Hi [[ session.user.profile.firstName ]]

Hackers and Auditors: A Common Threat

Compliance and information security have had a tumultuous relationship. Sometimes they get along; sometimes they don't. Organizations often combine them under the CISO, but provide dotted line reporting elsewhere for compliance. Compliance might partner with internal audit or have its own C-level position. All of this variation isn't really necessary. Compliance and Risk Management can be successfully combined under the practice of Security Performance Management.

During this webinar we will discuss how:
•Compliance behaves like more traditional information security threat.
•Compliance can be managed similarly to other information security programs.
•Security Performance Management provides a framework for comprehensive compliance and risk management across the enterprise.
Recorded May 22 2012 48 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tim Erlin, Director, Product Management, nCircle
Presentation preview: Hackers and Auditors: A Common Threat

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • GDPR Wins, Challenges & Lessons for Organizations Dec 9 2020 4:00 pm UTC 60 mins
    Panelists TBA
    It’s been more than two years since EU's General Data Protection Regulation (GDPR) came into force. To date, more than $126 million in fines have been imposed, and over 160,000 data breaches have been reported in this time -- most of them coming from the UK, Germany or the Netherlands, according to the law firm DLA Piper.

    Join us for an in-depth look into how the world and the regulations landscape has changed since GDPR and what this means for businesses in the US, UK, Europe and globally (compliance, security, privacy).
    - Post-GDPR data regulations around the world
    - GDPR vs CCPA
    - Data access rights - Has anything changed?
    - Facial recognition & GDPR
    - COVID-19, data collection and compliance
    - Is GDPR turning into a “paper tiger”
    - What to look for on the regulations landscape in 2021
  • [*CPE] Executive Tips to Present Cybersecurity to the Board Nov 19 2020 6:00 pm UTC 75 mins
    Colin Whittaker with: Hrishikesh Choudhari, MetricStream, and speakers from Okta, BitSight, and Process Unity
    *Attend live for 1.5 CPE Credits

    Cyberattacks can cost an organisation its reputation, its customers and a great deal of money, making CEOs and board members more accountable. Yet, research shows that a high percentage of corporate boards are not actively involved in cybersecurity oversight. Nonetheless, Gartner estimates by 2021, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually.

    When communicating your cybersecurity program to the board, it is important to translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.In order to justify the desired cybersecurity expense, you must clearly present the risks, the plan you will implement to protect the company’s assets, and the rationale behind the cost. In this webinar, our expert panel will discuss how to present cybersecurity to the board and get buy-in, including how to:

    - Map out your cybersecurity program.
    - Get an independent view of your current cybersecurity state and present the facts.
    - Translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.
    - Propose concrete solutions and demonstrate ROI.
  • Deceiving the Attacker Nov 17 2020 5:00 pm UTC 60 mins
    Diana Kelley, SecurityCurve
    When it comes to deception technology, the industry is evolving beyond simple honeypots to a more automated, scalable, and effective approach.

    Join this episode of The (Security) Balancing Act to discover how deception technology can be used by organizations to detect, investigate and respond to malicious intruders. How does deceiving the attacker save your company and buy you time?

    During this episode, we'll go over:
    - What is deception technology and what does it help with?
    - How does it work? (e.g. Deception decoys, lures, honeytokens, traps, grids)
    - Is your organization ready to adopt deception?
    - What do you need to do before you buy the technology / build it in-house?
    - Key benefits of using deception for threat hunting
    - What else can deception be used for?
    - Deception use cases
    - The role of AI in deception (e.g. dynamic deception)

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • [*CPE] Accelerating Threat Detection with Real-Time Security Intelligence Oct 22 2020 5:00 pm UTC 75 mins
    Colin Whittaker, with Brandon Dixon, RiskIQ; Francois Lacelles, Ping Identity; and experts from Okta and Recorded Future
    *Attend live for 1.5 CPE Credits

    Many organizations rely on governance, risk, and compliance (GRC) technology to consolidate risk information from internal sources (such as finance, IT, and operations) and external sources to understand their threat landscape. Yet as vendor ecosystems grow in size and complexity, risk management teams are increasingly struggling to procure and maintain high-quality, real-time data to feed their GRC systems.

    Creating a threat intelligence strategy is essential for a company to identify and prioritize threats effectively. But when it comes time to choose threat intelligence services and products it can be hard to know where to start. In this webinar, our expert panel will discuss how to use real-time threat intelligence to accelerate threat detection, including how to:

    - Understand the important distinction between threat data and intelligence.
    - Establish what types of intelligence will prove beneficial to your organization and be critical for ROI.
    - Gain complete visibility into all of your organization’s API traffic, and analyze relevant intelligence effectively from large volumes of threat data.
    - Empower your teams to leverage automation to detect and block threats to your organization. 
  • Securing Identity - 1 Year Check-In Oct 14 2020 4:00 pm UTC 60 mins
    Diana Kelley | Angela Leifson | Aidan Walden | Shareth Ben
    According to Verizon’s 2020 Data Breach Investigation Report (DBIR), over 80% of hacking-related breaches involved the use of lost or stolen credentials - and approximately 35% of all breaches were initiated due to weak or compromised credentials.

    Last year, we kicked off The (Security) Balancing Act series with a panel of identity experts to help us understand the landscape. Join us for this 1 year check-in to learn what has changed for organizations in the last 12 months and the security implications of shifting to a more remote workforce.

    - 2020 vs 2019: Key changes & challenges for cybersecurity
    - How work from home has opened the door to attackers
    - Regulatory updates that may impact identity management programs
    - Why attackers are focused on credentials and authentication systems
    - What businesses can do to keep track of all endpoints, manage identities and privileged access, protect their data and maintain compliance

    Panelists:
    - Angela Leifson, Forensic Analyst for Oracle Cloud Infrastructure
    - Aidan Walden, Director, Public Cloud Architecture & Engineering at Fortinet
    - Shareth Ben, Executive Director, Insider Threat & Cyber Threat Analytics at Securonix

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • [*CPE] A Third-Party Risk Management Masterclass Sep 24 2020 5:00 pm UTC 75 mins
    Stephen Boyer, BitSight; Jon Ehret, RiskRecon; Chris McCloskey, OneTrust; and Todd Boehler, ProcessUnity.
    *Attend live for 1.5 CPE Credits

    Third-party risk management (TPRM) programs are designed to offload that risk, but the current approach isn’t providing the intended results. According to the Ponemon Institute, nearly 61% of U.S. companies have experienced a data breach caused by a third party.

    To build an efficient TPRM program, it's critical to understand which vendors and suppliers present the most risk, as well as which ones are essential to your operations. By understanding where to prioritize your time, you can onboard key vendors faster, spend the right amount of time performing due diligence, and invest the most resources assessing and monitoring the third parties that matter most, helping to increase security and performance.

    On this webinar our panel of experts will share their experiences and discuss how to:

    - Overcome the most common vendor risk challenges
    - Prioritize your third parties by criticality
    - Streamline your due diligence and vendor assessment process
    - Encourage effective communication between internal stakeholders
    - Establish a continuous improvement cycle to encourage better results year over year
    - Achieve efficiencies out of TPRM tools
  • AI, Vulnerability Scanning & Implementing Your Cloud Security Strategy Sep 24 2020 5:00 pm UTC 60 mins
    Moderator: Tejasri Devarapalli; Richard Meeus, Akamai; Nabil Zoldjalali, Darktrace
    Securing the cloud can be challenging for many reasons. From data breaches that result in excess spending and loss of trust, to implementing and maintaining a security strategy.

    According to Gartner, the public cloud services market is expected to grow 17% in 2020. With this in mind, how can businesses secure their cloud access while adopting new cloud strategies? Some cloud security vendors have adopted AI and machine learning methods to protect against threats to the cloud.

    According to Cybersecurity Insiders, less than a third of businesses are monitoring abnormal workforce behavior across their cloud footprint. This is alarming considering the significant increase in usage of cloud apps and collaboration platforms. 

    Join this expert panel where cloud security leaders will discuss:
    -  The key threats faced by businesses implementing cloud services
    -  How AI, autonomous response and machine learning can help to detect threats
    -  How vulnerability scanning can optimize your cloud security strategy
  • How To De-classify Data and Rethink Transfer of Data between US and EU Recorded: Sep 2 2020 47 mins
    Ulf Mattsson, Chief Security Strategist, Protegrity
    Companies need immediate rethink on transfer data to the United States since the Privacy Shield transatlantic pact is declared invalid. The Court of Justice of the European Union found that the Privacy Shield does not meet the GPDR requirements and cannot ensure a level of protection.

    We will discuss how to achieve compliant pseudonymization, including protecting not only direct identifiers but also indirect identifiers and additional attributes, while still preserving the data’s utility for its intended use.

    We will also discuss different international privacy standards, the new Schrems II, clarify pseudonymization and other data privacy techniques.

    We will also discuss
    • Data privacy and working remotely
    • That GDPR does not apply to data that is no longer identifiable
    • Pseudonymization used nationally, as well as for trans-border communication
    • Pseudonymization use cases for privacy protection of personal health information
    • Re-identification attacks, full and partial
    • Extracting new information out of an anonymous or pseudonymous database through re-identification
    • Linkage mechanisms
    • The data de-classification process and workflow
    • Pseudonymization services best practices and trustworthy practices for operations
    • Policy framework for operation of pseudonymization services
    • When to use pseudonymization and/or anonymization
  • PCI Dream Team - PCI Compliance with Non-supported Software & Hardware Recorded: Jul 28 2020 61 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    Being left at the payment altar is not easy.

    PCI DSS requirements 6.1 and 6.2 address the need to keep systems up to date with vendor-supplied security patches in order to protect systems from known vulnerabilities. But what do you do if you have an in-scope application and it is no longer supported by the vendor?

    Many payment applications, gateway and software are long past end-of-life, yet still processing cardholder data. Can such a setup be PCI compliant?

    This PCI Dream Team webinar will detail the issue, challenges dealing with unsupported hardware/software, and suggest strategies for compensating controls.

    Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

    Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jeff Hall for an interactive Q&A session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.
  • Detecting & Responding To Ransomware Recorded: Jul 14 2020 56 mins
    Eric A. Nielsen, Chief Executive Officer, Defense In Depth Cyber Security
    As an information security professional your knowledge of ransomware as well as the tactics & techniques to detect & respond effectively are critical to your organization. Data breaches threaten organizational financials and reputations. Strengthen your security through the use of actionable intelligence. Attendees will hear about:

    - What is Ransomware?
    - Leveraging Architecture Components to Detect & Respond to Ransomware
    - Ransomware Scenarios & Solutions
    - Tips to Protect Your Organization
  • Malware in CSP environment- An enigmatic conundrum Recorded: Jul 13 2020 54 mins
    Srinivas Bhattiprolu, Global Head, Advanced Consulting Services, Nokia Software
    Malware is a humungous force to be reckoned with, all the recent advances in technology did not retard the progress and impact associated concomitant to it. Malware actually rode the improving technology and made it its tool and an affiliate. Social network, e mail and mobile devices are becoming a major conduits to propagating malware of different types. Malware is becoming better at protecting itself. The development of technologies that enable malware to evade detection and analysis made it virtually unstoppable in infiltrating its high-value targets. Malware continues to be a problem for Communications Service Providers and their customers. The session introduces the history of malware, how it has evolved over a period of time. A threat ecosystem is an interdependency of different technologies and the people behind them that are vital to the success of an attack.

    This presentation explains the threat ecosystem of malware. How malware impacts Communication Service Providers (CSPs). A view of malware activity in mobile and fixed networks around the world. Then the presentation will zoom in on IoT botnet activity that has increased substantially since the introduction of Mirai in 2016. Many of these IoT botnets leverage the basic architecture and functionality of the Mirai source code.

    The presentation then elucidates the IoT botnet family tree, how a botnet works, how these spread and communicate with each other as well as command and control server. The presentation then highlights different variants of botnets and provides a high level overview of each variant. What are the top 20 most prolific malware found on the internet today? Highlight the infection types and rates in different type of networks like mobile and fixed.

    Finally the presentation will provide some views on how different type of malware threats can be detected and mitigated and how networks can be protected proactively.
  • Data Privacy in 2020 and Beyond Recorded: Jun 17 2020 60 mins
    Mali Yared, Robert Razavi, Baber Amin, Lori Robinson & Elliot Dellys
    Is your organization aware of the main differences in data regulations around the world?

    Join this panel of industry leaders for an interactive Q&A roundtable to get a comprehensive look into the different data privacy and security requirements. The panel will also discuss what to expect in 2020 and beyond.

    Viewers will learn more about:
    - What's new on the data privacy and compliance landscape
    - Main differences between data regulations around the world and what this means for your organization
    - Expert recommendations regarding best tools and practices for achieving and maintaining compliance
    - The future of data privacy
    - What to expect in 2020 and beyond

    Mali Yared, Practice Director, Cybersecurity and Privacy, Coalfire (Moderator)
    Robert Razavi, Senior Security Architect CTO Office, IBM Canada
    Baber Amin, CTO West, Ping Identity
    Lori Robinson, Sr. Director, Product & Market Strategy, SailPoint
    Elliot Dellys, Director, Strategic Consulting, Trustwave
  • Data Protection & Privacy During the Coronavirus Pandemic Recorded: Jun 17 2020 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    Remote work is quickly becoming the new normal and criminals are taking advantage of this chaotic situation.

    The EU Agency for Cybersecurity's providing guidance for the huge increases in the number of people working remotely, using tele-health it is vital that we also take care of our cyber hygiene.

    Viewers will learn more about:
    - How to use encryption, controlling new storage of regulated data and data sharing in this new situation.
    - Anonymization leaves personal data open to re-identification, which exposes firms to GDPR non-compliance risks.
    - How are the HIPAA rules changing in this situation?
    - GDPR prescribing pseudonymization and how is that work.
    - How is CCPA changing the rules?
    - How to secure wi-fi connections preventing snooping of your traffic and fully updated anti-virus and security software, also on mobile phones.
    - How important files can be backed up remote or locally. In a worst case scenario, staff could fall foul of ransomware for instance.
    - What apps are secure to use in this new era?
    - Should we use MFA, PW managers or local PW management?

    We will also discuss how to use the CERT-EU News Monitor to stay updated on the latest threats and check the following basics.
  • Multi-factor Authentication and How it can Save You! Recorded: Jun 16 2020 61 mins
    Elisabeth Happel, Director of Cyber Security, TRG Networking, Inc. & David McHale, Principal, HailBytes
    Everywhere you turn, someone is talking about MFA. When you strip away the jargon, the platform marketing and ads, what does MFA really offer to the end-user or to a business? As more and more services move into the Cloud, you’ll want to understand multi-factor authentication as a possible solution for your business or personal needs.
    A little history:
    Authentication is one means of identity management – it is how a computer system knows which user has access to what resources. In the not too distant past, this was usually controlled via active directory on a server that sat in a closet where you worked. And that worked well, because all the applications, printers, and employees were in that physical place called the office.
    But, things change! Servers and applications are more likely to reside in the Cloud than in your office. Employees could be working from home, out in the field, or half-way around the globe. Each of the resources that a person needs to access must have a way of authenticating them, but traditional authentication is no longer sufficiently secure on its own!
    Enter Multi-factor Authentication – which adds an additional and out-of-band way of authentication identity management. In this webinar we will discuss:
    What is MFA?
    Why as a Service Cloud services can be vulnerable to authentication breaches
    What is out-of-band, and why is that important?
    How utilizing MFA can be an important part of your strategy to shore your network or system defenses
    How risk factor is reduced using MFA
    The different genres of MFA, and how they can be implemented
    We will wrap up our discussion with a brief Q & A session at the end, so warm up your questions!
  • Privacy in the Time of COVID Recorded: May 22 2020 58 mins
    Chenxi Wang | Vishwanath Raman | Michelle Dennedy | Tom Pendergast
    In the fight against COVID-19, countries are taking urgent actions to address the crisis. Some are turning to tech to find solutions for containing the spread of the virus. Digital contact tracing, in particular, is gaining a lot of traction. For example, Apple and Google recently announced a rare collaboration to jointly facilitate contact tracing within their mobile platforms for public health monitoring applications.
    So, what does this mean for privacy? 
    While some efforts are being made to preserve user privacy, like not tracking user location or collecting other identifying information, digital contact tracing can still reveal more user information than necessary.

    Join this panel of security and privacy experts lead by Chenxi Wang to learn more about the different implications associated with digital contact tracing, how it is being used around the world, and the long-term effects of COVID-rushed decisions.

    Speakers:
    - Chenxi Wang, Founder & General Partner of Rain Capital
    - Vishwanath Raman, Lead, Privacy Technologies, Oasis Labs
    - Michelle Dennedy, CEO Drumwave
    - Tom Pendergast, Chief Learning Officer, MediaPRO
  • Become an Expert at Managing a Cybersecurity Risk Program Recorded: May 13 2020 35 mins
    Mick Vaughan and Brent Gage, Cybersecurity Engineers at SecurityGate.io
    In this discussion, cyber assessment leaders from SecurityGate.io, Mick Vaughan and Brent Gage, will delineate the top things you need to do in order to make sure your business is secure from cyber attacks.

    Learn how to employ an easy-to-use framework that you can take and put into action inside your company. If you’re not an expert in OT/IT cyber security, don’t worry! This presentation is all you’ll need to get started and show meaningful results in reducing risk. Put this in practice and you’ll be known as the expert.

    Join us so you may learn how to use a trusted methodology that scales from the smallest companies to the largest enterprises.
  • The PCI Dream Team Celebrates GDPR's 2nd Anniversary Recorded: May 13 2020 61 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    May 2020 marks the 2nd anniversary since EU's General Data Protection Regulation (GDPR) came into effect. How has the world of regulations changed in the last two years, and what else can we expect on the privacy and compliance landscape?

    Join the PCI Dream Team as they celebrate GDPR's 2nd birthday - while social distancing from home - with a fun and insightful Q&A discussion on all things GDPR, CCPA & PCI DSS.

    Grab a seat, eat some cake and bring us your toughest compliance-related questions.

    Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.
  • [PANEL] How to Simplify Cyber Risk Management? Recorded: May 13 2020 62 mins
    Kalani Enos (Immersion Security), Terence Jackson (Thycotic), Rick Holland (Digital Shadows), Joseph Carson (Thycotic)
    In today’s multi-cloud and hybrid environments, CISO's are struggling to secure assets, manage security policies across clouds, monitor and mitigate risks, while also supporting the business. How are CISOs solving the challenge of complexity?

    Join this panel of experts to learn how to simplify cyber risk management as well as maximize the value of your team and technology.
    - Risk scoring and security controls
    - How to identify risks for organizations and their third-party vendors
    - How to prevent, detect, and respond to, privacy and network security incidents
    - Best of vulnerability and risk management in a multi-vendor environment
    - Best practices and use cases across industries

    Speakers:
    Kalani Enos, Partner/VCISO/Threat Analysis, Immersion Security (Moderator)
    Terence Jackson, Chief Information Security Officer, Thycotic
    Rick Holland, CISO, Vice President Strategy, Digital Shadows
    Joseph Carson, Chief Security Scientist, Thycotic
  • Coronavirus & Surveillance: How To Protect Privacy Sensitive Data Recorded: Apr 29 2020 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    In Singapore, the Government launched an app using short-distance Bluetooth signals to connect one phone using the app with another user who is close by. It stores detailed records on a user's phone for 21 days decrypt the data if there is a public health risk related to an individual's movements.

    China used a similar method to track a person's health status and to control movement in cities with high numbers of coronavirus cases. Individuals had to use the app and share their status to be able to access public transportation.

    The keys to addressing privacy concerns about high-tech surveillance by the state is de-identifying the data and giving individuals control over their own data. Personal details that may reveal your identity such as a user's name should not be collected or should be protected with access to be granted for only specific health purposes, and data should be deleted after its specific use is no longer needed.

    We will discuss how to protect privacy sensitive data that is collected to control the coronavirus outbreak.
  • Navigating Internal and External Comms When Business Continuity is Tough Recorded: Apr 22 2020 45 mins
    Missive
    Crisis communications experts from Missive Comms will share best practice guidelines and top tips for communicating with internal and external stakeholders during a crisis that may impact your business continuity, using COVID19 as a live example.
    The webinar will be primarily targeted at technology companies that have a dedicated marketing budget, but will contain principles relevant to all sectors. It will cover:
    • Guiding principles for internal comms during a crisis, including top tips and hurdles to avoid.
    • Navigating external communications in the current media landscape, including a step by step guide on crafting statements.
    • Answers to your questions on communicating when business continuity is tough.
Trends, developments, and technology
Increasing expectations for good data governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance for insights on how to implement successful GRC strategies and processes for your organization.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Hackers and Auditors: A Common Threat
  • Live at: May 22 2012 1:00 pm
  • Presented by: Tim Erlin, Director, Product Management, nCircle
  • From:
Your email has been sent.
or close