Hi [[ session.user.profile.firstName ]]

The Ultimate Goal: To Manage Information Security Governance and Risk Management

This Common Body of Knowledge Workshop is one where “the rubber meets the road.” In this workshop we will discuss the means for managing security for information assets with policy, standards, procedures and guidelines, and the means for assessing and where necessary, mitigating the risk to your organization’s information assets.The Information Security Governance and Risk Management domain entails the identification of an organization’s information assets and the development, documentation, implementation and updating of policies, standards, procedures and guidelines that ensure confidentiality, integrity, and availability. Management tools such as data classification, risk assessment, and risk analysis are used to identify threats, clarify assets, and to rate their vulnerabilities so that effective security measures and controls can be implemented.The Cyber Security certification candidate needs to understand security planning, identifying and securing organization’s information assets; the development and use of security policies, security training, the importance of confidentiality, proprietary and private information; third party management and service level agreements related to information security; employment agreements, employee hiring and termination practices, and risk management practices and tools to identify, rate, and reduce the risk to specific information resources.
Recorded Oct 30 2014 77 mins
Your place is confirmed,
we'll send you email reminders
Presented by
James D. Reeves, CISSP
Presentation preview: The Ultimate Goal: To Manage Information Security Governance and Risk Management

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Best Practices: Architecting Security for Microsoft Azure VMs Oct 25 2016 2:00 pm UTC 60 mins
    Oliver Pinson-Roxburgh, EMEA Director of Solutions Architecture
    Do you know if your workloads are secure? Do you have the same security and compliance coverage across all of the cloud platforms and datacenters running your critical applications? Are you having to design your security framework each time you deploy to a new region or datacentre?

    Whether you’re working with multiple cloud environments or exclusively on Azure, there are certain things you should consider when moving assets to Azure. As with any cloud deployment, security is a top priority, and moving your workloads to the cloud doesn’t mean you’re not responsible for the security of your operating system, applications and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your Azure environment is secure.

    Register for this impactful webinar as we discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

    In this webinar, we will take a look at:
    • The Shared Security Model: What security you are responsible for to protect your content, application, systems and networks
    • Best practices for how to protect your environment from the latest threats
    • Learn how traditional security approaches may have limitations in the cloud
    • How to build a scalable secure cloud infrastructure on Azure
  • Tips on Anyalyzing and Modeling Complex Data Sets Oct 25 2016 2:00 pm UTC 30 mins
    Scott Dallon, BrainStorm, Inc.
    Discover how businesses turn big data into meaningful insights to help make organizations work smarter, and make better decisions faster.

    Join Scott Dallon to learn tips on analyzing and modeling complex data sets!
  • Breached Elections - How Hackers Are Influencing Politics Oct 24 2016 9:00 pm UTC 60 mins
    Alex Holden, Founder and CISO of Hold Security, LLC
    Political elections shape our society for the years to come. While the foreign hackers are no longer watching our politics out of interest, they are electronically directly interfering with our politics. The Sony Pictures breach was more of a political statement, than a data loss event. With US elections around the corner, we are more of a cyber breach target than ever. Wikileaks is releasing documents, Russian hackers allegedly breaching DNC, and there is more to come. We will examine the current trends, look at the history of the worst manifestations of hackers influencing politics. Then we will draw conclusions on how the politics are changing under a threat of a constant privacy breach.
  • Vote Cyber! Modern Day Threats to Democracy Recorded: Oct 20 2016 37 mins
    Simon Crosby, CTO of Bromium
    The US election and its voting infrastructure are under attack. The result is ugly and shows the extent to which we need to plan for and protect against the influence of cyber-related attacks on US elections in future. In this brief discussion, Simon Crosby, CTO of Bromium will review the underpinnings of Democracy, and how we might defend it when it is in everyone’s interest to subvert it.
  • The Data Breach War: How banks can step up their line of defence Recorded: Oct 19 2016 62 mins
    JP Vergne (Scotiabank Lab, Ivey B-School), Nik Walser (EY), Mario Maawad (CaixaBank), Lawrence Chin (Palo Alto Networks)
    As holders of valuable client and financial data, banks have been prime targets for hackers and thieves. Entire payment systems can be compromised in the blink of an eye and clients also risk having their identities stolen.

    Join this panel session where our experts will discuss:

    -Best practices for preventing cyberattacks at every stage
    -Top mistakes banks and financial institutions make when dealing with valuable data
    -What makes you a target?
    -Using real-time analytics to identify anomalies and act on them immediately
    -Malware, threat prevention, next-generation security — what are they, what do you need to know?
  • IT Security & Privacy Governance in the Cloud Recorded: Oct 18 2016 61 mins
    Moderated by Rebecca Herold, The Privacy Professor; Jacqueline Cooney, BAH, Daniel Catteddu, CSA, Chris Griffith from HPE
    After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.

    While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
  • Elections, Deceptions and the Coming Cyberwar Recorded: Oct 17 2016 39 mins
    John Bambenek, Manager, Threat Systems at Fidelis Cybersecurity
    Earlier this year, it appeared Russian state sponsored actors had not only hacked the Democratic National Convention and Democratic Congressional Campaign Committee, they were using the purloined information for a propaganda operation insider the United States to attempt to influence the election. Now that the United States has made it clear there will be retaliation for this, we may have crossed over to open cyberwar. This talk will talk about the lead up to where we are today, what the likely outcomes of two developed nations attacking each other will be and what it means for consumers and enterprises who still most operate globally.
  • The Value of Redaction and Anonymity: Protecting Against Unwanted Exposure Recorded: Oct 14 2016 27 mins
    Paul Kurtz, Co-Founder & CEO of TruSTAR Technology
    We need a different type of intelligence exchange in this day and age - an exchange that is designed for timely and actionable insights. TruSTAR finds that there are 2 core pillars that enable this: Protecting Against Unwanted Exposure + Immediate RoI to Incentivize Early Use.

    We will be covering the 1st pillar in this webinar. The focus on privacy and the protection of unwanted market and reputational risk is a key ingredient to enabling a powerful and active exchange.

    Join TruSTAR's CEO Paul Kurtz and learn about the value of Redaction and Anonymity when thinking about a successful and active incident exchange.
  • Privacy vs. Security: Balancing Vulnerability Awareness & Incident Prevention Recorded: Oct 14 2016 59 mins
    Keith Moulsdale, Partner with Whiteford Taylor Preston LLP, Tim Vogel: CEO & CISO, Xtium; Kevin Lancaster, CEO, ID Agent
    Join us for this timely discussion with privacy and data security experts. With ever looming environmental threats such as of ransomware, data theft, denial-of- service attacks, every organization and every industry must be focused on IT security. However, there is a delicate balance and frequent conflicts between the idea of information privacy and security.

    How much individual privacy can be expected in an inter-connected world? How much should be sacrificed for the sake of maximizing corporate security? And where (if anywhere) can the lines between personal and corporate be drawn? How do these issue impact policies, training and security surrounding even the most simple of business communication tools: email.

    This presentation will provide an overview of the privacy vs. security challenges and explore specifically how these issues are impacting the issue of user email credentials and email vulnerabilities. This is especially critical given that emails are the number one contributor to data breaches. In fact, 63% of breaches in the US last year were the result of a compromised email credential.

    We will then a) discuss common misperceptions and security holes that can lead to ransomware and other malware vulnerabilities, b) compare the various alternatives for proactively addressing these vulnerabilities, and c) discuss strategies for preventing and responding to cyberattacks.
  • Privacy and/or Security – It’s a Matter of Perspective! Recorded: Oct 13 2016 41 mins
    Michael Lester, Chairman & Co-founder of SecretValet LLC
    Germany and France have “Declared War” on encryption in the name of national security and fighting terrorism at the same time that Apple and Microsoft have increased their encryption to ensure privacy. The twin concepts of Privacy and Security seem to be at odds with each other with governments primarily pushing for less personal privacy to provide greater national security while private corporations are pushing for more personal privacy claiming that personal privacy has little to no effect on national security or the fight against terrorism. How can both be right/wrong? How is it trending? Join us for a look at where we are now, how we got here, why most people are asking the wrong questions, and how the outcome of this battle will affect individuals, corporations, and countries alike.
  • Turbocharge your Cyber Investigations, Part 1 Recorded: Oct 13 2016 32 mins
    Jeff Lenton, Solutions Architect, RiskIQ
    While their cyber tactics may be continuously changing, bad actors can’t avoid interacting with core components of the internet. These interactions leave a trail that when connected through rigorous threat infrastructure analysis, can reveal the full scale of an attack and provide the information needed to determine the best response. The key to this analysis is access to a variety of global datasets and the ability to correlate and pivot between them in your investigation.

    In this two part series we will look at a range of global datasets and how each can be used to shed additional light on your adversary’s infrastructure. This session will focus on Passive DNS, Whois and Malware data. We will also demonstrate how security analysts can use the free community version of RiskIQ’s PassiveTotal to gain access to and pivot across these global datasets.
  • Using machines to combat criminals Recorded: Oct 13 2016 39 mins
    Lloyd Webb, Sales Engineering Director, Cylance
    2016 is turning out to be a landmark year in terms of Ransomware and there’s no sign of these threats slowing down any time soon. Ransomware is not new, it is just getting more sophisticated and is inflicting major damage to companies, organisations and individuals, shaping up to be a frighteningly lucrative year for cybercriminals, where any person with a computer can be exploited and used as a revenue source with the potential for vast profits.

    Learn how Cylance have revolutionized the industry by utilizing data science and security experts to provide a next-generation cybersecurity technology that proactively prevents, rather than detects the execution of advanced persistent threats and malware in real time before they ever cause harm.
  • Mostly OK Means Occasionally Disastrous: Context, Privacy & User Expectations Recorded: Oct 12 2016 46 mins
    John Wunderlich, Information Privacy & Security Expert, John Wunderlich & Associates
    Protecting customer privacy is usually closely aligned with security. However, when faced with national security threats, where do companies draw the line? In the example of social media companies that are trying to limit the reach of extremist videos and suspending extremist accounts, a problem can arise when such a system is used by an authoritarian regime to take down or identify individuals opposing it. The same tools, but used in a different context, become something other than what was intended. Join this talk as John Wunderlich, an information privacy and security expert, discusses why incorporating privacy into the design of such tools is key to protecting them from abuse by authoritarian regimes.
  • Cyber Risk Awareness: Preventing PII Theft & Identity Fraud Recorded: Oct 12 2016 45 mins
    George Vroustouris, Founder of Undo Identity Theft
    We have traded off our privacy rights for security, and our security processes for convenience. This is compromising the culture of high reliability in the American workplace. By de-engineering our need for ‘convenience’ back to our requirement for ‘security’ and ultimately back to our ‘privacy rights’ we can assess and define the steps required to develop a new methodology in the virtual world, addressing our perception of Privacy vs Security, and the need for both.

    George Vroustouris, Founder of Undo Identity Theft has spent more than 6 years researching and studying the risks and impact surrounding personal identifiable information (PII) theft, the sensitive personal data used to commit identity fraud. Join this presentation and learn about the privacy and security risks as our lives are becoming increasingly digitized.
  • Panel: Security vs. Privacy - Can We Have Both? Recorded: Oct 12 2016 60 mins
    Bob Carver, Dr. Ann Cavoukian, Scott Schober, and Dan Lohrmann
    Why is Privacy Important? Why is Security Important? Can We have Both?

    Some of the topics covered in this panel discussion include:
    • Personal responsibility
    • The roll of government
    • Online Advertising/Tracking
    • Surveillance
    • Law Enforcement
    • Location-based tracking

    • Bob Carver, Cybersecurity Guru at Verizon Wireless
    • Dr. Ann Cavoukian, International Privacy Expert, Professor - Ryerson University - Toronto
    • Scott Schober, Cybersecurity Expert and Author of "Hacked Again"
    • Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor, Inc.
  • One Step Ahead of Phishing Attacks Recorded: Oct 12 2016 56 mins
    Greg Maudsley, Senior Director Product Marketing, Menlo Security
    Phishing is serious business. It is the most common targeted method of cyber attacks, and the main perpetrators for phishing attacks are organized crime syndicates and state-affiliated actors.* Despite multiple security defense layers and many hours and dollars spent on end-user training, phishing continues to create headaches for security administrators.

    Join this webinar to learn:

    · New phishing prevention techniques

    · How to stop ransomware, malware and drive-by-exploits enabled by email phishing

    · Updated security research findings

    · Real-life case studies for using isolation techniques to prevent phishing attacks
    Speaker Bio:
    Greg Maudsley has over 15 years of IT security experience and is responsible for strategy development and threat isolation innovations at Menlo Security. Previously, Maudsley was a product marketing leader for F5 and Juniper Networks' Junos Pulse Business Unit. His responsibilities spanned the security spectrum, including application security, anti-fraud, cloud security, DDoS prevention, DNS sec, secure access, NAC, mobile security, application delivery and WAN Optimization. Maudsley holds an MBA from Santa Clara University Leavey School of Business, and a B.S. in Physics from the University of Redlands.
  • Your Life Is The Attack Surface: The Risks of IoT in 2016 Recorded: Oct 12 2016 35 mins
    Jason Haddix, Head of Trust and Security at Bugcrowd
    The unprecedented growth and adoption of connected devices has created innumerable new threats for organizations, manufacturers and consumers, while at the same time creating unprecedented opportunities for hackers.

    In this webcast, join well known hacker and bug hunting advocate Jason Haddix, as he analyzes the evolution of IoT security and the mistakes and developments that have led us to where we are today. With experience working to attack and defend IoT applications, Haddix will explore what it takes to effectively hack connected devices, and how the role of defenders has evolved in this space.
  • The Magic Bullet: How Social Engineering is the Key Recorded: Oct 12 2016 38 mins
    Jenny Radcliffe, Head Trainer, Jenny Radcliffe Training
    The human side of security is beginning to be acknowledged as at least as important as the technical side in terms of awareness and training programs for most organisations.

    In this webinar, Social Engineer and Trainer Jenny Radcliffe shares some advice as to what happens beyond acknowledging the threat, what, if anything, can an organisation do to turn Social Engineering to its advantage? Is there really a "magic bullet" that can engage staff, change security culture and contribute to a more secure organisation?
  • Solving the dilemma of securing private data in the cloud Recorded: Oct 12 2016 64 mins
    Sunil Choudrie, Global Solutions Marketing Mngr - Symantec & Robert Arandjelovic, Security Strategy Director EMEA - Bluecoat
    The cloud allows open sharing of data, allowing people to access information at home, in the office or on the move. This openness has come at a price, putting security and data privacy at risk.

    Research shows that on average, organisations are aware of less than 10% of all cloud applications used by their staff, providing a massive blind spot. If you don’t know where your sensitive data is, how do you secure it? In this 45 minute webinar we will outline the Symantec three-part framework for managing the Information Protection lifecycle and show how this applies to securing the cloud. The webinar will address:
    · The opportunities and risks of moving data to the cloud
    · Security and privacy implications
    · The Symantec three-part framework
    o How to ensure only trusted users and devices can access data
    o How to classify and discover sensitive data, and gain full visibility into the cloud
    o How to protect data through the application of encryption technology
    · Future direction and recommendations

    So if you are struggling with the dilemma of providing open access to sensitive data, register for this webinar today.
  • If Your Only Tool is a Hammer. Scanners v. Consultants vs. Crowdsourced Security Recorded: Oct 11 2016 44 mins
    Caroline Wong, VP of Security Strategy at Cobalt.io
    We all know that high quality software is good for business, and poor quality software is bad for business. Security and privacy teams work hard to ensure that good quality software protects sensitive data and keeps it private.

    Testing is a key component to creating and maintaining high quality software. Security and privacy professionals must balance critical factors like cost, access to the right skills, and coverage across a software portfolio when crafting a testing strategy for their organization.

    Join Caroline Wong, Vice President of Security Strategy at Cobalt.io, for an in-depth conversation about the benefits and risks involved in various testing techniques, from using security scanners to working with consulting firms to leveraging the power of the crowd.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Ultimate Goal: To Manage Information Security Governance and Risk Management
  • Live at: Oct 30 2014 1:00 pm
  • Presented by: James D. Reeves, CISSP
  • From:
Your email has been sent.
or close