Hi [[ session.user.profile.firstName ]]
Sort by:
    • Realizing Opportunity with Third-Party Risk Management
      Realizing Opportunity with Third-Party Risk Management Tom Garrubba - Santa Fe Group; Sam Abadir - Lockpath Recorded: Dec 5 2017 10:35 pm UTC 62 mins
    • The complexity of third-party risk management increases every day, as does its importance to organizations that rely on third parties. Regulators are increasing their focus on potential third-party risk. Risk assessments for business processes and third party management are being integrated, mapped to organizational risks, and mined for patterns and trends. Some organizations are even developing and executing strategies for managing their supplier’s suppliers.

      In this 60-minute webinar, Shared Assessment’s Tom Garrubba and Lockpath’s Sam Abadir discuss:

      • The growing need for third party risk management programs.
      • How incorporating third party risk management into an overall governance, risk and compliance (GRC) program can create greater value for your organization.
      • And how the Shared Assessments Standard Information Gathering (SIG) questionnaire and the Lockpath® Keylight® Platform work together to streamline, navigate and create value in this increasingly complex third-party landscape.

      Read more >
    • Vulnerability Risk Management; Not Just Scanners Anymore
      Vulnerability Risk Management; Not Just Scanners Anymore Steven Grossman, VP of Strategy, Bay Dynamics with Guest Speaker, Forrester Sr. Security & Risk Analyst, Josh Zelonis Recorded: Oct 24 2017 4:00 pm UTC 57 mins
    • The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.

      Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:

      - Why is vulnerability risk management more that scanning?
      - How do you prioritize risks beyond CVE and CVSS scores?
      - How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
      -What are the common challenges in moving to a vulnerability risk management model?

      Register for this webcast for insight into the changing demands on vulnerability management programs.

      Read more >
    • The Silent Killer: How Third-Party Vendor Risk Threatens Everyone
      The Silent Killer: How Third-Party Vendor Risk Threatens Everyone Mike Baukes, CEO, UpGuard Recorded: Oct 11 2017 5:00 pm UTC 44 mins
    • Enterprises are becoming increasingly cognizant of the massive business risk posed by incidents of cyber attacks resulting in data breaches. Less well-known, and perhaps more potent a threat, is the danger posed by third-party vendors entrusted with sensitive data in the course of a business partnership. While an enterprise can have the best and most resilient internal IT practices, there are no such guarantees their external partners will take the same care. The consequences can be enormous.

      The UpGuard Cyber Risk Team has made it its mission to find data exposures where they exist, aiding in securing them against malicious use and raising public awareness about the issues driving cyber risk today. In this talk, UpGuard CEO Mike Baukes will discuss how third-party vendor risk has proven a potent and pervasive threat in the digital landscape of 2017, as illustrated by a newly discovered third-party vendor data exposure case involving the leaking of sensitive data from major transnational corporations.

      Learn how you can mitigate such third-party vendor risk and begin to evaluate and enforce your business partners’ cyber resilience against such threats.

      Read more >
    • Crucial Components of Digital Risk Monitoring
      Crucial Components of Digital Risk Monitoring Nick Hayes - Forrester Research, Security and Risk Analyst, Forrester Research - Arian Evans - VP Product Strategy Recorded: Nov 1 2016 1:25 pm UTC 59 mins
    • RiskIQ Webinar feature Forrester Research

      The network perimeter that organizations have long relied on for protection from cyber-threats has evaporated. Businesses are engaging with their customers, vendors and partners across web, social and mobile channels. Threat actors are following suit, increasing the digital risk that organizations face. According to The Forrester Wave™: Digital Risk Monitoring, Q3 2016 (which cited RiskIQ as a Leader):,”Without comprehensively and persistently monitoring risk in digital channels, companies remain susceptible to a wide variety of brand, cyber, and physical risk events”. Every CISO and security leader must consider implementing a Digital Risk Monitoring strategy, or be at risk due to their expanding attack surface.

      In this one-hour presentation RiskIQ VP of Product Strategy Arian Evans and guest Forrester Research analyst Nick Hayes will cover:

      * Expanding threat landscape via digital—web, social and mobile—channels
      * Requirements for a comprehensive digital risk monitoring (DRM) strategy
      * Necessary security technology elements for DRM program implementation
      Join this live webinar to learn more about this growing digital risk landscape, and how you can help better protect your organization’s most critical assets, its customers, and brand.

      Read more >
    • Roadmap to Smarter Vendor Risk Management
      Roadmap to Smarter Vendor Risk Management Lockpath Upcoming: May 3 2018 4:00 pm UTC 60 mins
    • Vendors are essential to your company's success; however, they also add a layer of risk. A data breach is often traced to a service provider. A supplier botches a shipment and upsets a key customer. For risk challenges with vendors, the answer is proactive vendor risk management. In this webinar, you'll learn the roadmap to smarter vendor risk management, including:

      · Guidance on managing collected vendor data
      · Time-saving features with assessments
      · Tips on spotting trends and high-risk vendors
      · Pros and cons of continuous monitoring
      · Impact of vendor risk on operational risk

      Don't wait for an incident or a high-level exec questioning your vendor risk management processes to get smarter about vendor risk management. Learn smart strategies for the road ahead in VRM. Register for this webinar.

      Read more >
    • Workshop: Mastering Operational Risk - Theory and Practice in a single package
      Workshop: Mastering Operational Risk - Theory and Practice in a single package Boris Agranovich, Calvin Lee Recorded: Jul 5 2017 6:05 am UTC 66 mins
    • This workshop is designed for busy risk professionals who are interested in studying both theoretical and practical application of ORM but don’t have time to attend in-person classes.

      During the workshop we cover:

      1. 3 things most organizations are focusing on right now.
      2. What are the major steps to take control of operational risks.
      3. How to use Collaborative Risk Management tools to conduct your ORM operations and why traditional risk management practices involving risk registers and Excel are not effective anymore.

      The goal is three-fold:

      1. Existing students will be able to understand more on how to work with the RISKID tool and get an opportunity to ask questions about the subject matter.
      2. People who are planning to join the course will get some explanation in what is the course about, how the e-learning system works.
      3. People who are just interested to know more about ORM

      Read more >
    • Mastering Operational Risk. Theory and Practice in a single package.
      Mastering Operational Risk. Theory and Practice in a single package. Boris Agranovich, Calvin Lee Recorded: Jun 27 2017 2:00 pm UTC 62 mins
    • Join me and our guest, Calvin Lee, Operations Director at RISKID, for a lively discussion as we aim to dispel confusion surrounding many of the elements of the Operational Risk framework.


      Operational risk is perhaps the most significant risk organizations face. Virtually every major loss that has taken place during the past 30 years, from Enron, Worldcom and Baring's Bank to the unauthorized trading incident at Société Générale and the subprime credit crisis, has been driven by operational failures.

      Many financial institutions have spent millions of dollars trying to develop a robust framework for measuring and managing operational risk. Yet, in spite of this huge investment, for many firms developing a viable operational risk management (ORM) program remains an elusive goal.

      This webinar is designed for both current students of the “Mastering Operational Risk” - http://www.globalriskacademy.com/p/orm online course and for other busy risk professionals who are interested in studying both theoretical and practical application of ORM but don’t have time to attend in-person classes.

      The goal is three-fold:

      1. Existing students will be able to understand more on how to work with the RISKID tool and get an opportunity to ask questions about the subject matter.
      2. People who are planning to join the course will get some explanation in what is the course about, how the e-learning system works.
      3. People who are just interested to know more about ORM

      During the webinar we will cover:

      1. 3 things most organizations are focusing on right now.
      2. What are the major steps to take control of operational risks.
      3. How to use Collaborative Risk Management tools to conduct your ORM operations and why traditional risk management practices involving risk registers and Excel are not effective anymore.

      Read more >
    • Who owns third-party risk? (...and other questions)
      Who owns third-party risk? (...and other questions) Tom Garrubba, Senior Director, The Santa Fe Group / Shared Assessments Program Recorded: Oct 24 2017 1:00 pm UTC 56 mins
    • Third parties are extensions of an organization and their actions can have a direct impact on compliance efforts and brand reputation. Because of that, regulations from conflict minerals to HIPAA are increasingly expanding to include an organization’s vendors and business associates. This requires companies to survey, assess, and follow-up with dozens, hundreds or even thousands of third parties, and take action against those not in compliance.

      But many organizations struggle just to establish a foundation for their third-party risk programs. One of the most difficult obstacles is simply determining who owns third-party risk management.

      To help organizations address this and other third-party risk management issues, Lockpath is hosting this free 50-minute webinar. Tom Garrubba, Senior Director at Shared Assessments, will not only discuss how to establish program ownership, but also the following topics related to third-party risk management:

      • Developing your policies, procedures, and practices
      • Establishing your vendor inventory
      • “5 Strategy Points” to consider as you develop your prioritization strategy (and re-assessments too!)

      Read more >
    • How Cyber (measured in dollars) Earns a Spot on the Risk Register
      How Cyber (measured in dollars) Earns a Spot on the Risk Register Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security Upcoming: May 17 2018 5:00 pm UTC 75 mins
    • Cyber has yet to be fully integrated into the suite of business functions and monitored risks within most organizations. GRC is the mechanism to align cyber and the business, but it’s current state is not sufficient. Governance hierarchy is ineffective (CISOs reporting to the CIO or COO), Risk leveraging ambiguous risk measurements, and Compliance mistaken as security. Moving forward, Governance must be redefined, making CISOs business leaders, reporting to the Board. Risk should leverage traceable data to measure in a common business language. Compliance should be the baseline for security initiatives, not the end goal. When these initiatives can be achieved, GRC will transform cyber into a business enabler.

      Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security where he leads the effort to quantify cyber risk in financial terms. Prior to Nehemiah he founded PivotPoint Risk Analytics which focused on cyber risk quantification through value-at-risk modeling and simulations. Jerry has a broad background in cyber, having worked for incident response, malware analysis, and services companies. He has spoken at a number of conferences worldwide including ISS World MEA in Dubai, InfoSecurity Russia in Moscow, and TM World Forum in Nice, France. He holds an MBA from the University of Massachusetts, an MS in Computer Science from the University of Pennsylvania, and a BS in Electrical Engineering from the University of Buffalo.

      Read more >