Guidance for Third Parties in Business Continuity Plans
Vendors and third parties are extensions of an organization and thus, business continuity and third-party risk management are intertwined. Companies of all sizes need to ensure their essential business functions remain available during disruptive events, especially when those functions depend on vendors and third parties. Furthermore, an organization’s business continuity plan must include scenarios when crisis events may impact its ability to exchange information or provide services to third parties.
In this 60 minute webinar, Tom Garrubba, Senior Director, Shared Assessments, and Lockpath’s Sam Abadir provide an overview of why vendors pose a business continuity risk. The session will include strategies and best practices for including vendors in business continuity plans and questions organizations should be asking third parties to prepare their BC plans.
RecordedFeb 13 201854 mins
Your place is confirmed, we'll send you email reminders
Audits provide a vital checks and balances function in an organization. But what if audit's role as the third line of defense was more efficient and strategic? Doing so would enhance the role of the internal auditor. In this live webinar, Lockpath's Sam Abadir will share the roadmap to smarter audits, including:
• Critical capabilities required for the audit process
• Importance of customizing messaging to stakeholder audiences
• The pros and cons of current audit management strategies
• Strategic, effective audits that can scale with future growth
More strategic and effective audits won't come from current processes. Discover the road to smarter audits by attending this educational webinar. Register now!
General Communication Inc. (GCI), a telecommunications company based in Alaska, spent a year building its security and compliance program from the ground up. In this webinar, you'll see how GCI did it, starting with one person using the Keylight Platform, through challenges like creating new process and tearing down silos, to where they are by year-end: a fully engaged team leveraging Keylight to manage security and compliance.
As a webinar attendee, you'll learn GCI's secret to:
* Finding and training IT and security professionals
* Developing new or streamlining existing processes
* Scaling Keylight to address security and compliance requirements.
Regardless of your program's status, hearing GCI's lessons learned can inspire and guide you in building or improving your company's security and compliance program. Register for this educational webinar today.
Organizations with mature, enterprise-wide information security risk management programs enjoy a competitive advantage, thanks to ISO 27001 certification that signifies an international standard for safeguarding information. In this webinar, Lockpath's Jason Eubanks, a governance, risk management, and compliance (GRC) consultant and former ISO auditor, will share the business case for earning ISO 27001 certification and the critical role of a GRC platform in implementing a successful information security management system (ISMS).
• Challenges and pitfalls with ISO 27001 certification
• Tips on establishing and maturing an ISMS
• Strategies for preparing and passing ISO audits
• Technology's role in earning and maintaining certification
Learn how ISO 27001 can give you a competitive advantage and strategies for earning certification. Register now to attend this educational webinar.
Business interruptions can upset customers, cost sales, and put companies in a bad light. That's where business continuity management (BCM) comes in. A BCM plan details the impact of various disaster scenarios and formalizes steps for ensuring critical operations remain open during a crisis. In this live webinar, Lockpath's Sam Abadir will share a roadmap to smarter business continuity management.
* The role of business continuity management on operations
* How to identify risks that could potentially lead to disruptions
* Strategies for modeling the business impact of various disasters
* Importance of mapping plans to risk, controls, processes, and vendors
Learn how to better prepare your recovery plans by attending this webinar on smarter business continuity management. Register now!
Scott Steinhardt - Kinney Services, Chris Swift, Lockpath
For healthcare providers that receive Medicare and Medicaid reimbursements, managing exclusion risk is critical. Employees, business associates, suppliers, and more who land on state exclusion lists while employed or engaged by a provider can result in severe regulatory penalties. In this educational webinar, Lockpath and Kinney Services will guide you through the world of exclusion risk and point out what you need to know.
Attendees will learn:
* A definition of exclusion risk with real-world examples
* Challenges encountered with managing exclusion risk
* Strategies for implementing a consistent, repeatable review process
* Technology's role in streamlining exclusion risk management
Are you continually reviewing the exclusion status of employees and business entities? If not or reviews are conducted haphazardly, you run the risk of regulatory penalties and a potential crisis in the reimbursement process. Discover what you need to know to managing exclusion risk in this educational webinar.
Looking to improve on the standard approaches to risk management? Guidewire has taken a more holistic approach. By using multiple, interwoven workflows within a single Keylight application, Guidewire's Information Security teams are able to deliver more than just tactical value to the organization and subsequently, our customers. See how Guidewire leveraged Keylight's flexible nature to allow for multiple avenues of assessing and mitigating risk.
Have you ever wondered how to get from point A to point B in the compliance world? This session walked through a complete compliance lifecycle showing you how to go from identifying what security framework to follow to providing reports to management.
Selecting a solution to assist your organization in managing ISO and SOC 2 audits is no minor decision. This webinar explored the key steps for preparing to move a process to Keylight, from understanding your own data, to how best to utilize resources. We looked closely at the before and after effects of a successful implementation strategy for managing risks and audits.
How do you make sense of all that risk data your organization collects? Imagine not only analyzing risk data more efficiently but also bringing meaning to risk. It's possible. It takes leadership, alignment, standardization, and a clear risk methodology to discover connections in data. In this webinar, we'll share how to go about making risk meaningful. You'll learn:
· Common methodologies for interpreting risk
· Status of risk management in your organization
· Frameworks and strategies for seeing risk in a new light
· Keys to success in advancing your risk program
There's no shortage of data collected. What's in short supply is, what does it all mean? Explore what works and what's possible in this educational webinar.
Vendors are essential to your company's success; however, they also add a layer of risk. A data breach is often traced to a service provider. A supplier botches a shipment and upsets a key customer. For risk challenges with vendors, the answer is proactive vendor risk management. In this webinar, you'll learn the roadmap to smarter vendor risk management, including:
· Guidance on managing collected vendor data
· Time-saving features with assessments
· Tips on spotting trends and high-risk vendors
· Pros and cons of continuous monitoring
· Impact of vendor risk on operational risk
Don't wait for an incident or a high-level exec questioning your vendor risk management processes to get smarter about vendor risk management. Learn smart strategies for the road ahead in VRM. Register for this webinar.
James Chappell - Digital Shadows; Tony Rock - Lockpath
Organizations are embracing digital transformation to deliver new revenue opportunities to their businesses. Alongside these new opportunities are new digital risks that are emerging as more corporate information is managed beyond the traditional network boundary. This changing business landscape is leading organizations to rethink compliance and security for employees, business partners and customers alike.
Traditional approaches to threat intelligence focus on the technical criteria and are used in combination with other technical security tools such as Security Incident & Event Management (SIEMs.) While a step in the right direction, SIEMs are often applied within the network perimeter and do not effectively support a robust corporate risk and compliance program in managing these new digital risks.
To meet regulatory mandates from SOX, PCI DSS, HIPAA, GDPR and others that address these new risks, organizations need to take a different approach to understanding threats, data loss, and vulnerabilities across this new digital domain.
In this webinar, Digital Shadows’ James Chappell discusses current digital risk trends and challenges, and Lockpath’s Tony Rock will explore how applying existing governance, risk management and compliance (GRC) frameworks and integrations can be effective.
During this session, attendees will learn:
· The building blocks of digital risk management: data loss, cyber threats, brand and social media exposure, VIP risks, third party exposure, physical exposure and infrastructure exposure
· How people, processes and technologies can stay on top of emerging threats
· Best practices and use cases for digital risk management and compliance
· How a GRC platform enables better risk assessment and mitigation
The latest data breach or vulnerability may capture headlines and prompt speculation, but where the rubber meets the road is being smarter about IT risk management (ITRM). In this webinar, you'll learn what being wiser entails, including:
· What IT and security disciplines ITRM encompasses
· How to tailor your ITRM message to different departments
· Strategies for working with cross-functional teams
· Advantages and disadvantages of using spreadsheets
· Quick wins and ideas for sustained growth
Don't wait for a breach or a vulnerability to get smarter about ITRM. Learn what you need to know to get where you're going. Register for this webinar.
Patrick Miller - Archer Energy Solutions; Tony Rock - Lockpath
Managing cyber risk in the supply chain is a requirement for protecting our critical infrastructure. As a result, the North American Electric Reliability Corporation (NERC) has introduced reliability standard CIP-013-1 to help Utilities and their vendors understand and mitigate these risks. In this webinar presented by Archer Energy Solutions and Lockpath, we'll explore strategies and best practices for managing supply chain risk and how you can prepare for when CIP-013-1 is enacted. As a webinar attendee, you'll learn:
· Potential impact CIP-013-1 will have on both utilities and their vendors
· Risk program maturity requirements for advanced cybersecurity
· Strategies for managing supply chain risk holistically
· Steps to take now to strengthen your supply chain cyber security
Whether you are a utility provider or provide for utilities, discover what you should know and do about NERC CIP-013-1 and supply chain cyber risk in this webinar.
Michael Rasmussen - GRC 20/20, Sam Abadir - Lockpath
Join the GRC Pundit, Michael Rasmussen and Lockpath’s Sam Abadir for a 60-minute webinar as we review the capabilities of Lockpath’s Bulk Operations solution, winner of the 2015 GRC 20/20 Award for Innovation in User Experience for IT GRC.
Information security operations often are encumbered by processes that take extensive time to modify and update. When mass changes need to take place, it is time consuming to go into each record and modify and manipulate data. For example, when vulnerability scanners report finding assets that are about to be decommissioned, action items in remediation will be a waste of time. Another example is when a business division splits or is dissolved and IT assets and security records needs to be reassigned to one division or another. Lockpath’s Bulk Operations is an innovative solution that makes it easy and intuitive for organizations to manage bulk changes to IT GRC data. Lockpath clients can now easily identify data that needs some sort of change, whether it’s a change in the value of a single or multiple fields, the addition of new fields, the removal/deletion of existing fields, or shifting workflow and tasks. This saves organizations hours of work because the feature is built into the ad hoc reporting engine, organizations can easily and quickly filter data sets they want to edit.
Michael Rasmussen - GRC 20/20, Sam Abadir - Lockpath
Join the GRC Pundit, Michael Rasmussen and Lockpath’s Sam Abadir for a 60-minute webinar as we review the capabilities of the Lockpath Keylight Ambassador, winner of the 2015 GRC 2020 Award for Technology Innovation in Enterprise GRC Integration.
Organizations need to move beyond the concept of a GRC platform and focus on an integrated view of GRC data and systems through a GRC architecture that is a cohesive part of the broader business fabric of the organization. This is what GRC 20/20 refers to as 360° GRC contextual awareness. Where risk and compliance is monitored and understood in the course of business operations, changing risks and regulations, and interactions. Delivery of GRC contextual awareness requires that GRC be a central nervous system to capture signals found in processes, data, and transactions as well as changing risks and regulations for interpretation, analysis, and holistic awareness of risk in the context of business. Lockpath Keylight Ambassador is a GRC solution that offers a hybrid agent architecture that enables organizations to collect distributed GRC related data from applications installed across the organization and in the cloud. Keylight’s Ambassador innovation and advancement of GRC technology is its ability to securely and automatically transmit on premise data to the cloud from business systems and information security tools.
Prior to the implementation of the Keylight Platform, Claims Recovery Financial Services’s (CRFS) policies and procedures were scattered throughout the organization’s networks. With a vast number of compliance requirements and multiple client audits each year, the company’s existing policy and compliance management process was inefficient and costly.
In this 60-minute webinar, Deborah Cheek, CISO at CRFS, will discuss with Sam Abadir how implementing the Lockpath Keylight Platform transformed CRFS’ policy management and compliance program, streamlined its internal policy management process, increased user adoption of its GRC program, and ultimately helped the company gain a competitive advantage.
In our uncertain regulatory climate, complying with regulations and managing policies demand that organizations be adaptable. For firms that are still using office tools like word processors, spreadsheets and emails, the challenge to adapt is even greater. In this live webinar, Lockpath’s Sam Abadir will share a roadmap to smarter compliance and policy management.
Attendees will learn:
• What compliance and policy management encompasses
• Communication strategies for working with cross-functional teams
• How organizations are bringing automation to manual processes
• Low-hanging fruit for quick wins and ideas for sustained growth
The road ahead is uncertain and demands that organizations adapt. Why stop there? Keep going to reach a better place with your compliance and policy management program. Explore what you need to know in this educational webinar.
Brandy Peterson - GuidePoint Security; Sam Abadir - Lockpath
In the era of cloud computing, organizations are moving their IT workloads to various cloud providers at an increasing pace. However, there remain many cybersecurity concerns to cloud adoption that prevent organizations from fully leveraging the benefits of the cloud. Your due diligence should include compliance requirements, frameworks and guidance, controls, cloud security architecture and cloud deployment model. In this webinar, we will explore key questions that organizations should answer before moving to the cloud and the steps to ensure a successful transition to the cloud.
Buying a GRC platform isn’t so much about sizing up the options as it is about analyzing your company’s needs. After that, it’s about knowing which questions to ask vendors and how to evaluate their offerings while keeping business processes front and center. In this webinar, we’ll share how to self assess needs and benchmark your GRC maturity. Throughout the hour, we’ll offer buyer’s tips and empower you to buy the GRC platform that’s right for your company.
In this webinar, you will discover:
• How to assess your organization and determine what type of platform is right for you
• What questions to ask when evaluating GRC vendors
• Tips for building a business case for a GRC platform and estimating potential ROI
In our increasingly competitive and digital world, organizations need to evolve to be more competitive. For many, an untapped resource is GRC and its role in increasing efficiency and organizational resiliency. Explore what’s possible in this educational webinar.
You’ve fulfilled the minimum requirements to comply with PCI DSS. But guess what? You still might be vulnerable to a credit card data breach. As we’ve witnessed with recent high-profile cases, companies that are PCI compliant are not necessarily immune to attacks.
So if compliance isn’t enough to guarantee security, how do companies minimize the risk of a data breach?
Join us for a one-hour webinar led by Paul Calatayud, chief information security officer at SureScripts and information security instructor for the SANS Institute. This free session will explain why compliance doesn’t necessarily mean your organization’s PCI data is secure.
The session will also cover the following areas:
Determining who’s responsible for PCI security
Third-party security practices
How a risk-based security approach augments compliance
Lockpath, a leader in integrated risk management solutions, helps companies understand and manage risk. Subscribe to the Lockpath channel for educational webinars exploring a wide range of topics such as risk management strategies, information security best practices, industry and regulation insights, and more.