Hi [[ session.user.profile.firstName ]]

Trust, but verify: Audit trail protection gap in IT Governance

Audit log data has been used for different purposes for years and is considered a foundational element within auditing and assurances processes. Ever increasing demands from legislation, regulation and business efficiencies are placing greater importance on the audit log data. Though requirements for the integrity protection of audit log data is stipulated thought many legislative, regulatory and best practice documents, most implemented controls fail to directly address the integrity of the audit log data. The resulting risk may equate to manipulated data being used to support established reporting mechanisms for compliance, business decisions, audits and forensics.



This presentation will seek provide insights on current IT Governance weaknesses and trends that are forming a large crack within organizations GRC controls

Nadeem has more than 12 years of exclusive experience within the Information Security Industry 8 of which were spent within the management consulting firms of Ernst and Young and Deloitte. Subsequently he has held a senior position within a software start-up company providing technology direction to penetrate the Information Security Industry and has also provided strategic risk management consultancy to global blue chip organisations including Research in Motion, Bank of Montreal and Fidelity Investments.

He is a graduate in Information Technology Security from the University of Westminster, a CISSP and CISM.
Recorded Nov 17 2009 39 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Nadeem Bukhari, Kinamik Data Integrity, VP of Product Strategy
Presentation preview: Trust, but verify: Audit trail protection gap in IT Governance

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • [Earn CPE] Cornerstones to Fortify Your Enterprise Cybersecurity Defense Sep 26 2019 5:00 pm UTC 75 mins
    Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions.
    The enterprise cybersecurity landscape is dramatically expanding in scale and complexity, and cyberattacks are growing in magnitude and impact as digital transformation increases on a global scale. From phishing scams, to ransomware attacks, to malicious breaches from state actors, the potential threat to your business is huge. According to the Ponemon Institute, the average per breach cost to a company in 2018 was estimated at $3.86 million, an increase of 6.4 percent over the previous year.

    Even though cybersecurity presents a challenge to the enterprise, you are not helpless against the bad actors who seek to cause real and costly damage to your business. A proactive, company-wide, integrated digital security strategy that addresses cybersecurity threats at all levels of your business will provide you with both the offensive and defensive capabilities you need to handle whatever comes your way. Earn 1 CPE credit by attending this educational and interactive panel webinar. Our experts will discuss why fortifying your cybersecurity strategy should be a critical priority and highlight some best practices that you can employ to stay ahead of evolving threats, including how to;

    - Understand the changing cyberattack landscape,
    - Create a company-wide cybersecurity task force,
    - Evaluate your security budget against your threat level,
    - Fortify your cybersecurity defense with systems hardening, adaptive authentication, and endpoint protection.
  • [Earn CPE] Preventing Data Breaches with a Scalable Verification Program Sep 10 2019 5:00 pm UTC 75 mins
    Moderated By Colin Whittaker, Informed Risk Decisions. Panelists: Evident ID
    Consumer demand is driving the corporate IT environment. Business demands for IT are changing rapidly — so too are the demands on IAM — resulting in the requirement to adopt emerging technologies (e.g., mobile and cloud computing, data loss prevention, and social media) earlier and more quickly. Scalability is critical for any business that wants to catalyze short- and long-term success. A flexible workflow for identity verification can help organizations of all sizes with limited time, resources, and funding to focus their efforts on initiatives that support positive growth. While your business might be conducting background checks today, it could have different verification needs in the future to ease onboarding friction, prevent data breaches, and demonstrate regulatory compliance.

    It’s important to begin laying the groundwork now for a more sophisticated and intricate verification program so you can be proactive, not reactive, but what does a scalability strategy look like? In this CPE accredited panel webinar our experts will address how to create identity and credential verification workflows that can scale with your organization as it grows, including how to:

    - Gain a better understanding of the digital identity landscape,
    - Ensure accuracy of both data sources and verification records,
    - Centralize verification of multiple data sources into a unified platform,
    - Evaluate new developments like biometrics, AI, and blockchain, and how they can impact identity and data management,
    - Save money in the long-term by laying the groundwork for adaptable online verification workflows,
    - Adapt and respond to new regulations.
  • [Earn CPE] Automating Your Third-Party Risk Management Program Jul 25 2019 5:00 pm UTC 75 mins
    Colin Whittaker, IRD; with panelists from: BitSight. OneTrust, and ProcessUnity.
    The current state of vendor risk management (VRM) is bleak. More than half of all information security breaches are caused by third-party vendors, and according to Deloitte 83% of today’s business leaders lack confidence in third party VRM processes. Given the growing complexities in accurately collecting and screening third-party data and the need for deeper due diligence, automation is key to a successful risk program. However, many corporations haven’t adopted automation in their third-party risk management programs.

    The lack of automation adoption can be traced to a few core reasons. Disparate systems, out-of-date data, and inconsistent policies can all stifle a company’s ability to modernize their third-party risk management program, and companies often suffer from more than one of these. When applied effectively, automation can not only help prevent these roadblocks; it can also drive the efficiencies procurement and compliance leaders are looking for. Join this CPE accredited panel webinar as our expert panel address some key steps to automating third-party risk management, including how to:

    -Manage an up-to-date vendor master to create one source of truth across the entire corporation,
    -Leverage automation and machine learning to standardize data governance,
    -Drive efficiencies and reduces costs, while ensuring the highest accuracy in your third-party risk management program.
  • [Earn CPE] Executive's Guide to Smarter GRC with Cybersecurity Attack Analytics Jun 27 2019 5:00 pm UTC 75 mins
    Moderated by Colin Whittaker. Panelists from Lockpath, Ping Identity, Greenlight Technologies, and Netwrix.
    Today’s increasing organizational complexity and evolving threat environment have made it more critical than ever for organizations to clearly identify their exposures, measure vulnerability risk, and quickly prioritize remediation efforts. Cyberattacks are often hidden from view under a mountain of alerts generated by security systems, giving attackers time to gain access to systems and seize valuable data.

    To ensure their companies don't end up in the headlines for the wrong reasons, corporate governance, risk management, compliance management and other “lines of defense” functions need to rethink their security strategy and take an approach that looks at behavior and attack patterns. By conecting cybersecurity attack analytics with risk programs and GRC work streams, executives can increase visibility into the overall security risk of the organization which makes the investigation of application security events easy, and enables teams to mitigate and respond to real security threats quickly and decisively.

    Join this CPE panel webinar for insights on achieving smarter GRC with CAA. We will share:

    - Why traditional endpoint security is failing to see and stop attacks.
    - How using attack analytics can stop cyberattacks now and in the future.
    - Efficient ways to analyze events and prevent threats.
    - How to move from looking back to real-time and forward-looking GRC monitoring.
  • Ask the AppSec Expert: How to Secure the Applications you Build, Buy & Manage Jun 6 2019 2:30 pm UTC 30 mins
    Paul Farrington, Veracode | Yotam Gutman, Cybersecurity Marketing Community
    Tomorrow's businesses need a simpler and more scalable way to increase the resiliency of global application infrastructure, without slowing innovation, today.

    Join this interactive 1-2-1 discussion where EMEA Chief Technology Officer, Paul Farrington (CISSP, MBCS) will share how leading businesses are;

    - Improving the level of security awareness and addressing the skills deficit
    - Enabling developers to fix flaws and prevent new ones
    - Prioritising and triaging the most exploitable flaws
    - Automating application security
    - Providing software development leaders with really useful security metrics
    - Incentivising secure development as part of their culture

    This session will show you how architects and developers are making smarter choices in designing secure software. You will also learn how to report success, and investment justification, to the board whilst setting realistic expectations throughout the software development lifecycle and not just at the destination.
  • Livestream Video - Proactive Data Privacy and Security Jun 6 2019 1:00 pm UTC 45 mins
    Steve Wright, Bank of England | Christian Toon, Pinsent Masons | Ilias Chantzos, Symantec | Allan Boardman, ISACA
    How can enterprises shift from a reactive approach to privacy and data security to being proactive and closer to privacy-and-security-by-design? Join this panel of experts to get the answer to all of your privacy, security and compliance questions.

    Viewers can learn more about:
    - Effect of GDPR: One year later
    - How are enterprises instituting changes to achieve and maintain compliance
    - Challenges to achieving compliance in an IoT world
    - How to bake privacy and security into your processes
    - Best practices for data protection and privacy from the ground up

    Panellists
    Christian Toon, CISO, Pinsent Masons
    Steve Wright, CISO & GDPR Advisor, Bank of England
    Ilias Chantzos, Senior Director, Government Affairs, Symantec

    Moderated by Allan Boardman, CGEIT Certification Committee Member, ISACA
  • Livestream Video - Application Security in a DevOps World Jun 6 2019 10:30 am UTC 45 mins
    Moshe Lerner, Checkmarx | Paul Farrington, Veracode | Yotam Gutman
    With today's enterprises leveraging around 1000 applications and multiple clouds, application security is becoming a key area of focus. Application security testing is being integrated into the DevOps process early on, while automation, speed and coverage and becoming critical to the success of DevSecOps programs.

    Join this interactive panel of industry experts to learn more about:
    - Why application security is critical
    - Key principles for building application security into DevOps
    - Best practices for leveraging automation
    - Speed vs Security: Where do you draw the line?
    - Recommendations for improving security in 2019

    Panellists
    Paul Farrington, EMEA CTO, Veracode
    Moshe Lerner, SVP Product Strategy & Corporate Development, Checkmarx

    Moderated by Yotam Gutman, Founder & Community Manager, Cybersecurity Marketing Community
  • Ask the Security Expert: How to Protect your Business in the Cloud Jun 5 2019 2:30 pm UTC 30 mins
    Carl Leonard, Forcepoint | Raef Meeuwisse, ISACA Expert Speaker
    Cloud security is a key challenge for today's data-driven businesses.

    Join this interactive 1-2-1 discussion where Principal Security Analyst, Carl Leonard will share insights on;

    - What are the top cyber threats and trends to look out for in 2019?
    - Why are businesses continuing to suffer data breaches?
    - How are businesses securing themselves as they embrace digital transformation?
    - What is secure SD-WAN? Why is it increasingly important to businesses with distributed office locations?
    - What are the most important security solutions for businesses wishing to safely adopt cloud services?

    Moderated by Raef Meeuwisse, ISACA Expert Speaker and co-author of "How to Hack a Human: Cybersecurity for the Mind"
  • Livestream Video - Protecting Against Phishing, Ransomware & Social Engineering Jun 5 2019 1:00 pm UTC 45 mins
    Raef Meeuwisse | Carl Leonard, Forcepoint | John Scott, Bank of England | Adenike Cosgrove, Proofpoint | Richard Agne, Code42
    External and internal threats continue to pose a challenge for security professionals worldwide. How are businesses preparing against attacks like phishing, ransomware, and social engineering?

    Join security experts from the industry to learn more about:
    - The most prevailing cyber threats businesses face in 2019
    - Lessons from cyber attacks and strategies for protecting against them
    - Solutions for faster breach detection and response
    - Why network visibility is key
    - Recommendations for improving enterprise security

    Panellists
    Richard Agnew, VP EMEA, Code42
    Carl Leonard, Principal Security Analyst, Forcepoint
    John Scott, Head of Information Security, Bank of England
    Adenike Cosgrove, Cybersecurity Strategist, Proofpoint

    Moderated by Raef Meeuwisse, ISACA Expert Speaker and co-author of "How to Hack a Human: Cybersecurity for the Mind"
  • Livestream Video - CISO Challenges and How to Solve Them Jun 5 2019 10:30 am UTC 45 mins
    Darren Thomson, Symantec | David Boda, Camelot Group | George Patsis, Obrela Security Industries | Martin Mackay, Proofpoint
    Today's CISO faces a myriad of challenges when it comes to securing the enterprise. From budgetary concerns and vendor confusion to dealing with the chronic lack of cyber talent, to addressing the disappearing security perimeter, CISOs are looking for ways to automate security operations and leverage AI to do more with existing teams and fewer tools.

    Join security experts across the industry for an interactive discussion on:
    - What keeps CISOs up at night
    - Strategies for breach prevention
    - Strategies for making the most of AI technology and human talent
    - Coping with analyst fatigue
    - Threats on the horizon
    - Recommendations for strengthening security

    Panellists
    David Boda, CISO, Camelot Group
    Darren Thomson, CTO - EMEA, Symantec
    George Patsis, CEO, Obrela Security Industries
    Martin Mackay, Senior Vice President - EMEA, Proofpoint

    Moderated by Yotam Gutman, Founder & Community Manager, Cybersecurity Marketing Community
  • Ask the Cyber Expert: How to Manage Cyber Exposure, Risks and Compliance Jun 5 2019 9:30 am UTC 30 mins
    George Patsis, Obrela Security Industries | Yotam Gutman, Cybersecurity Marketing Community
    Join this interactive 1-2-1 discussion where information security expert, George Patsis will share how to;

    - Align cybersecurity function with organisational and business strategy
    - Meet regulatory and compliance requirements
    - Deal with breaches in an ever-changing technology landscape
    - Create valuable reports

    During this session, you will learn how to identify, predict and prevent cyber threats, in real time.

    Moderated by Yotam Gutman, Founder & Community Manager, Cybersecurity Marketing Community
  • Ask the Cloud Security Expert: How to Protect your Critical Data in the Cloud Jun 4 2019 3:30 pm UTC 30 mins
    Dave Barnett, Forcepoint EMEA | Alex Hilton, Cloud Industry Forum
    Effectively protecting critical data in the cloud is a key challenge for today's data-driven businesses.

    Join this interactive 1-2-1 discussion where Cloud Access Security Broker (CASB), Dave Barnett will share insights on;

    - Why and how today organisations are protecting data in the cloud.
    - What are the main risks inherent in the adoption of cloud services?
    - Where the key challenges are in protecting data in the Cloud?
    - What to look for when selecting cloud security for your organisation

    Moderated by Alex Hilton, Chief Executive, Cloud Industry Forum
  • Ask the Data Protection Expert: How to Protect your Data Journey Jun 4 2019 2:30 pm UTC 30 mins
    Patrick Grillo, Fortinet | Yotam Gutman, Cybersecurity Marketing Community
    Join this interactive 1-2-1 discussion where network security and IP networking solutions expert, Patrick Grillo will share how to deal with security challenges as networks evolve including cloud-based resources and SD-WAN.

    Key themes to be explored include;

    - Why security should never be treated as an afterthought
    - The impact of new technologies/techniques on existing security infrastructure/practice
    - How to develop/maintain a consistent security practice beyond technology
    - How to get C-suite commitment and build the right organizational structure

    This session showcases the need for security continuity by connecting a number of disparate concepts, for example how the Cloud services and SD-WAN are related.

    Moderated by Yotam Gutman, Founder & Community Manager, Cybersecurity Marketing Community
  • Livestream Video - Securing the IoT in the Age of Threats Jun 4 2019 1:00 pm UTC 45 mins
    Wallace Sann, Forescout | Nigel Stanley, TÜV Rheinland Group | Jonathan Zulberg, LogRhythm | Jason Soroko, Sectigo
    The ever-growing Internet of Things continues to pose security and privacy threats. How are businesses managing the risks associated with IoT devices on their networks? What are the best strategies for achieving basic security and cyber hygiene?

    Join this interactive panel with IoT and security experts to learn more about:
    - Impact of IoT on enterprise security
    - How to assess the IoT risk
    - Most common IoT vulnerabilities and how to address them
    - Recommendations for improving IoT security

    Panellists
    Jason Soroko, CTO of IoT, Sectigo
    Jonathan Zulberg - Director of Sales Engineering - EMEA, LogRhythm
    Wallace Sann, VP Global Systems Engineering, Forescout Technologies
    Nigel Stanley, CTO - Global OT & Industrial Cyber Security CoE, TÜV Rheinland Group

    Moderated by Yotam Gutman, Founder & Community Manager, Cybersecurity Marketing Community
  • Livestream Video - Multi-Cloud Security and Compliance Jun 4 2019 10:30 am UTC 45 mins
    John Meakin, GSK | Patrick Grillo, Fortinet | Dave Barnett, Forcepoint EMEA | James Hughes, Rubrik
    The cloud strategy of today's enterprise spans across multiple clouds and hundreds of applications. Point security solutions no longer work, so enterprises are turning toward a more orchestrated approach to achieving security and compliance in the cloud.

    Join cloud and security leaders in an interactive discussion to learn about:
    - Key security and compliance challenges associated with a multi-cloud strategy
    - Recommendations for managing and automating security across multiple clouds and applications
    - The future of cloud
    - Improving enterprise security in an ever-changing threat landscape

    Panellists
    James Hughes, Field CTO, Rubrik
    Dave Barnett, Head of CASB, Forcepoint EMEA
    Patrick Grillo, Senior Director - Security Solutions, Fortinet
    John Meakin, Group Chief Information Security Officer, GlaxoSmithKline (GSK)

    Moderated by Alex Hilton, Chief Executive, Cloud Industry Forum
  • Ask the IoT Security Expert: How to Protect your Business in the IoT Jun 4 2019 9:30 am UTC 30 mins
    Jason Soroko, Sectigo | Yotam Gutman, Cybersecurity Marketing Community
    Today's digitally connected businesses require multi-layer defence against rising and more sophisticated web-based threats across websites, devices, infrastructure, and cloud.

    Join this interactive 1-2-1 discussion where IoT security expert, Jason Soroko, will share how to deal with IoT security challenges.

    - How to determine if IoT connected devices in your operations infrastructure are secure
    - What is the difference between symmetric tokens, PKI based certificates and device identities?
    - What is the role of trust models to enable third-party device interoperability?
    - What are some methods to provision a device with a x509 certificate?
    - How to secure a digital identity for devices that do not have a hardware secure element such as a TPM?

    Moderated by Yotam Gutman, Founder & Community Manager, Cybersecurity Marketing Community
  • Ask the Cyber Risk Expert: How to Minimise Cybersecurity Risk Factor in M&A Jun 4 2019 8:30 am UTC 30 mins
    Wallace Sann, VP Global Systems Engineering, Forescout Technologies
    Any merger or acquisition poses daunting challenges to IT leaders. Not only are they tasked with integrating people, processes and technology in the shortest possible time frame, they must also remain vigilant about addressing the added cybersecurity risks.

    Join this interactive 1-2-1 discussion where systems engineering expert, Wallace Sann will share how to minimise the cybersecurity risk factor in M&A including;


    Who are the key decision makers in the M&A process and what are the different/new challenges they’re facing?
    What has historically been the risk focus for acquiring companies, and how is that focus changing?
    How can companies as a whole minimize cyber risk and protect themselves during the M&A process?
    Are there any opportunities for IT teams to reduce cyber risk during an M&A?
    What does Forescout recommend companies do in order to enhance their cybersecurity posture when preparing for an acquisition?
    With the explosion of IoT devices across industries, should there be more concern around connected devices during an acquisition?
  • Identity Verification and Authentication: Balancing Compliance and Convenience Jun 3 2019 11:00 am UTC 75 mins
    Melisande Mual | The Paypers, Berit Svendsen, Vipps | Husayn Kassai, Onfido
    Organisations are often challenged with finding the right balance between innovating and staying secure. How are cutting-edge advancements revolutionising the way we look at identity and authentication?

    Join the panel to hear about:

    -Understanding the digital identity landscape
    -How to avoid drop-off during the verification process
    -How developments like biometrics, AI, blockchain can impact identity and data management
    -How to adapt and respond to new regulations like PSD2, Open Banking, and GDPR

    Panel moderated by: Melisande Mual, Founder at The Paypers,
    Berit Svendsen, EVP International Business at Vipps
    Husayn Kassai, CEO & Founder, Onfido
    Panelist to be announced
  • [Earn CPE] Enabling GRC with Secure Authentication across the Digital Ecosystem May 30 2019 5:00 pm UTC 75 mins
    Colin Whittaker, IRD; Richard Bird, Ping Identity; Teju Shyamsundar, Okta, Jerrod Chong, Yubico; and Andy Smith, Centrify.
    The days of securing a well-defined perimeter around your organization are gone. The cloud, mobile technologies, the internet of things (IoT) and diverse user groups freely exchange data across digital ecosystems, network and economies. This fluidity, however, means that organizations must secure access at multiple points throughout the organization, or risk letting in intruders seeking to hijack data.

    To manage the increasingly diverse digital landscape, IT and security managers need to move beyond usernames and passwords, and expand their use of multi-factor authentication (MFA) to help provide secure and convenient access to the critical data and systems users need. On this webinar our panel of experts will address how secure authentication can help enable GRC across the digital ecosystem, and they will share tips on:

    - Securing access at all points across applications, devices, users and environments.
    - Sharing insights across security systems to strengthen security.
    - Collecting and analyzing information to stop attacks.
    - How MFA can transform secure access—to any application, from any device, anywhere, at any time.
    - Strengthening identity assurance with privileged users.
  • Riding New Data Regulation Waves: Intro to CCPA Recorded: May 22 2019 54 mins
    Victoria McIntosh, Information & Privacy Professional
    Surf's up! Coming into force in 2020 is the California Consumer Privacy Law. As a new privacy law in the United States, the CCPL breaks significant ground. Following international trends, those living in California will soon have stronger privacy rights.

    If you do business in the state or process data on California residents, time to pay attention. Get amped with Privacy Technologist Victoria McIntosh, breaking down what you need to know about the new regulation.
trends, developments, and technology
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Trust, but verify: Audit trail protection gap in IT Governance
  • Live at: Nov 17 2009 1:00 pm
  • Presented by: Nadeem Bukhari, Kinamik Data Integrity, VP of Product Strategy
  • From:
Your email has been sent.
or close