Hi [[ session.user.profile.firstName ]]

Policy-driven, Risk-based Security

Policy is the corner stone of any risk-based security programme. Policies are put in place not only to govern the way organisations operate, but also to mitigate risks, and as such require board level backing and sign-off. Yet when it comes to security programmes information risk, both internally and externally, is often presented in terms un-meaningful to the board of directors. Using real world example, this session will present a model for effective risk-based security that engages senior executives.
Recorded May 11 2016 19 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Audrey Gilchrist - GRC Team Leader at SureCloud and Amanda Ewing - Security Assurance Manager at Dentsu Aegis Network
Presentation preview: Policy-driven, Risk-based Security

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • What is Ransomware and why it's time to simulate an attack? Jan 31 2017 1:00 pm UTC 45 mins
    Luke Potter (Security Practice Director) & Eliott Thompson (Security Consultant)
    Learn how to detect, prevent and mitigate ransomware attacks. Our experts will cover: the current mitigation strategies, how they are bypassed and why, how attackers perform directly targeted attacks and why it's time for organisations to simulate their own attacks.
  • [Cybersecurity] Our Indigenous Apps: Securing Critical Business Data Dec 6 2016 1:00 pm UTC 45 mins
    Senior Security Consultant, Christopher Cooper
    Despite the rise of the cloud and increased reliance on web applications, native desktop applications are still highly relevant and often the delivery method of choice in enterprise IT. As penetration testers, we still see a number of very poorly architected native applications being used to protect extremely sensitive information.

    This webcast will discuss some of the core issues relating to native desktop applications, why they are so frequent, and the severe impact that their insecurity can cause.

    In the 2017 threat landscape, we propose that these flaws are not going away, and the industry isn't currently in a position to help developers resolve them effectively.
  • [Security Strategy] Risk Manager for IRAM2 Application Recorded: Nov 17 2016 46 mins
    COO, Nick Rafferty & Head of Products, Oliver Vistisen
    SureCloud has worked with key ISF community members to develop an application (Risk Manager for IRAM2) that helps to consolidate the IRAM2 risk assessment process.

    This application complements the ISF's world class methodology that help risk practitioners as well as other business and technology leaders to apply a simple, practical, rigorous approach to managing risks.
  • Policy-driven, Risk-based Security Recorded: May 11 2016 19 mins
    Audrey Gilchrist - GRC Team Leader at SureCloud and Amanda Ewing - Security Assurance Manager at Dentsu Aegis Network
    Policy is the corner stone of any risk-based security programme. Policies are put in place not only to govern the way organisations operate, but also to mitigate risks, and as such require board level backing and sign-off. Yet when it comes to security programmes information risk, both internally and externally, is often presented in terms un-meaningful to the board of directors. Using real world example, this session will present a model for effective risk-based security that engages senior executives.
  • The Evolution of the Penetration Test Recorded: Apr 12 2016 23 mins
    Toby Scott-Jackson, Principle Security Consultant, SureCloud and Chris Cooper, Senior Security Consultant, SureCloud
    The confluence of sophisticated cyber criminals, white hats and technological change means organisations are increasingly exposed to weaknesses and vulnerabilities in their networks, devices and applications.

    With a combination of expert security commentary and vulnerability trends, SureCloud will reveal the sophisticated nature of the latest attacks and what the future may hold. We will focus on modern exploits that go beyond the typical network and web application attack vectors.

    SureCloud will describe how organisations need to change their attitudes to security testing, considering the frequency and scope of assessments, and act on results in a timelier manner.
  • Internal Audit at a Breaking Point: How to Manage the Growing Array of Audits Recorded: Dec 15 2015 47 mins
    GRC Analyst Michael Rasmussen, GRC 20/20 accompanied by Nick Rafferty, COO, SureCloud
    Internal audit is in a constant state of transformation. Audit departments are being asked to do more audits, provide assurance on business operations and risk management, evaluate compliance, and advise the organisation with limited audit resources.

    They are challenged with a growing array of audits that go beyond financial audits to provide assurance through IT audits, operational audits, quality assurance audits, third party audits, and more. This demands that Audit have processes supported by an information and technology architecture that drives efficiency, effectiveness, and agility in audit processes and tasks.


    This webinar details how organisations need to take an agile approach to internal audit management that allows for a growing array of audits on an agile information and technology architecture to support internal audit management activities and reporting.

    This ‘Expert’ presentation will address the following:

    • Where and how internal audit is strained
    • How to integrate a risk-based approach to audits as well as a cyclical audit plan
    • The value of an information and technology audit management architecture
    • Best practices in internal audit management
  • Managing Risk Across Different Departments with Different Needs Recorded: Nov 3 2015 47 mins
    GRC Pundit Michael Rasmussen, GRC 20/20 accompanied by Richard Hibbert, CEO, SureCloud
    Risk and risk management is pervasive throughout organisations. There are many departments that manage risk and have their unique understanding, models, and views into risk. This makes enterprise and operational risk management a challenge. Organisations fail in enterprise risk management strategies when they force everyone into one flat view of risk, they also fail when they allow different views of risk but do not do risk normalisation and aggregation as they roll-up risk into enterprise reporting.

    This webinar details how organisations need to take a federated approach to risk management that allows different departments some level of autonomy and supports their department level risk management strategies but also enable a common information and technology architecture to support overall risk management activities and reporting.

    This ‘Expert’ presentation will address the following:
    Where and how enterprise risk management fails
    How to build an enterprise risk register and show interrelationships of risk
    The value of an information and technology risk management architecture
    Approaches to risk normalisation and aggregation for accurate enterprise risk reporting.
  • Third Party Risk Management: an effective, efficient, and agile approach Recorded: Jul 21 2015 43 mins
    Michael Rasmussen, The GRC Pundit, GRC 20/20 and Nick Rafferty, Chief Operating Officer, SureCloud
    Organisations across all sectors are dealing with a growing array of third party/vendor relationships. Even obscure supplier relationships can have significant impact on security, risk and compliance. The Target credit card breach is one example in which a heating and air conditioning supplier was the doorway in to a significant breach of a point of sale system and theft of credit card data. Organisations have to manage risk across their third party supplier relationships but are limited in the resources they can devote to this.

    This 'Expert' webinar will address the following:-

    o Understand the growing array of third party relationships
    o The impact of third party relationships on security, risk and compliance
    o Elements of an effective, efficient, and agile vendor risk management process
    o How other areas of the organisation can leverage a common approach to third party risk management

    Attend this webinar if:-

    o You are concerned by the growing number of third party supplier relationships
    o You realise your risk and compliance exposure is growing because of these relationships
    o You need to be able to manage supplier risk but cannot recruit more staff to do so
    o You desire the need to know how to keep current in a dynamic environment of third party relationships
Remove reliance on spreadsheet processes
SureCloud is a provider of GRC Applications and Cybersecurity Services. Our Cloud Platform has helped 100s of blue chip businesses and 1,000s of users to improve productivity and efficiency by replacing and automating spreadsheet based risk and compliance processes.

In addition, our cybersecurity testing and assurance services team help organisations secure their information assets, systems and networks as well as providing a holistic view of cyber risk using the SureCloud Platform

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Policy-driven, Risk-based Security
  • Live at: May 11 2016 2:00 pm
  • Presented by: Audrey Gilchrist - GRC Team Leader at SureCloud and Amanda Ewing - Security Assurance Manager at Dentsu Aegis Network
  • From:
Your email has been sent.
or close