Compliance and information security have had a tumultuous relationship. Sometimes they get along; sometimes they don't. Organizations often combine them under the CISO, but provide dotted line reporting elsewhere for compliance. Compliance might partner with internal audit or have its own C-level position. All of this variation isn't really necessary. Compliance and Risk Management can be successfully combined under the practice of Security Performance Management.
During this webinar we will discuss how:
•Compliance behaves like more traditional information security threat.
•Compliance can be managed similarly to other information security programs.
•Security Performance Management provides a framework for comprehensive compliance and risk management across the enterprise.
RecordedMay 22 201248 mins
Your place is confirmed, we'll send you email reminders
Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.
Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.
Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
Robert D. Schneider, Partner at WiseClouds LLC, Reiner Kappenberger, HPE Security - Data Security
The Internet of Things (IoT) is here to stay, and Gartner predicts there will be over 26 billion connected devices by 2020. This is driving an explosion of data which offers tremendous opportunity for organizations to gain business value, and Hadoop has emerged as the key component to make sense of the data and realize the maximum value. On the flip side the surge of new devices has increased potential for hackers to wreak havoc, and Hadoop has been described as the biggest cybercrime bait ever created.
Data security is a fundamental enabler of the IoT, and if it is not prioritised the business opportunity will be undermined, so protecting company data is more urgent than ever before. The risks are huge and Hadoop comes with few safeguards, leaving it to organizations to add an enterprise security layer. Securing multiple points of vulnerability is a major challenge, although when armed with good information and a few best practices, enterprise security leaders can ensure attackers will glean nothing from their attempts to breach Hadoop.
In this webinar we will discuss some steps to identify what needs protecting and apply the right techniques to protect it before you put Hadoop into production.
Nancy Bennis, Director of Alliances, Cleversafe an IBM Company, Alex McDonald, Chair, SNIA Cloud Storage Initiative, NetApp
Object storage is a secure, simple, scalable, and cost-effective means of embracing the explosive growth of unstructured data enterprises generate every day.
Many organizations, like large service providers, have already begun to leverage software-defined object storage to support new application development and DevOps projects. Meanwhile, legacy enterprise companies are in the early stages of exploring the benefits of object storage for their particular business and are searching for how they can use cloud object storage to modernize their IT strategies, store and protect data while dramatically reducing the costs associated with legacy storage sprawl.
This Webcast will highlight the market trends towards the adoption of object storage , the definition and benefits of object storage, and the use cases that are best suited to leverage an underlying object storage infrastructure.
In this webcast you will learn:
•How to accelerate the transition from legacy storage to a cloud object architecture
•Understand the benefits of object storage
•Primary use cases
•How an object storage can enable your private, public or hybrid cloud strategy without compromising security, privacy or data governance
Matthew Yeh, Delphix, Product Marketing & Olivia Zhu, Delphix, Business Technology Consultant
A new, data-centric approach to security is taking hold. Rather than establishing perimeter defenses in hopes of repelling breach attempts, security-minded organizations are investing in technologies that protect the interior--the data itself. In particular, the combination of virtual data and data masking is proving to be a powerful way for enterprises to safeguard sensitive data from both insider and outsider threats.
View this webinar to learn:
How data masking is superior to solutions based on encryption and firewalls
What virtualized data is, and how it forms the foundation for an effective security strategy
Why integrating data masking with virtual data reduces your surface area of risk by 90%
Healthcare has become criminals most lucrative target. Why? Because medical records are worth 10 times that of credit cards. The recent digitization of the healthcare industry has rapidly expanded the attack surface to include electronic healthcare records, patient portals, IoT-enabled medical devices and more.
Imagine losing access to all of your patient data—only to find out you are being extorted by criminals who require payment to get it back. This type of attack can disrupt life & death technologies that medical practitioners rely on to perform their jobs. Ransomware adds up to a significant threat to the healthcare industry.
But, there are steps you can take to actively reduce the number of ransomware infections across your organization. OpenDNS and Cisco are on the forefront of helping our healthcare customers against various versions of ransomware.
Hear from Barry Fisher, Sr. Product Manager at OpenDNS, to learn the simplest way for healthcare security practitioners to stay ahead of Ransomware attacks. You’ll learn how to:
-Reduce ransomware infections across your organization
-Identify the infrastructure used by attackers to connect, control and transfer the encryption keys
-Protect medical IoT endpoints, patients’ devices and even devices that don’t run agents, like heart monitors and infusion pumps
Register now to learn how to start covering your healthcare security gaps.
Over the last few years, there are a known 620 million user accounts that have been compromised across hundreds of sites. Organized cybercrime have figured out that this is the fastest, most reliable method to infiltrate organizations, as well as achieve financial gain. Since users share passwords across multiple sites, it is easier to find logins that work on a target site than try to bypass firewalls, find software flaws, or even run spearphishing campaigns.
These types of attacks are collectively coming to be known as “Account Takeover” (ATO). Some are simple, while others are sophisticated. Some can be stopped relatively easily, and others require much more effort.
ATO attacks (via stolen credentials) were cited as the #1 method of confirmed data breaches in both 2014 and 2015, for web applications, which itself was the #1 vector for data breaches.
Come learn what these ATO threats are, their impact to your business, how to detect them, and what you can do about it.
Krishna Narayanaswamy, Founder and Chief Scientist, Netskope
The rapid rise in cloud adoption – of which corporate IT has underestimated the scope by as much as 10x - has created a new effect: a “cloud attack fan-out.” Between many connected devices, which increase the attack surface, and capabilities like sync and share, which increase data velocity in the cloud, both the propensity and the severity of a breach rise.
Join Krishna Narayanaswamy, Founder and Chief Scientist of cloud security company Netskope, as he takes an in-depth look at data breaches involving cloud services and how they come about. Krishna will take a fun, CSI-like presentation approach and draw upon unique, anonymized data seen in the cloud to illustrate:
- The multiplier effect that that the cloud can have on the probability of a data breach
- Three real-world examples in which the cloud can play a role in data breaches, including a step-by-step review of a recent exploit found in a cloud storage app
- How to identify data breaches in an enterprise cloud environment using advanced anomaly detection techniques
- A forensic walk-through in the reconstruction of a complex audit following a data breach
- Best practices for mitigating breaches as well as monitoring and protecting sensitive enterprise data in the cloud
Peter Gossin, Digital Transformation Manager, Microsoft
Digital transformation is the process of using today’s technology to modernize outdated processes and meet the most pressing needs of your business.
Thanks to recent advances in lower cost tablet technology and Microsoft’s suite of cloud and productivity services, complete digital transformation is more accessible now than ever before. A new class of affordable devices is revolutionizing the way businesses and their employees work and interact with customers.
Sign up now to:
•Engage your customers
•Empower your employees
•Optimize your operations
•Transform your products
Matthew Yeh, Delphix, Product Marketing & Olivia Zhu, Delphix, Business Technology Consultant
Data Masking Is Changing How Businesses Prevent Data Breach
With data breaches on the rise, businesses are heavily investing in solutions to safeguard sensitive data. However, businesses too often fail to secure confidential information in environments used for development, testing, training, and analytics. These so-called non-production environments can represent over 80% of the surface area of risk for breach. Data masking has emerged as the de facto standard for protecting these environments from insider and outsider threats alike. Masking replaces sensitive data with fictitious yet realistic data, preserving its value for non-production use while completely eliminating the risk of breach. Moreover, a new generation of solutions couples data masking with advanced virtualization technology to secure and deliver data -- without the slowdown caused by traditional methods.
Register and discover:
The key reasons why next-generation data masking reduces risk of breach
How masking compares to other security approaches such as encryption
Why next-generation masking is essential for businesses that must comply with HIPAA, PCI DSS, and SOX
Jonathan Bailey, Rami Essaid, Katie Sunstrom, Orion Cassetto
Web scraping - the process of using bots to systematically lift content from a website - is either loved or hated. Startups love it because it’s a cheap and powerful way to gather data without the need for partnerships. Large companies use web scraping to gain competitive intelligence, but try to block others from doing the same. However, new legislation and high profile court cases have called into question the legality of web scraping.
In this lively conversation, diverse panelists will discuss the origin of web scraping, the changing legal landscape, and the legal and technical best practices for protecting your website content.
Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire
There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.
This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
Melinda Rahe, Business Continuity Program Manager Dell, Inc.
Outsourcing shifts the burden to mitigate risk to the vendor. But, it does not shift the impact of the risk. Your company’s reputation and its’ customers can be negatively impacted when your vendor experiences failure.
This presentation discusses how to formulate a vendor resiliency strategy. And, will equip participants with practical solutions for effectively, as well as efficiently, assessing the business continuity risk exposures introduced by outsourcing business functions
It doesn’t matter what industry vertical you are in or how big or small your business is, we are all plagued by the same concern, the security of your most valuable asset – your data. Moreover, the threat is sometimes the ones that you trust most, namely people that have access to your privileged information and data. This insider threat can be your customers, partners and even your employees that accidentally or purposefully release or acquire sensitive data and use it for something other than what it was meant for.
Just imagine if you had a complete and panoramic scene sizeup along with the ability to proactively address potential threats of both the traditional threat vector of outsiders gaining information as well as the increasingly common and dangerous internal threat. Join us as we discuss this important topic as well as how you can ensure that your organization does not find itself in the eye of the security cyberstorm..
Mike Reinhart is the Director of Product Marketing at Accelops
Regulatory compliance and security breach protection, is complex in today’s organizations, and this job is not getting easier.
One of the major challenges that many organizations and managed security services routinely face is that the sources, numbers and types of attacks being generated are increasing exponentially. When you add the growing unknowns associated with the Internet of Things (IoT) it becomes exceedingly difficult to separate the truly lethal threats from the merely mundane. This results in greater complexity and higher costs in terms of not only the number of security incidents that need to be investigated, it is driving organizations to hire the security expertise needed to maintain these services.
Join us for this webcast to see where state-of-the-art SIEM tools are being used to create a modern managed security service that not only scales to meet the potential threats for organizations, but also allows Managed Service Providers to deliver higher quality managed security services.
John Meegan, Candice Campbell, Gary Zein, Karolyn Schalk, Karl Scott, Mike Edwards from the CSCC
The Cloud Standards Customer Council will define hybrid cloud computing, explain why this deployment model is essential for addressing business requirements, and outline the key considerations that customers must take into account as they start their transition. The presentation will include strategic and tactical activities for decision makers implementing hybrid cloud solutions. It will cover all the essential technical considerations for hybrid cloud deployment including integration, connectivity, governance, management, security and privacy.
CloudLock: Brad Pielech - Integrations Architect, CloudLock OneLogin: Mario Tarabbia - Director of Sales Engineering
Your organization has turned to cloud platforms and applications (including SaaS, IaaS, PaaS, and even IDaaS) to meet business needs, and it’s your job to make sure those applications are both easily accessible as well as airtight. Luckily, a new set of identity and security solutions have arrived that ensure fast access and security around all your publicly accessible data,w the apps it resides on, and the users engaged.
Find out how OneLogin’s identity and access management capabilities including single sign on (SSO), combined with CloudLock’s cloud cybersecurity solution can make users more secure and productive in the cloud, no matter the data, applications, or people they work with.
Join OneLogin and CloudLock to learn how to:
– Identify the top five cyber threats to your cloud environment
– Protect against cloud security risks leveraging advanced user behavior analysis
– Improve company-wide productivity through streamlined identity and access management
– Easily automate your cloud access management process
– Put it all into action quickly – managing cloud application security with a powerful IDaaS+CASB joint solution
Steve Piper, CEO at CyberEdge and Lane Roush, Systems Engineer at Code42
The CyberEdge 2016 Cyberthreat Defense Report (CDR) provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a November 2015 survey of 1,000 IT security decision makers and practitioners, the CDR delivers insight IT security teams can use to compare their perceptions, priorities and security postures to that of their peers.
Join Steve Piper, CEO at CyberEdge and Lane Roush, Systems Engineer at Code42 to review the results from the 2016 Cyberthreat Defense Report and:
•Understand why 62 percent of organizations expect to be breached this year.
•Learn which cyber threats are of the utmost concern to the enterprise in 2016.
•Explore how Code42 CrashPlan endpoint backup helps safeguard your most important asset–data!
Carl Lehmann (451 Research), Rick Caccia (Delphix), Bill Laberis(IDG)
BEST PRACTICES TO MODERNIZE IT PROJECTS AND MITIGATE BUSINESS RISKS
As workloads, data and processes shift across on-premises, hybrid clouds and mobile infrastructure, enterprises must develop a strategy to manage IT change and the risk that comes with it. Attend this webinar to learn:
How to craft an IT modernization strategy for the enterprise architecture
How to select the tools to control risks associated with IT modernization
Case studies of global firms that have successfully modernized their infrastructure to enable business and IT transformation
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.
*This webinar will be conducted in Mandarin
Organizations are turning to leverage big data and analytics to ‘look’ for indicators of intent or indicators of compromise, thus helping organizations focus their security resources on the threats at hand. The challenge though is how to process the vast amount of data, and furthermore, keep it relevant, timely, actionable – contextual. The challenge becomes harder when threat actors utilize a variety of techniques to maintain anonymity, reduce their ‘fingerprint’ and mask their intent.
In this webinar, Adam will share how Akamai leverages the vast amount of data that it sees daily to help its customers improve their security decisions, when the threat would otherwise be unclear. John will showcase how Akamai’s big data and analytics platform, Cloud Security Intelligence, powers its Client Reputation service. A service that provides the ability to forecast intent and protect applications against Distributed Denial of Service (DDoS) and application layer attacks, and how active defence can be applied to a variety of response mechanisms, delivering an intelligent contextually aware defence.
As of 2016, California requires all companies, no matter where they are based, to implement a minimum set of mobile security controls if they process sensitive personal information about California residents. Spend 30 minutes with us on how to comply with these new requirements. Review the California Data Breach Report for the new requirements.
This webcast is for Mobile IT and information security professionals and their legal and compliance teams. This webcast will cover:
The foundational security controls now required by law
How these controls are applied to mobile
Best practices to achieve compliance
The central role of Enterprise Mobility Management (EMM)
Chat is an excellent channel to improve service desk productivity, but when dealing with complex issues, it’s sometimes not enough. If your chat solution is implemented in a standalone silo, then customers may have to transfer to phone support when their issues go beyond the point of text, resulting in a disjointed customer experience. But if the chat transitions directly into a screen-sharing session, the support agent can instantly see and resolve the issue while maintaining a seamless conversation. This session will outline how to increase the value and power of chat through integrating it with other solutions such as remote support, knowledge bases, CRM and more. Turn your service desk into a one-stop-shop with a modern, integrated approach to support.
Many Security Operation Centers operate in a reactive mode. They primarily respond to alerts that are being presented to them by implemented detection technologies. And we all know alerts are generated in overwhelming volumes, severely crippling SOC’s effectiveness and efficiency. Today’s threat landscape requires SOCs to operate ever more proactively to keep up with the threat actors. More and more SOCs therefor are actively ‘hunting’ for threats that may be residing in the environment they are to defend. ‘Hunting' however requires a different approach from the traditional, reactive mode, not least for the SOC experts themselves.
Join Matias Bevilacqua, Mandiant Principal Incident Response Consultant, as he discusses tips and tricks for hunting for those lurking threats: what to look for, what tools to use, etc.? You will leave the session with some hands-on material to start turning over stones and uncover threats you never knew were there.
This presentation will enumerate some of the risks, old and new, of migrating to a cloud infrastructure as well as the risks posed by consumer and employee “cloud creep”. I will detail how your business could impacted and illustrate some architectural and procedural changes that can help to mitigate these risks.
Your next breach or insider attack will most likely have you digging for evidence in the cloud. Are you prepared? The old styles of imaging disks and tapping networks won't work. They will not scale. Join this webinar to discover response scenarios for cloud enabled and cloud dependent enterprises, a model for preparing for cloud response and examples of cloud breach investigations.
With more and more organisations using the services of a cloud provider, what impact does this have on securing Cardholder Data. This presentation will give an general overview of the PCI SSC, and then focus specifically on the issues relating to storing data in the cloud. Especially it will look at the key issues of “Who is responsible?” and “What happens when there is a data breach”. In addition the presentation will look briefly at the impact of the recent GDPR on cloud storage and cloud providers.
Your corporate network is open terrain. And it's hunting season. Malware, ransomware, and phishing scams are lurking. It's time to identify these threats to the enterprise earlier in the kill-chain and protect your employees, your data, and your network. The next evolution of Incident Response is here.
Isn't it time you adapted your security stack to gain visibility into threats across you endpoints, network, and cloud? We can arm you with the tools you need most to see what’s happening not just on your network and your endpoints, but also out on the Internet in the wild.
Join the product CTO’s from both OpenDNS and our Advanced Threats Groups, Dan Hubbard, Dean De Beer, and TK Keanini as they review how to modernize your response with critical solutions that provide visibility into the network, endpoint, and cloud and additionally talk about how to use these tools to investigate threats in the present, retrospectively, and into the future.
Join not one, but three CTOs from OpenDNS, AMP Threat Grid and Lancope for a complete review of what it takes to accelerate investigations, decrease incident response times, and uncover potential attacks before they are launched.
Hear from OpenDNS CTO, Dan Hubbard, Lancope CTO, TK Keanini, and Threat Grid CTO, Dean De Beer on August 22nd at 10am PT. You’ll learn:
-Strategies for addressing customer incident response challenges across Network, Endpoint and Cloud
-Three unique approaches for digging deeper into what happened before, during, and after an attack
-How together OpenDNS, AMP Threat Grid and Lancope combine to give you the best incident response portfolio
Unfortunately many organizations today are losing the race against the hacker community by a large margin. As noted in the Verizon 2016 Data Breach Investigation Report, the percent of compromises that transpired in “days or less” has risen from 67% to 84% over the last 10 years. Over this same time period, the percent of compromise discoveries that occurred in “days or less” also improved, but not enough to narrow the time gap between compromise and discovery. In other words, the bad guys are accelerating their exploits faster than the good guys are accelerating their ability to discover.
The path to narrowing the time gap between compromise and discovery, and then neutralizing business-impacting incidents, is through a comprehensive and mission-oriented Security Information and Event Management (SIEM). A well-designed SIEM not only advances security objectives, but it also works to direct personnel and process for maximum impact. With limited resources and a rising number of attacks, not all solutions are created equal. You need to ensure they are getting the best bang for your buck.
In this webinar, Michael Suby, vice president of research at the global research and consulting organization Frost & Sullivan, will discuss the factors that contribute to SIEM’s total cost of ownership.
• How to calculate the total cost of ownership of a SIEM
• The basic functionality that every SIEM should have to confidently breeze through preliminary activities
• The SIEM attributes that will have a lasting impact on your organization’s cost efficiency in effectively managing risk
Join us to learn the features that should be on the top of your scorecard when evaluating a SIEM for either first-time deployment or replacement.
The need to prioritize vulnerability management (VM) is greater than ever as IT security teams become overwhelmed with trying to protect against every threat that pops up. Organizations that understand the varying risks across vulnerabilities can focus on resolving dangerous exploitation, and avoid wasting crucial time addressing insignificant ones.
We invite you to attend the “Improving on 'Whack-a-Mole' Vulnerability Management” webcast featuring guest speaker Joseph Blankenship, Senior Analyst at Forrester, and Jimmy Graham, Director of Product Management at Qualys.
The following topics will be discussed during the webcast:
* Forrester data trends and insights from real-world client scenarios
* Why vulnerability management needs to be prioritized and elevated
* How Qualys ThreatPROTECT shows you what to remediate first (led by Qualys)