Technology is no longer the exclusive domain of the IT department. Norman Marks thinks we should be talking about technology as a source of risk rather than just IT. What do you think?
Share your thoughts with Marks on a live webinar, June 5 at 2:00pm EDT, when he’ll discuss his point of view that IT is more than just a department. It’s made up of people, processes and addresses risks that typically arise from failings in those processes through the operation of IT general controls (ITGC).
From audit risks to cyber risks, Marks will help you understand that it may be necessary to take more risks than you might be comfortable with.
Find out more during this special webinar, June 5 at 2:00pm EDT.
****PLEASE NOTE THIS IS A RESCHEDULE OF THE WEBINAR ORIGINALLY SET FOR 14TH NOV.****
Many governance, risk, and compliance (GRC) projects fail because they’re deployed to support a specific compliance need or to meet the requirements of a specific department. In this webinar, SureCloud’s GRC Practice Director will discuss taking an integrated Risk Management approach, connecting Business Risk and IT Risk.
The session will cover:
• The challenges Integrated Risk Management (IRM) causes
• Outlining how operational and IT Risk must work together
• An approach for creating a model within your own business with the right GRC technology
• The benefits of integration for internal communication and the relationships within your business
Risk management often takes on different forms throughout the business. Some approaches are very strategically focused, some are very technology focused and some are even missing. During this webinar, Lockpath’s Sam Abadir will discuss how IT departments can identify risks in a way that is not only meaningful to their operations but also meaningful to other parts of the business. Abadir will talk about how this approach not only improves risk management but also makes IT a more valued part of the business.Read more >
Today’s business relies on distributed systems, applications and technologies to get things
done. As identities expand in mobile platforms, cloud-based software solutions and IoT, the
complexity of managing access to thousands of IT systems introduces a new type of risk to
information security programs – identity risk. In this session, Lockpath and Focal-Point will discuss:
- Challenges surrounding identity risk
- Methodology and best practices for managing identity risk
- The benefits of integrating identity management into a governance, risk and compliance (GRC) program
People are the single most important asset in any organisation, yet they can often be the most vulnerable. The opportunities and threats people present to the operations and strategic objectives of their organisations constitute “people risk” – an area of risk often ignored because of the perceived complexities involved in managing it effectively. This webinar will focus on “risk intelligence”, which refers to the way in which an individual’s values, risk competences and behaviours come together to drive their perception of risk, approach to risk-based thinking and decision-making. Th webinar will introduce the diagnostic tools that can be used by organisations to evaluate the “risk intelligence” of staff, whether in the operational 1st Line, the 2nd line’s risk and compliance functions or senior management.Read more >
Are you looking at implementing a new risk reporting framework or update one that you have already? In this webinar we will explore some of the options that are available. Learn how to get the most from tools such as risk registers, risk and control indicators and risk matrices. Consider the options available when designing reports and identify the limitations of common risk reporting practices.
Risk reporting is an important output from the risk management process and should be a key input into both strategic and operational decision making. But if the wrong tools are used or reports are poorly designed then reporting can do more harm than good. Are your reporting arrangements adding value to management decision making and promoting intelligent conversations about risk tasking and control or are they little more than a procedural exercise?
It seems clear that the basic frameworks and principles that have supported corporate risk and crisis management for the last twenty-five years are beginning to be outpaced by the scale and scope of the emergent risks that we are now facing.This webinar covers the main themes of corporate risk & crisis management and the development of organisational frameworks that can support effective risk and crisis management planning at the highest level. This webinar is based on the Level 5 Award in Corporate Risk and Crisis Management being hosted by the IRM from 29th-31st October.Read more >
Join this webinar to review the latest emerging risks benchmarking survey results from CEB, now Gartner and learn how your peers identify and manage the big over-the-horizon risks to their organisations. In particular:
• Understand the latest emerging risks affecting the corporate landscape
• Explore industry-specific perceptions of emerging risk
• Identify key risk indicators and metrics used to track emerging risks
• Uncover “Risk Meteors” that could quickly affect your organisation
Traditional approaches to technology risk lead to assessing it as 'high', 'medium or 'low'. But how do you know whether it makes business sense to take the risk or invest scarce resources into addressing it? Is it better to spend money on people and tools to mitigate cyber risk or to invest in a new product or marketing campaign?
In this webinar, Norman Marks will share his thoughts on this challenge. He’ll talk about:
-Why it’s necessary to express technology-related risk in business terms
-Technology-related risk is just one of the business risks that need to be considered in making a decision
-How, even a moderate risk, can take you over a 'tipping point'
-Who should be involved in assessing technology-related risks
-How to communicate technology-related risks to the board and top management
During this presentation, you'll learn more about a method to manage cyber risk strategically. Organizations need to focus on the areas most at risk and where they can get the best value for their cyber security investments. Approaching this strategically allows the organization to engage with internal and external stakeholders about cyber risks.Read more >
The complexity of third-party risk management increases every day, as does its importance to organizations that rely on third parties. Regulators are increasing their focus on potential third-party risk. Risk assessments for business processes and third party management are being integrated, mapped to organizational risks, and mined for patterns and trends. Some organizations are even developing and executing strategies for managing their supplier’s suppliers.
In this 60-minute webinar, Shared Assessment’s Tom Garrubba and Lockpath’s Sam Abadir discuss:
• The growing need for third party risk management programs.
• How incorporating third party risk management into an overall governance, risk and compliance (GRC) program can create greater value for your organization.
• And how the Shared Assessments Standard Information Gathering (SIG) questionnaire and the Lockpath® Keylight® Platform work together to streamline, navigate and create value in this increasingly complex third-party landscape.
Enterprise-level risk assessments are a business necessity today in light of data breaches, global outsourcing, and regulatory compliance challenges like GDPR. In this webinar, Lockpath and Focal-Point will discuss strategies and best practices for creating and leveraging enterprise risk assessments. Attendees will learn:
• Common goals and objectives for enterprise risk assessments
• How to define assessment metrics
• When to determine if a risk assessment is needed
• When to use an integrated assessment vs. an individual assessment
This is a can’t miss webinar for anyone responsible for enterprise-level risk and concerned about threats to business operations.
The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.
Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:
- Why is vulnerability risk management more that scanning?
- How do you prioritize risks beyond CVE and CVSS scores?
- How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
-What are the common challenges in moving to a vulnerability risk management model?
Register for this webcast for insight into the changing demands on vulnerability management programs.
In this webinar you will:
- Learn how BitSight Security Ratings is transforming the market for Cybersecurity risk management;
- Understand the importance of the underlying Data Quality for an accurate understanding of a company’s exposure to Cybersecurity Threats;
- Find out how your company can use BitSight to gain better visibility, collaboration and monitoring of its cyber risk posture.
- Bob Lewis, Former Head of External Cyber Assurance & Monitoring
- Rui Serra, Senior Product Manager, at BitSight
- Tiago Pereira, Threat research Team Lead, at BitSight
Join us on this webinar to listen to Graham Nicol present on why an effective and dynamic risk management framework is vital for the successful delivery of large projects, programmes or portfolios within an Infrastructure capital asset delivery environment. This webinar covers how to communicate the need and associated benefits of risk management to employees, delivery partners and stakeholders, how best to identify and assess risk (qualitatively and quantitatively), when to apply appropriate quantitative techniques, whilst challenging schedule integrity standards to support a QSRA. All of which should inform proactive decision making that aligns to projects/organisations risk culture.Read more >
Following significant revisions to the FRC’s UK Corporate Governance Code in 2018, Risk Managers should consider how they should respond to the key features of the new Code. In parallel with assessment of the implications of the updated FRC Guidance on Board Effectiveness, this webinar will review the headline features: managing risk culture, the role of the Board in governance and risk, the importance of stakeholders in risk assessment and why Risk Managers should focus on Board effectiveness evaluations. Setting risk management in the context of more demanding governance requirements will bring greater recognition, but is also more challenging.Read more >
Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.
According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.
The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors
Given these challenges can you afford NOT to utilise Security Ratings?
In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with
•Do security ratings threaten or compliment traditional methods of questionnaires and audits
•Why security ratings should be treated as a risk position rather than a vulnerability checklist.
•Data: sources, accuracy, coverage, currency
•Context : stakeholders, business impact
•Time to value : best approach to implementation
A single weak point in a line of code can create an open door for attackers. Threats originating from applications are now more pervasive than ever. We believe that the best defense against application vulnerabilities is a good offense.
In this webinar, we will share results from our recent primary research study that reveals:
• The top five application security risks
• Where these risks originate
• How to remediate these risks
• Best practices to protect your business, protect your customers
Hear how TransUnion's Jasper Ossentjuk developed a future-forward vendor risk management program by using BitSight Security Ratings to translate complex cybersecurity issues into simple business context.Read more >
Enterprises are becoming increasingly cognizant of the massive business risk posed by incidents of cyber attacks resulting in data breaches. Less well-known, and perhaps more potent a threat, is the danger posed by third-party vendors entrusted with sensitive data in the course of a business partnership. While an enterprise can have the best and most resilient internal IT practices, there are no such guarantees their external partners will take the same care. The consequences can be enormous.
The UpGuard Cyber Risk Team has made it its mission to find data exposures where they exist, aiding in securing them against malicious use and raising public awareness about the issues driving cyber risk today. In this talk, UpGuard CEO Mike Baukes will discuss how third-party vendor risk has proven a potent and pervasive threat in the digital landscape of 2017, as illustrated by a newly discovered third-party vendor data exposure case involving the leaking of sensitive data from major transnational corporations.
Learn how you can mitigate such third-party vendor risk and begin to evaluate and enforce your business partners’ cyber resilience against such threats.
Join Synack's CTO Mark Kuhr discuss a new risk management framework.Read more >