monitoring risk in digital channels, companies remain susceptible to a wide variety of brand, cyber, and physical risk events”. Every CISO and security leader must consider implementing a Digital Risk Monitoring strategy, or be at risk due to their expanding attack surface.

      In this one-hour presentation RiskIQ VP of Product Strategy Arian Evans and guest Forrester Research analyst Nick Hayes will cover:

      * Expanding threat landscape via digital—web, social and mobile—channels
      * Requirements for a comprehensive digital risk monitoring (DRM) strategy
      * Necessary security technology elements for DRM program implementation
      Join this live webinar to learn more about this growing digital risk landscape, and how you can help better protect your organization’s most critical assets, its customers, and brand.

      Read more >
    • Workshop: Mastering Operational Risk - Theory and Practice in a single package
      Workshop: Mastering Operational Risk - Theory and Practice in a single package Boris Agranovich, Calvin Lee Recorded: Jul 5 2017 6:05 am UTC 66 mins
    • This workshop is designed for busy risk professionals who are interested in studying both theoretical and practical application of ORM but don’t have time to attend in-person classes.

      During the workshop we cover:

      1. 3 things most organizations are focusing on right now.
      2. What are the major steps to take control of operational risks.
      3. How to use Collaborative Risk Management tools to conduct your ORM operations and why traditional risk management practices involving risk registers and Excel are not effective anymore.

      The goal is three-fold:

      1. Existing students will be able to understand more on how to work with the RISKID tool and get an opportunity to ask questions about the subject matter.
      2. People who are planning to join the course will get some explanation in what is the course about, how the e-learning system works.
      3. People who are just interested to know more about ORM

      Read more >
    • Mastering Operational Risk. Theory and Practice in a single package.
      Mastering Operational Risk. Theory and Practice in a single package. Boris Agranovich, Calvin Lee Recorded: Jun 27 2017 2:00 pm UTC 62 mins
    • Join me and our guest, Calvin Lee, Operations Director at RISKID, for a lively discussion as we aim to dispel confusion surrounding many of the elements of the Operational Risk framework.


      Operational risk is perhaps the most significant risk organizations face. Virtually every major loss that has taken place during the past 30 years, from Enron, Worldcom and Baring's Bank to the unauthorized trading incident at Société Générale and the subprime credit crisis, has been driven by operational failures.

      Many financial institutions have spent millions of dollars trying to develop a robust framework for measuring and managing operational risk. Yet, in spite of this huge investment, for many firms developing a viable operational risk management (ORM) program remains an elusive goal.

      This webinar is designed for both current students of the “Mastering Operational Risk” - http://www.globalriskacademy.com/p/orm online course and for other busy risk professionals who are interested in studying both theoretical and practical application of ORM but don’t have time to attend in-person classes.

      The goal is three-fold:

      1. Existing students will be able to understand more on how to work with the RISKID tool and get an opportunity to ask questions about the subject matter.
      2. People who are planning to join the course will get some explanation in what is the course about, how the e-learning system works.
      3. People who are just interested to know more about ORM

      During the webinar we will cover:

      1. 3 things most organizations are focusing on right now.
      2. What are the major steps to take control of operational risks.
      3. How to use Collaborative Risk Management tools to conduct your ORM operations and why traditional risk management practices involving risk registers and Excel are not effective anymore.

      Read more >
    • Who owns third-party risk? (...and other questions)
      Who owns third-party risk? (...and other questions) Tom Garrubba, Senior Director, The Santa Fe Group / Shared Assessments Program Recorded: Oct 24 2017 12:00 pm UTC 56 mins
    • Third parties are extensions of an organization and their actions can have a direct impact on compliance efforts and brand reputation. Because of that, regulations from conflict minerals to HIPAA are increasingly expanding to include an organization’s vendors and business associates. This requires companies to survey, assess, and follow-up with dozens, hundreds or even thousands of third parties, and take action against those not in compliance.

      But many organizations struggle just to establish a foundation for their third-party risk programs. One of the most difficult obstacles is simply determining who owns third-party risk management.

      To help organizations address this and other third-party risk management issues, LockPath is hosting this free 50-minute webinar. Tom Garrubba, Senior Director at Shared Assessments, will not only discuss how to establish program ownership, but also the following topics related to third-party risk management:

      • Developing your policies, procedures, and practices
      • Establishing your vendor inventory
      • “5 Strategy Points” to consider as you develop your prioritization strategy (and re-assessments too!)

      Read more >
    • Managing Risk Across Different Departments with Different Needs
      Managing Risk Across Different Departments with Different Needs GRC Pundit Michael Rasmussen, GRC 20/20 accompanied by Richard Hibbert, CEO, SureCloud Recorded: Nov 3 2015 3:00 pm UTC 47 mins
    • Risk and risk management is pervasive throughout organisations. There are many departments that manage risk and have their unique understanding, models, and views into risk. This makes enterprise and operational risk management a challenge. Organisations fail in enterprise risk management strategies when they force everyone into one flat view of risk, they also fail when they allow different views of risk but do not do risk normalisation and aggregation as they roll-up risk into enterprise reporting.

      This webinar details how organisations need to take a federated approach to risk management that allows different departments some level of autonomy and supports their department level risk management strategies but also enable a common information and technology architecture to support overall risk management activities and reporting.

      This ‘Expert’ presentation will address the following:
      Where and how enterprise risk management fails
      How to build an enterprise risk register and show interrelationships of risk
      The value of an information and technology risk management architecture
      Approaches to risk normalisation and aggregation for accurate enterprise risk reporting.

      Read more >
    • Third Party Risk Management: an effective, efficient, and agile approach
      Third Party Risk Management: an effective, efficient, and agile approach Michael Rasmussen, The GRC Pundit, GRC 20/20 and Nick Rafferty, Chief Operating Officer, SureCloud Recorded: Jul 21 2015 1:00 pm UTC 43 mins
    • Organisations across all sectors are dealing with a growing array of third party/vendor relationships. Even obscure supplier relationships can have significant impact on security, risk and compliance. The Target credit card breach is one example in which a heating and air conditioning supplier was the doorway in to a significant breach of a point of sale system and theft of credit card data. Organisations have to manage risk across their third party supplier relationships but are limited in the resources they can devote to this.

      This 'Expert' webinar will address the following:-

      o Understand the growing array of third party relationships
      o The impact of third party relationships on security, risk and compliance
      o Elements of an effective, efficient, and agile vendor risk management process
      o How other areas of the organisation can leverage a common approach to third party risk management

      Attend this webinar if:-

      o You are concerned by the growing number of third party supplier relationships
      o You realise your risk and compliance exposure is growing because of these relationships
      o You need to be able to manage supplier risk but cannot recruit more staff to do so
      o You desire the need to know how to keep current in a dynamic environment of third party relationships

      Read more >
    • Tips and Tricks For Tackling Vendor Risk
      Tips and Tricks For Tackling Vendor Risk Andrew Calo, Manager of Technology Risk Recorded: Aug 11 2016 3:00 pm UTC 48 mins
    • With so many moving parts pushing an organization forward, companies today must know who has access to their data—making vendor risk management (VRM) a critical business practice. Unfortunately, not all organizations have the resources to staff full-time vendor risk managers. Security professionals now must wear multiple hats in order to reduce operating risk for their organizations. Even if vendor risk management isn’t a primary focus, there are techniques and tools security professionals can implement to make it an efficient and valuable process for your company.

      In this webinar, join Andrew Calo, Manager of Technology Risk at BitSight as he offers tips and techniques to efficiently manage and assess vendor risk. Attendees will learn about:

      -Basic questions you need to ask all vendors
      -The top risk vectors and configurations to look at it
      -The value and impact of continuous risk monitoring software

      Read more >
    • Internal Audit and Third Party Risk
      Internal Audit and Third Party Risk Tim Leitz, Regional Practice Leader for Risk Advisory Services, Experis Finance Recorded: Nov 16 2016 5:00 pm UTC 63 mins
    • Regulators acknowledge the risks associated with vendor relationships and have demanded that business leaders monitor and take responsibility for the actions of their vendors through various laws and standards such as the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, the FCPA, the Health Insurance Portability and Accountability Act, as well as the Payment Card Industry Data Security Standard (PCI DSS) requirements and CFPB guidance.

      Consequently, vendor management is currently at the forefront of organizational risk management priorities and Internal Audit needs to address vendor management and third party risk in their audit planning and execution.

      In this presentation, you will:
      - Gain an understanding of the potential risks that may arise from the use of third party service providers
      - Identify the basic elements of an effective third party risk management program

      Read more >