Hi [[ session.user.profile.firstName ]]

Integrated Enterprise Approach to IT GRC: OCEG GRC-XML Initiative

Governance, Risk and Compliance (GRC) is re-emerging as one of the most important components in the success of any company, the key to the integration of silos and the glue between the business and IT. Corporations, particularly those dealing with multiple jurisdictions, are facing an increasing num
Governance, Risk and Compliance (GRC) is re-emerging as one of the most important components in the success of any company, the key to the integration of silos and the glue between the business and IT. Corporations, particularly those dealing with multiple jurisdictions, are facing an increasing number of regulations and internal policy requirements. To deliver a holistic view and manage performance, integrate departmental risk models and compliance needs, and understand the impact on company goals and strategy, a standards-based approach is a must-have.

The GRC-XML working group is developing a standard and common language for the representation, sharing, and processing of governance, risk, and compliance information through the establishment of GRC Taxonomy based on XBRL and XBRL GL. The need for a common controls and risk language is present within a single organization as well as between an organization and its external auditors, government regulators, industry associations, and business partners. The market encompasses a broad spectrum of unique systems and solutions to address all aspects of an organization including its people, facilities, IT infrastructure, business applications, corporate responsibilities, legal, regulatory and financial obligations. One of the goals of the GRC-XML program is to enable these disparate systems to share and leverage information efficiently without compromising accuracy and functionality.

In this webinar, we will address the issue of GRC and current trends and developments in the marketplace. We will provide an overview of GRC-XML and introduce some key use case scenarios to address GRC challenges, particularly in information technology (IT GRC) and enterprise integration. We will discuss the use of GRC-XML in Cloud Computing and the current effort extending GRC-XML to support Solvency II.
Recorded Jan 19 2012
49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Said Tabet, OCEG Technology Council Co-Chair
Presentation preview: Integrated Enterprise Approach to IT GRC: OCEG GRC-XML Initiative
Recommended for you:
  • Date
  • Rating
  • Views
  • PCI DSS: Preventing Costly Cases of Non Compliance PCI DSS: Preventing Costly Cases of Non Compliance Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire Recorded: May 24 2016 62 mins
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • PCI DSS: Preventing Costly Cases of Non Compliance PCI DSS: Preventing Costly Cases of Non Compliance Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire Recorded: May 24 2016 62 mins
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • How secure is your Office 365 deployment? How secure is your Office 365 deployment? Teresa Law, Sr. Product Marketing Manager, Symantec & Sunil Choudrie, Solutions Marketing Manager, Symantec Recorded: May 24 2016 60 mins
    Are you concerned about securing your users and data in cloud based collaboration applications like Office 365? You’re not alone. Over 35% of Microsoft Exchange installed base is now on Office 365. Many of these enterprises are actively seeking to extend the same level of security and consistent policies they have in place for existing on-premise and cloud applications, to Office 365.

    Join us for this webcast where we tackle the challenge of securing Office 365 head on and show you how your organization can take Office 365 security to a new level.

    Agenda:

    • Shield Email From Phishing, Sophisticated Malware and Spam
    • Neutralize Advanced Threats and Targeted Attacks
    • Safeguard Your Sensitive Data
    •Control Access with Strong Authentication
  • How secure is your Office 365 deployment? How secure is your Office 365 deployment? Teresa Law, Sr. Product Marketing Manager, Symantec & Sunil Choudrie, Solutions Marketing Manager, Symantec Recorded: May 24 2016 60 mins
    Are you concerned about securing your users and data in cloud based collaboration applications like Office 365? You’re not alone. Over 35% of Microsoft Exchange installed base is now on Office 365. Many of these enterprises are actively seeking to extend the same level of security and consistent policies they have in place for existing on-premise and cloud applications, to Office 365.

    Consider these statistics from IDC:

    • Over 50% enterprises have users that access their Office 365 applications using unmanaged mobile devices
    • Over 90% of threats to enterprises emanate from email
    • 65% of threats go undetected for weeks/months

    IT administrators lose traditional visibility and control when enterprises move email, content creation, file sharing, and collaboration to the cloud; making it harder to detect inappropriate behavior. This makes it critical for organizations to extend the basic security capabilities of Office 365 and ensure consistency in the level of security across all their cloud services.

    Securing cloud applications like Office 365 is a shared responsibility between the cloud service provider and the tenant. Analysts like Gartner and IDC recommend assessing third party security products as a best practice in a comprehensive Office 365 security framework.

    Join us for this webcast where we tackle the challenge of securing Office 365 head on and show you how your organization can take Office 365 security to a new level.

    Learn how to enhance your Office 365 security to:

    • Shield Email From Phishing, Sophisticated Malware and Spam
    • Neutralize Advanced Threats and Targeted Attacks
    • Safeguard Your Sensitive Data
    •Control Access with Strong Authentication

    Symantec can help your organization enhance your security for Office 365 while enabling employee collaboration and productivity. Let us show you how!
  • Dell SonicWALL’s ‘Secure Mobile Access’ Raises the Bar! Dell SonicWALL’s ‘Secure Mobile Access’ Raises the Bar! Steven Sanderson – WW SMA Product Marketing Manager Mark Hewett – WW SMA Product Manager Recorded: May 24 2016 30 mins
    See how it’s possible to give end-users fast, simple access to enterprise applications, data and resources – without compromising your security.

    In this live webinar, you’ll hear from two Dell Security solution experts on how you can manage the proliferation of devices in your workplace.

    During the interactive session, you’ll see how to:
    • Ensure only authorized users and approved devices are granted access to your business network
    • Quickly and easily provision secure mobile access and role-based privileges
    • Keep company data secure in-flight and at rest on devices
  • Secure Mobility: How to Best Protect Your Data Secure Mobility: How to Best Protect Your Data Florian Malecki, Dell SonicWALL & Amar Singh, Founder and CEO, Cyber Management Alliance Recorded: May 24 2016 57 mins
    Today's workforce is mobile, with employees demanding access to more resources from more remote devices and platforms than ever before. Global networks connect employees, partners and customers over multiple Internet, intranets and VoIP channels. Even the smallest organization is now competing globally. IT organizations are struggling to keep up with mobile worker demand for access to more resources from more device types without compromising security and data.

    Join this panel discussion where info security leaders Florian Malecki and Amar Singh will be covering how you can get ahead of the next wave of mobile access and security challenges.
  • GDPR Summary:  Why encryption and other measures are now a must? GDPR Summary: Why encryption and other measures are now a must? Adrian Davis, MD (ISC)² EMEA; Jason Hart, CTO Gemalto; Tom De Cordier, Lawyer and Partner, CMS DeBacker Recorded: May 24 2016 62 mins
    Until recently, EU data protection laws mainly focused on data subject consent, proportionality, purpose limitation, transparency, etc. Information security, however, was very often deemed to be an area for the techies, not an area of legal compliance.
    This will change as a result of two recent and major pieces of EU legislation: the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS Directive).
    Under the GDPR and the NIS Directive, businesses and operators of essential services (eg. hospitals; airports; etc.) will have to implement robust information and system security measures. In addition, the new rules contain a new name-and-shame mechanism: businesses and operators will have to inform the relevant authorities of security incidents. And they will have to inform the affected data subjects, unless the affected data were rendered unintelligible (for example by means of encryption).
    Finally, the EU wants the new data protection rules to become a board-level issue and it has therefore decided to make the rules subject to hefty fines:
    •If a business fails to comply with its data security obligations under the GDPR, it may get a fine of up to 10,000,000 EUR or 2 % of its total worldwide annual turnover, whichever is higher.
    •Worse even, if a business is found to be in breach of certain other obligations under the GDPR, the fine may go up to a dazzling 4 % of its total worldwide annual turnover.
    During this webinar, you will learn from Jason Hart, CTO at Gemalto and Tom De Cordier, an expert in data protection and information security law at CMS in Brussels, what the new rules mean in practice and what businesses should do to bring themselves in line with the upcoming requirements.
  • GDPR Summary:  Why encryption and other measures are now a must? GDPR Summary: Why encryption and other measures are now a must? Adrian Davis, MD (ISC)² EMEA; Jason Hart, CTO Gemalto; Tom De Cordier, Lawyer and Partner, CMS DeBacker Recorded: May 24 2016 62 mins
    Until recently, EU data protection laws mainly focused on data subject consent, proportionality, purpose limitation, transparency, etc. Information security, however, was very often deemed to be an area for the techies, not an area of legal compliance.
    This will change as a result of two recent and major pieces of EU legislation: the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS Directive).
    Under the GDPR and the NIS Directive, businesses and operators of essential services (eg. hospitals; airports; etc.) will have to implement robust information and system security measures. In addition, the new rules contain a new name-and-shame mechanism: businesses and operators will have to inform the relevant authorities of security incidents. And they will have to inform the affected data subjects, unless the affected data were rendered unintelligible (for example by means of encryption).
    Finally, the EU wants the new data protection rules to become a board-level issue and it has therefore decided to make the rules subject to hefty fines:
    •If a business fails to comply with its data security obligations under the GDPR, it may get a fine of up to 10,000,000 EUR or 2 % of its total worldwide annual turnover, whichever is higher.
    •Worse even, if a business is found to be in breach of certain other obligations under the GDPR, the fine may go up to a dazzling 4 % of its total worldwide annual turnover.
    During this webinar, you will learn from Jason Hart, CTO at Gemalto and Tom De Cordier, an expert in data protection and information security law at CMS in Brussels, what the new rules mean in practice and what businesses should do to bring themselves in line with the upcoming requirements.
  • Social Engineering: Is that a Pwn Plug in Your Pocket? Social Engineering: Is that a Pwn Plug in Your Pocket? Peter Wood Recorded: May 24 2016 44 mins
    Most organisations are surprised by the ease with which social engineering defeats their security. The human factor provides a simple and effective route to bypass even the best hardware and software security controls, yet is commonly overlooked or considered too difficult to solve. Peter will share a number of real examples to reinforce his opinion: as more and more data breaches are published, perhaps it’s time to become creative and strengthen the human firewall.
  • Como garantir os SLAs de disponibilidade dos seus ambientes NAS e Big Data Como garantir os SLAs de disponibilidade dos seus ambientes NAS e Big Data Luis Feitor - Commvault Senior Systems Engineer Recorded: May 24 2016 40 mins
    Os dados não estruturados das empresas são cada vez mais um ativo imprescindível para os serviços e processos de negócio. No entanto, o seu crescimento exponencial faz com que as tecnologias tradicionais de proteção deste tipo de dados sejam não só ineficientes, como ainda incapazes de responder às necessidades de disponibilidade em ambientes empresariais.

    Neste webinar, iremos ver três áreas de inovação da Commvault que permitem responder às necessidades de proteção de dados não estruturados:

    -Na primeira parte, iremos mostrar as novidades da tecnologia IntelliSnap, que permite a integração com novos fabricantes de Storage e a gestão de réplicas de volumes; falaremos ainda da nova tecnologia de captura de blocos, que amplia o conceito de proteção contínua e consistente, a qualquer tipo de sistema de ficheiros e de base de dados, para dispor de um número ilimitado de pontos de recuperação de acesso nativo.

    -Na segunda parte, veremos como a nova versão do software da Commvault expande as suas capacidades a ambientes de Big Data. De acordo com a Gartner, mais de três quartos das empresas têm iniciativas de Big Data, e portanto a necessidade de gerir a disponibilidade destes dados é um desafio que se deve resolver a curto prazo.

    -Por último, iremos mostrar como as soluções NAS hiperescaláveis exigem tecnologias inovadoras para poder garantir a proteção e acesso aos dados que armazenam.

    Junte-se a nós para ficar a saber como a Plataforma de Gestão de Dados da Commvault lhe permite cumprir os seus SLA de disponibilidade de dados não estruturados, independentemente da tecnologia que escolha para armazenar e gerir estes ativos do seu negócio.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Integrated Enterprise Approach to IT GRC: OCEG GRC-XML Initiative
  • Live at: Jan 19 2012 7:00 pm
  • Presented by: Said Tabet, OCEG Technology Council Co-Chair
  • From:
Your email has been sent.
or close
You must be logged in to email this