Hi [[ session.user.profile.firstName ]]

Policy-driven, Risk-based Security

Policy is the corner stone of any risk-based security programme. Policies are put in place not only to govern the way organisations operate, but also to mitigate risks, and as such require board level backing and sign-off. Yet when it comes to security programmes information risk, both internally and externally, is often presented in terms un-meaningful to the board of directors. Using real world example, this session will present a model for effective risk-based security that engages senior executives.
Recorded May 11 2016 19 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Audrey Gilchrist - GRC Team Leader at SureCloud and Amanda Ewing - Security Assurance Manager at Dentsu Aegis Network
Presentation preview: Policy-driven, Risk-based Security

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to Understand and Build the Resilience of your Supply Chain Jun 23 2020 3:00 pm UTC 60 mins
    Craig Moores, Risk Advisory Practice Director & Matthew Davies, Product Marketing Director
    Following on from our previous webinar ‘Supplier Assurance Has Never Been More Important During Uncertain Times’ we will be diving into the impacts and lessons learnt from COVID-19. This includes exploring the impacts on; fourth party risk, remote working, recovery planning and risk management.

    To do this, our risk advisory expert will discuss his experience in managing effective vendor risk programs at large organisations during challenging times, including the 2008 crash.

    The insight will be supported by the findings from SureCloud’s free global supply chain research which is being undertaken by a variety of industries and organisational sizes. Our experts will be identifying the key trends within the supply chain and a view on how organisations can use this to gain a greater understanding of their organisational resilience.

    Key takeaways include:
    -Improving recovery planning to manage disruption
    -The importance of assurance and risk management
    -How to identify fourth party and risks to your organisation
    -Benchmarking against other industries to understand where you match up
    -Top tips to follow to future proof your supplier assurance program
  • Supplier Assurance Has Never Been More Important During Uncertain Times Recorded: Apr 14 2020 59 mins
    Alex Hollis, Services Director & Matthew Davies, Product Director
    PLEASE NOTE: We have modified our vendor-risk webinar to reflect the current times. The presentation has been pushed back so we can prepare our key insight and research to help you feel confident in your third-party risk programme during COVID-19 and beyond.

    The way we manage and rely on our suppliers has significantly transformed in recent weeks – we need to adapt as third-party risk has changed forever.

    As noted in the Harvard Business Review, the importance of understanding your supply chain and fourth parties has never been more prevalent; 'The vast majority of global companies have no idea of what their risk exposure is; that’s because few, if any, have complete knowledge of all the companies that provide services or parts to their direct suppliers.'

    The effects of the coronavirus pandemic (COVID 19) has created a huge unknown to your third-party risk programme, and the risk exposure of your third and fourth parties is only just starting to be understood. So how do you manage the strain of this?

    Join our Third-Party Risk experts, VP of Services and Product Director. They will take you through how to identify the impacts of (COVID-19) with a practical checklist and an emergency assessment for your suppliers. Alex and Matthew will also cover the importance of 360 vendor visibility, how to identify and manage your fourth party vendors, and integrating your TPRM program into your wider Risk and Compliance processes.

    Key takeaways:

    1. What should you be asking your suppliers about COVID-19

    2. Why fourth parties are more important than ever to understand and how to identify and review them

    3. The importance of linking your TPRM programme to wider Risk and Compliance processes

    4. Leveraging wider technology to increase the visibility of third and fourth parties during times of crisis
  • PCI 4.0 So What? How to Centre your PCI Programme Around your Business Objective Recorded: Jan 21 2020 53 mins
    Craig Moores, Risk Advisory Practice Director
    SureCloud will explore the challenges that organisations face when achieving and maintaining compliance with PCI DSS, with a particular focus on how organisations can design and deploy a programme that aligns with wider business objectives and embeds compliance activities into business operations.

    With headlines focusing on the evolution of PCI DSS 4.0, our session will target all levels of stakeholder involvement in the management of PCI compliance. Using our experience of delivering compliance applications, as an Approved Scanning Vendor, a penetration testing provider and critically from the experience of our ex-QSAs, we will share some of the shortfall’s that organisations have experienced, particularly focusing on the people, process and technologies critical in protecting an organisations’ payment channels.

    Craig is responsible for SureCloud’s Risk Advisory Practice including engagement scoping, consultancy delivery and client relationships. Craig has experience in leading and delivering complex cyber security solutions aligned to strategic business objectives. Craig has broad cyber security experience including a strong technical, software development and project management background, with particular strengths in the areas of information risk management, PCI DSS, strategic planning and business auditing.

    (The session will be structured around our case study organisation, Bananas to help bring this use case to life.)

    Key session takeaways:
    •Understand some of the business challenges that organisations face when implementing and maintaining a PCI compliance programme.
    •Gain real-world insight into the compliance management shortfalls and lessons learned by other organisations.
    •Reflect on how the next release of the PCI DSS 4.0 provides an opportunity for organisations.
    •Learn how to gain visibility of compliance using metrics and automation.
  • 5 Minutes on IT Vendor Risk Management Tools I SureCloud Recorded: Dec 18 2019 6 mins
    Alex Brown, Product Director
    In this 5 minute round-up video, we discuss the Gartner 2019 Magic Quadrant on IT Vendor Risk Management Tools. Our Product Director explores how the quadrant comes together including the process of choosing the selected vendors. We discuss feedback from the report, SureCloud’s position and solution which focuses on centralising, automating and generating.
  • Looking Forward: What to Expect With PCI 4.0 Recorded: Nov 14 2019 44 mins
    Ben Dalton, Sr. GRC Technology Consultant & Craig Moores, Risk Advisory Practice Director
    Compliance professionals around the world are eagerly awaiting more information about PCI’s latest release to the Data Security Standards: PCI DSS 4.0. During this 30-minute webinar, we will review the timeline of the 4.0 release. Discuss findings from the 2019 RFC period draft release, highlight key changes that are coming with the revised framework, and discuss how SureCloud will help clients navigate these changes.

    Key Takeaways:
    •Overall Timeline for 4.0
    •Draft Version & Request for Comment (October - November 2019)
    •Changes to PCIDSS that are coming soon
    •How SureCloud will empower clients to adapt to these changes
    •Reflection on the recently released PCI DSS v4.0 Request for Comment draft

    Ben has spent the majority of his career in the IT security & GRC industry—both on the product side as well as a practitioner. At the Walt Disney company, Ben implemented processes and technology to help streamline and automate the PCI compliance program at Disney Parks & Resorts.

    Craig is responsible for SureCloud’s Risk Advisory Practice including engagement scoping, consultancy delivery and client relationships. Craig has experience in leading and delivering complex cyber security solutions aligned to strategic business objectives. Craig has broad cyber security experience including a strong technical, software development and project management background, with particular strengths in the areas of information risk management, PCI DSS, strategic planning and business auditing.
  • SMCR’s Breakfast on Accountability vs Responsibility- The Chicken and the Pig Recorded: Nov 11 2019 47 mins
    Michael Rasmussen, GRC Research Analyst GRC 20/20 & Matthew Davies, Product Marketing Director, SureCloud
    How do you measure and understand the shift in culture and accountability that SMCR, and other accountability regulations, have on your organisation?

    UK SMCR is a driving force around the world in accountability regulations. What started with the UK FCA has propagated itself in Australia BEAR, Ireland SEAR, Hong Kong MIC, and more. These accountability regulations are driving a fundamental shift in the culture of accountability for risk and compliance within financial services. Using the breakfast metaphor, we will illustrate the fundamental change for responsibility to accountability in a simple way. The chicken that delivers your eggs is interested in the meal, but the pig who becomes your bacon is committed to the breakfast.

    This webinar delivers an understanding of the culture change and impact that accountability regulations, like SMCR, have on financial services organisations. Michael Rasmussen, of GRC 20/20 Research, will detail his findings and interactions with the culture change to accountability he sees from these regulations. SureCloud's Product Marketing Director will demonstrate how the SureCloud solution helps you to gain control of your SMCR requirements and report on your SMCR overall status.

    Key takeaways:
    -Understand the scope of accountability regulations that started with UK SMCR
    -Articulate the difference between accountability and responsibility these regulations bring
    -Monitor the cultural change of accountability in financial services organisations
    -Identify best practices to embrace these regulations for culture change and impact
    -Deliver an understanding of how technology makes UK SMCR more efficient, effective, and agile
  • Are You Building Your Third-Party Risk Management Program Effectively? Recorded: Oct 24 2019 48 mins
    Alex Hollis, Services Director (GRC), SureCloud
    Get back to basics with SureCloud’s Services Director (GRC) as he explores how to build a third-party risk management program from scratch, for a SME company, “Bananas”. Alex demonstrates utilizing simple forms, built out on desktop software such as Excel Spreadsheets, to help you begin to gain control of your supply chain. Along the way, you will learn about the latest third-party breaches to have hit the news and the roles, and responsibilities behind managing an organisation’s vendor-risk. Whether you’re starting from scratch or want to brush up on your skills, make your third party program “a-peeling” with the help of SureCloud.

    Key takeaways:
    - The benefits for the business when implementing an effective TPRM program
    - How to set a formal TPRM process using spreadsheets
    - The challenges behind managing a TPRM program
    - How to best manage C-Suite requests regarding suppliers
  • Why you need Integrated Risk Management? Recorded: Sep 4 2019 39 mins
    Kathleen Randall, EVP North America and Alex Brown, Product Director, SureCloud
    Speakers: Kathleen Randall, EVP North America and Alex Brown, Product Director, SureCloud

    Confused about Integrated Risk Management (IRM)? Want to understand why IRM is different from GRC? Need some help using Gartner’s IRM Solutions Magic Quadrant to select suitable solutions?

    Join Kathleen and Alex as they discuss the fundamentals behind Integrated Risk Management and give you a glimpse into the latest Gartner IRM Solutions Magic Quadrant showing how to use the research to short-list suitable vendors based on your requirements.

    Key takeaways from the webcast include:

    •What is IRM and who is the audience
    •IRM Gartner Magic Quadrant 2019 revealed
    •How to apply Magic Quadrant scoring to your tool evaluation
    •Gartner’s take on SureCloud

    Kathleen Randall is responsible for SureCloud’s North America division, including sales, marketing, services, and customer support. Kathleen was most recently a Senior Manager in Dell Technologies’ RSA Archer GRC division, responsible for business strategy planning and market analysis.Prior to joining RSA, she was at Trustwave (acquired ControlPath GRC) and Deloitte. Kathleen’s Risk management experience includes Cybersecurity, outsourced internal audit and attestation service experience in both IT and Business processes. She has earned her CISSP, CISA and GSNA certifications.

    Alex Brown oversees the definition and delivery of all SureCloud’s product solutions across both GRC and Cybersecurity. Alex previously held senior product management positions at US-based technology companies; Veritas Technologies and Symantec, where he helped bring numerous information management, software and SaaS, solutions to market across EMEA, the Americas and Asia Pacific.
  • Are you ready for SMCR? Recorded: May 21 2019 60 mins
    SureCloud, Product Director, Alex Brown and Baringa, Senior Managers, Stephen Humphreys and Edouard Bassil
    The Senior Managers and Certification Regime (SMCR) presents some unique challenges to any financial services organization with the focus being on protecting consumers’ interests. With the implementation date set for December 2019, the countdown is on. In this webinar Baringa’s Senior Managers, Stephen Humphreys and Edouard Bassil will be discussing how FCA regulated firms should be preparing before the deadline. SureCloud’s Product Director, Alex Brown, will demonstrate how a suitable solution can operationalize your process and aid your compliance journey.

    The session will address key questions such as:
    •What actually are reasonable steps? Do I need a paper factory?
    •Can I be compliant by implementing a few new templates and input from a few people part-time?
    •Where are my biggest implementation risks? What might I get wrong?
    •How do I get value from the regime and my implementation approach?
  • How to Develop Effective Information Gathering for Third Parties Recorded: Mar 28 2019 57 mins
    Alex Hollis
    Two-thirds of data breaches occur due to an insecure or poorly managed third-party relationship. Gaining control over your network of vendors is a critical risk activity. Join Alex Hollis, SureCloud’s GRC Practice Director as he discusses efficient and effective information gathering from third parties.

    The session will cover:
    •How to evaluate your information needs
    •Prioritizing, planning and structuring the information gathering
    •Use of categorization, tiering and risk scoring
    •Building the question library
    •Reducing the manual administrative burden from the system
    •Reducing “assessment fatigue” - The human element of answering questions

    Alex has over 16 years’ experience in IT, mobile technology and software development. He has spent the last seven years specializing in governance, risk, and compliance (GRC).
  • How to integrate Business Risk and IT Risk Recorded: Nov 27 2018 49 mins
    Alex Hollis, GRC Practice Director SureCloud

    Many governance, risk, and compliance (GRC) projects fail because they’re deployed to support a specific compliance need or to meet the requirements of a specific department. In this webinar, SureCloud’s GRC Practice Director will discuss taking an integrated Risk Management approach, connecting Business Risk and IT Risk.

    The session will cover:

    • The challenges Integrated Risk Management (IRM) causes
    • Outlining how operational and IT Risk must work together
    • An approach for creating a model within your own business with the right GRC technology
    • The benefits of integration for internal communication and the relationships within your business
  • GDPR Compliance - What should organisations be doing now? Recorded: Apr 25 2018 46 mins
    SureCloud CEO Richard Hibbert and COO Nick Rafferty
    Key takeaways

    • Key concepts and obligations
    • Principles of data processing and transparency
    • What organisations need to do to prepare for the GDPR?
    • What organisations need to do to implement a GDPR Compliance Program

    We will also provide a demonstration of SureCloud GDPR Suite that help organisations to achieve and maintain compliance with the regulation.
  • Got budget? Building the business case for your 2018 GDPR project Recorded: Nov 16 2017 45 mins
    Terry Blake, SureCloud, Nick Rafferty, SureCloud, Michael Rasmussen, GRC 20/20
    The deadline to comply with the European Union General Data Protection Regulation is May 25, 2018. Non-compliance could result in hefty fines to your company and impact your ability to do business in the EU. With calendar year budget planning now underway, this webinar will help you build the case to fund your GDPR project and gain alignment within your organization. You'll also get a demo of the Cloud-based SureCloud GDPR Suite. Deadline-driven demand will surely drive costs up so the time to act is now to secure both your funding and resources.
  • GDPR - How to embrace PCI’s big brother Recorded: Aug 23 2017 44 mins
    Chief Operations Officer, Nick Rafferty & Head of GRC, Oliver Vistisen
    If your organization stores, processes and transmits cardholder data, PCI’s big brother - the EU General Data Protection Regulation - could affect your ability to do business in the EU.

    Impacted PCI US companies may have EU residents as employees or customers.

    The GDPR has become a primary item on most organizations' agenda this past year, yet a disproportionate amount of focus has fallen on the fines that are set to come in force May 25, 2018.

    We want to take a more optimistic look at the regulation, why it came to be and how it can be a massive opportunity to strengthen your reputation and (re)gain customer confidence. We will also look at how the implementation and ongoing maintenance of compliance can be addressed through an analytical approach to the Articles themselves; the rules of the regulation.

    What attendees will learn:
    • How US ecommerce and other companies involved in payment card transactions can be impacted by the GDPR.
    • Why the world’s most valuable resource is no longer oil, but data.
    • Why the GDPR is far more than a simple check-box compliance exercise.
    •Why the GDPR is a massive opportunity in disguise for organizations who take it seriously.
    •How the GDPR aims to change company culture by turning risk assessments on their head.
    •An analytical breakdown of the GDPR Articles that uncovers those that are applicable to your organization, and how to tackle these through a risk based approach.
    •Key areas of focus for any GDPR program based on personal and client feedback.
    •How to effectively implement GDPR by expanding upon existing compliance programs and management systems (ISO 27001).
  • Let the countdown begin: What does the GDPR mean for US companies? Recorded: May 25 2017 60 mins
    Stephen Bailey, Head of Privacy at NCC Group, Terry Blake, SureCloud EVP – North America, and Nick Rafferty, SureCloud COO.
    Exactly one year from the date of this webinar, the General Data Protection Regulation will take effect in the European Union. The GDPR applies to any organization that stores, processes or transfers the personal data of residents within the EU. It includes organizations located in and outside the EU. Non-compliance can result in fines of more than $20 million or 4% of worldwide revenues, whichever is greater. A recent survey found an alarming percentage of US-based companies are planning to reduce their presence in Europe or exit the European Union altogether rather than deal with the GDPR. Instead of tossing up their hands over the GDPR and going home, strategic US companies can follow the defined steps and adopt software solutions that can bring certainty to these uncertain times. In fact, they see another company’s exit from the EU as a potential opportunity to gain share. The good news is that you’re not too late in getting started to meet the GDPR deadline. But as the countdown begins, urgency escalates. The time to act is now.

    In this webinar, you will learn:
    What the GDPR means for you
    How to get started on your journey to compliance
    How the SureCloud GDPR Applications Suite can help you gain and demonstrate compliance and continuously improve your performance

    Agenda includes plenty of time to address your questions.
  • Third Party Risk: Gaining certainty amid a web of global relationships Recorded: Apr 6 2017 56 mins
    Michael Rasmussen, GRC Analyst at GRC 20/20 and SureCloud's COO, Nick Rafferty
    In today’s interconnected world, organizations struggle to adequately govern risk in third party business relationships. Over half of the organization’s insiders are no longer traditional employees. Insiders now include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, dealers, intermediaries, and more. Third party problems are the organization’s problems that directly impact brand, reputation, compliance, strategy, and risk to the organization.

    Join Michael Rasmussen, The GRC Pundit of GRC 20/20, and Nick Rafferty, SureCloud COO, to get an expert view of the challenges companies face and how to gain certainty amid an uncertain web of complex, global relationships.

    In this webinar you will learn:

    Why fragmented approaches to third party governance are doomed to fail
    How inadequate resources can’t keep up with growing risk and regulations
    How document, spreadsheet and email-centric approaches lack current-state analyses and audit trails
    Amid a challenging environment, what to do today by defining a strategy and adopting a single-version-of-the-truth software solution.
    How SureCloud's unique GRC Platform and its Third Party Risk Manager Application can strengthen your assessment process

    Agenda includes plenty of time to address your questions.
  • Data Transfers under the EU GDPR - do you need to comply? Recorded: Mar 15 2017 60 mins
    GDPR Expert at White & Case LLP, Tim Hickman and CEO Richard Hibbert at SureCloud
    Many organisations transfer personal data across borders to both EU and non-EU recipients. The EU General Data Protection Regulation (“GDPR”) imposes strict rules about how such data should be transferred, and applies to many unsuspecting non-EU organisations.

    Join Tim Hickman, GDPR Expert at White & Case LLP and Richard Hibbert, SureCloud CEO, to get the legal perspective on personal data transfers under the GDPR, and practical guidance on how this issue affects your business.

    In this webinar we will:

    Explain what constitutes a data transfer (you may be surprised).

    Identify the different types of data transfer (e.g., internal transfers within a corporate group; external transfers to service providers; etc.) and examine the implications for businesses.

    Examine the pros and cons of each data transfer mechanism (example consent, adequacy, Model Clauses, Binding Corporate Rules, etc.).

    Provide hints and tips on how organisations can prepare for data transfers under the EU GDPR.

    Discuss how SureCloud GDPR Suite can help you achieve compliance with data transfer regulations
  • Ready for GDPR? Learn about challenges and ways to comply Recorded: Feb 1 2017 45 mins
    CEO Richard Hibbert & Head of Products, Oliver Vistisen
    The GDPR comes into force 25 May 2018 and this will have a significant impact on the way in which organisations collect, process and share data. Companies that fail to prepare for the GDPR risk incurring hefty fines of 20m euros or 4% of world-wide revenues, whichever is greatest. As such all organisations need a strategy for GDPR. By implementing a structured approach through the use of cloud-based applications, organisations will be able to effectively achieve and maintain compliance.

    In this webinar we will: explore the key provisions of GDPR, examine the challenges organisations are facing with the new rules, provide guidance for Risk Managers, Compliance Leaders and other IT Professionals on how to approach these challenges, then demonstrate how our cloud-based GDPR Applications Suite can provide effective solutions that ensure your business can achieve and maintain compliance.
  • [Security Strategy] Risk Manager for IRAM2 Application Recorded: Nov 17 2016 46 mins
    COO, Nick Rafferty & Head of Products, Oliver Vistisen
    SureCloud has worked with key ISF community members to develop an application (Risk Manager for IRAM2) that helps to consolidate the IRAM2 risk assessment process.

    This application complements the ISF's world class methodology that help risk practitioners as well as other business and technology leaders to apply a simple, practical, rigorous approach to managing risks.
  • Policy-driven, Risk-based Security Recorded: May 11 2016 19 mins
    Audrey Gilchrist - GRC Team Leader at SureCloud and Amanda Ewing - Security Assurance Manager at Dentsu Aegis Network
    Policy is the corner stone of any risk-based security programme. Policies are put in place not only to govern the way organisations operate, but also to mitigate risks, and as such require board level backing and sign-off. Yet when it comes to security programmes information risk, both internally and externally, is often presented in terms un-meaningful to the board of directors. Using real world example, this session will present a model for effective risk-based security that engages senior executives.
Simple Solutions Delivering Enterprise Outcomes
SureCloud provides Cloud-based GRC Applications and Cybersecurity Services that help our customers achieve an integrated approach to managing their risk, compliance and information security. The SureCloud Platform is simple but powerful technology that gives our customers a single source to view and manage GRC and cybersecurity processes from anywhere in the world. Our customers benefit from automating formerly spreadsheet-driven processes but increasingly from addressing strategic initiatives such as the EU GDPR, ISO 27001, IRAM2, NIST, PCI and others.

Check our CYBERSECURITY content here: https://www.brighttalk.com/channel/17769/
Register to our USA channel here: https://www.brighttalk.com/channel/17677/

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Policy-driven, Risk-based Security
  • Live at: May 11 2016 2:00 pm
  • Presented by: Audrey Gilchrist - GRC Team Leader at SureCloud and Amanda Ewing - Security Assurance Manager at Dentsu Aegis Network
  • From:
Your email has been sent.
or close