Name: Top Requirements for Automating SOX Quarterly Self-Assessments
Start: 2010-09-29T18:00:00Z
End: 2010-09-29T18:47:07.000Z
Location: BrightTALK
Rating: 3.47

The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Earn 1.5 CPE Credits on this webinar

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. It disrupts or halts an organization’s operations and poses a dilemma for management: pay the ransom and hope that the attackers keep their word about restoring access and not disclosing data, or do not pay the ransom and restore operations themselves. The methods used to gain access to an organization’s information and systems are common to cyberattacks more broadly, but they are aimed at forcing a ransom to bepaid. 

Organizations must be able to quickly recover from a Ransomware attack and trust that any recovered data is accurate, complete, and free of malware. Fortunately, organizations can implement the NIST Cybersecurity Framework to prepare for and reduce the potential for successful ransomware attacks. Attend this webinar to learn how to go about this, including how to:

- Gauge your organization's level of readiness to mitigate ransomware threats 
- Identify security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events
- Understand how to manage data integrity risks and implement the appropriate safeguards to pretect critical data, systems, and devices from ransomware
- Prepare for and respond to any ransomware attacks that succeed

CPE | Preparing for Ransomware with the NIST Cybersecurity Framework

Earn 1.5 CPE Credits by attending this webinar

It has always been challenging for security leaders to communicate the value of cybersecurity investments to board. Giving transparency about the weakness of organizations can be pretty uncomfortable but, it is essential to increase the Cybersecurity level. As an IT Manager, CISO, or CSO, your understanding of risk and compliance is intimate and understood in infosec terminology. You must offer board executives a set of data to help them make informed decisions based upon the optimal management. 

However, the Board of Directors expect brevity, and examine business practices from a birds-eye perspective. Attend this webinar to learn how to improve your board’s cybersecurity posture by effectively communicating risks in business terms, including how to:

- Create trust with dialogue delivery and engage leadership with universal, non-security terms
- Show metrics to quantify challenges, & categorize in financial terms
- Use data to explain the problem, and share how that same data provides you with a way to solve it
- Help board executives move to an ‘internet everywhere’ approach

CPE | How to Effectively Communicate Cybersecurity Risks to the Board

Earn 1.5 CPE Credits on this webinar.

The COVID-19 pandemic and increased geopolitical uncertainty has placed new priorities and responsibilities on the shoulders of risk and compliance professionals. Executives have realized that stronger ERM programs are required to remain competitive in this new era. Risk leaders, in turn, are looking beyond the urgent ERM measures required to handle the pandemic to how an effective enterprise risk management program can be a competitive differentiator for their companies.

 Join us our panel of experts as they identify the top regulatory and compliance trends impacting risk management, and learn how to:

- Implement an enterprise risk management framework
- Integrate risk management with digital transformation
- Develop a more comprehensive risk technology stack and broker C-level ERM buy-in
- Connect the dots between enterprise risk and environmental, social and governance (ESG) agendas
- Plan and demonstrate agility in your risk management program

CPE | Top Regulatory & Compliance Trends Impacting Risk Management

Earn 1.5 CPE Credits on this Webinar

Cyber Risk Quantification can help CISOs financially quantify risk for senior executives, identify program gaps, and prioritize areas for improvement. Unfortunately, despite the obvious benefits, many CISOs are struggling to implement cyber risk quantification (CRQ).

Join Jake Olcott, BitSight VP of Communications, Dr. Jack Freund, VP, Head of Cyber Risk Methodology, BitSight, and a featured speaker from Forrester, as they discuss challenges and practical actions that CISOs can take to make CRQ a reality for their organizations, including how to:

- Get started on your CRQ journey
- Achieve CRQ without incurring significant cost
- Operationalize CRQ within your cybersecurity framework
- Align your CRQ strategy to industry standards

CPE | Cyber Risk Quantification: Turning the Dream into Reality

No matter how mature a cybersecurity program is, there always remains room for improvement. Digital transformation continually expands the scope of IT processes, and organizations continue to grapple with resource, staffing, and skill challenges. 

On this webinar, we’ll address how to augment staff expertise and resources with automation and continuous control assessments, enabling IT auditors and risk managers to work smarter and:

- Enhance security architecture to improve how segmentation is structured or controls are designed
- Use technology to automate, reduce human error, and focus your team on more strategic areas
- Reduce the time you need to keep up with risk assessments and meet compliance goals
- Optimize SOC processes and Simplify risk initiatives

Optimizing Controls to Mitigate Cybersecurity Risks

Data privacy continues to make headlines and be a concern for many organizations. According to a recent study by CNBC, 23.1% of the 39 CFOs see cyber-attacks as the number 1 external risk to their company. The average total cost of a data breach is $3.62 million, the global average cost per record is $141, the average data breach size is 24,089 records, and the odds of experiencing a data breach are as high as 1 in 4. With global regulations such as the GDPR and CCPA in place and more coming into effect as privacy practices mature, companies must take a very intentional review of the data they collect and how that data is processed across departments to comply with emerging privacy regulations. 

How is your organization managing data privacy? Does your board, executive team, and regulators have the confidence that the risk is being adequately addressed across your value chain?  Join this webinar as our panel of experts discuss how to use technology to close the GRC gap and achieve data privacy, including:

- Define and maintain a set of policies and procedures that indicate the expectations necessary to manage data privacy.
- Evaluate the control environment and provide evidence of sustainable risk management practices.
- Organize omni-channel data and manage privacy concerns from both a GRC and organizational perspective. 
- Translate legislation to business activities to ensure conformance with applicable laws. 
Incorporate globally accepted frameworks.

Data Privacy 101: Using Technology to Close the Compliance & Security Gap

According to one study by Ponemon Research Institute, about 53% of organizations say they’ve had at least one third-party breach in the past two years with an average cost of $7.5 million dollars, and the majority of organizations still have immature third-party risk programs. As a result many organizations today are making deep investments into cybersecurity and implementing third-party risk assessment frameworks (such as NIST and ISO) to drive risk management and protect against constantly advancing cyber attacks. 

In some cases, your organization’s needs may be so diverse that you’ll benefit from adopting best practices from more than one framework. Attend this CPE webinar to learn how to go about this, including how to:

- Identify, establish, assess, and manage supply chain risk management processes
- Establish contracts with third-party vendors to ensure implementation of security measures that align with your organization’s cybersecurity, compliance, and risk management standards
- Routinely assess your third-party suppliers with audits and test results and other evaluations to ensure they’re meeting your contractual agreements
- Conduct response and recovery planning and testing with your supply chain partners

Aligning Third-Party Risk Controls to Your Security Framework

Being a security professional has never been harder. The increasing threat environment, expanding attack surface, and continuous stakeholder demands for transparency are only adding to the challenges. It’s no wonder that Gartner’s latest report — “Predicts 2022: Cybersecurity” — states that cybersecurity leaders are “losing control” of decision making in an increasingly distributed ecosystem. 

This webinar will highlight the critical issues facing security leaders in 2022 and what they can do to overcome these challenges, including: 

—Adapting to the changing role of the cybersecurity leader
—Effectively addressing demands from customers, regulators, and credit agencies 
—Implementing a robust third party risk management program
—Leveraging cyber risk quantification to enable decision making

Increase Your Cyber Resilience & Regain Control of Your Security Program

According to a recent survey by security vendor Anchore, 64% of businesses were affected by a supply chain attack in the past 12 months, and this year supplier attacks are expected to quadruple according to the European Union Agency for Cybersecurity. Third-party breaches can result in severe financial losses, downtime, loss of sensitive information, loss of reputation, breach of compliance, fines, and other legal liabilities. 

A well-orchestrated TPRM program can not only mitigate third-party cyber risks but also boost the ability to on-board, manage, and maintain third-party suppliers. Join us on this expert panel as we discuss how to build a strong TPRM program, including how to:

- Establish the quality of data coming in, and keep your reporting flexible
- Create a central repository of all your third-party vendors
- Determine risk potential and “Tier” your exposure
- Develop a security scorecard and address risks in order of priority
- Continuously monitor, optimize, strengthen, and streamline

Cornerstones to Strengthen Your Third-Party Risk Management Program

The average ransom fee requested increased from $5,000 in 2018 to around $200,000 in 2020*, and according to FBI Director Christopher Wray, reports of ransomware attacks have tripled over the past year. The increased frequency and scope of these attacks present not only a business risk for a company, but legal and compliance risks as well.

Is your compliance team prepared?

Even if your organization is operating in full compliance with all laws and regulations, paying a ransom to a sanctioned cybercriminal in response to an attack is prohibited. Join us on this CPE webinar as we discuss best practices for your risk-based compliance program to be better prepared for escalating cybersecurity threats, including how to:

- Identify trends and the latest tactics used by ransomware groups
- Understand the nature, evolution and scale of the cyber and ransomware compliance landscape
- Examine key considerations in maintaining robust compliance and managing risk in the context of these evolving issues
- Assess regulatory expectations and guidance in the cyber and ransomware space

* Source: The National Security Institute

Ransomware Attacks in 2022: Compliance Lessons Learned

Earn CPE credit on this webinar.

How do hackers survey your company to identify gaps in your security program? Rachel Tobac executes these attacks for a living! But she's not a criminal, she's a white hat hacker -- launching successful social engineering attacks to train others on the up-to-date methods criminals use to gain access to your money, data, or systems, before the bad guys get there first. Rachel's fun and fast-paced hacker stories from the field will arm you and your business with current examples of real attacks and the necessary skills, scripts, and best practices to catch hackers like her in the act with takeaways on protecting your firm’s valuable assets. With insights like these, and with tools like BitSight, that can identify many of the obvious external exploitable controls, you can improve your overall security posture, and also harden your employees, who are your first security control!

Learn how to:

- Identify the most vulnerable external and internal practices or policies
- Prepare for a Social Engineering Risk Assessment
- Understand the information you’ve collected and identified
- Evaluate and quantify each risk

CPE | Inside the Mind of a Hacker

Keeping track of cyber threats isn’t easy. The sheer volume of information threat researchers must sift through makes it difficult to collect, analyze, and research that data on time. The key to success is leveraging advanced analytics. It has been estimated that it would take 8,774 analysts working full time for a year to process the same amount of security event data that advanced analytics can process in that same time frame. Advanced analytics takes you from simply monitoring cyber security threats to active threat analytics, management, and prevention. 

Attend this webinar to learn how advanced analytics and machine learning can power threat intelligence, and enable threat researchers to:

- Conduct qualified and detailed threat assessments that can help keep your business secure
- Detect malicious anomalies in your internet traffic and catch cyber security threats before they seriously impact your network
- Gain total visibility of your attack surface and better determine what you need to do to prevent attacks
- Utilize the ATT&CK knowledge base in your security strategy

How to Improve Threat Intelligence with Advanced Analytics

Organizations today are tasked with meeting the challenges of the current business climate, one of which is managing GRC processes which are often siloed. GRC has a wide reach and impacts many departments across an organization, but when it is done right, benefits accrue. Organizations that integrate GRC processes and technology across departments can ensure the right people get the right information at the right times; that the right objectives are established; and that the right actions and controls are put in place to address uncertainty and act with integrity.

On this panel discussion webinar we will address how to align GRC Processes with your business goals, including how to:

- Enhance your risk posture and reduce costs
- Implement consistent operational processes, including remediation and security gap assessments
- Assesses and manages risks and controls across the enterprise via consistent, accessible analytics
- Track and monitor strategic performance via a comprehensive view of risk and compliance goals, challenges, and progress
- Make GRC-informed decisions related to enterprise development, procurement, and investments

GRC 101: Aligning Compliance, Security, and Business Goals

Cybersecurity risks come in many forms, and most importantly, risks are evolving at an increasingly rapid pace. Organizations across industries should work to implement adaptive cybersecurity processes that enable them to predict, prepare and react to the shifting landscape of cyber threats. The NIST Cybersecurity Framework enables organizations to apply the principles and best practices of security to drive risk management and protect against constantly advancing cyber attacks.   Attend this CPE webinar to learn how to go about this, including how to:  - Outline the common security risks organizations face - Define cybersecurity threats, vulnerabilities, and consequences - Map the NIST CSF with security controls and reporting - Develop an established incident response plan

Paradigm Shift: Using NIST Cybersecurity Principles to Drive Risk Strategy

As organizations have increased their scope of vendors and partners, they have also increased their digital risk surface and are facing new challenges regarding vendor risk management. By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your organization's most critical third-party security gaps. 

Register for this webinar to learn how you can leverage data to drive significant improvements in your third-party risk management program, including:

- Tips to measure your vendor risk exposure
- Insights into pioneering practices, program bench-marking and operation metrics
- Principles for fair and accurate security ratings
- How to utilize inherent risk methodologies to prioritize your vendors

A Data-Driven Approach to Third-Party Risk Management

Earn 1.5 CPE Credits on this webinar

We are all in the risk business. No risk, no business. The biggest risk points are usually where the biggest opportunities lie to better meet your strategic objectives, enable and drive growth, improve reputation management and confidence in decision-making — and face fewer surprises.

A strong proactive risk management culture enables an organization to be more nimble, adaptable, and change-ready.  On this panel discussion webinar we will address some of the key steps your organization can take to strengthen your risk management culture now and fuel business growth, including how to: 

- Ask the right questions to accurately assess the risks and put plans and controls in place to mitigate them. 
- Drive enterprise-wide accountability to break down silos.
 -Give your employees appropriate training to enable them to take ownership of risks and identify and manage them more effectively.
- Develop communications plans for when events negatively affect perception of your organization. 
- Leverage the opportunities that align to your strategic goals.

Strategies to Turn Risk into an Opportunity for Business Growth

Earn 1.5 CPE credits by attending live.

Colonial Pipeline. JBS meat processor. Scripps Health. The list of recent high-profile ransomware victims is long and growing. So are the costs to recover from these crimes.
But what if you could take preventive steps to reduce your likelihood of becoming a ransomware victim? BitSight recently analyzed hundreds of ransomware incidents to identify common security performance gaps and challenges that lead to successful ransomware incidents. One finding: Poor patching performance is a strong indicator of increased risk to ransomware. In fact, organizations with less mature patching programs are 7x more likely to experience a ransomware incident. 
Register for this executive roundtable for new insights and discussion about:
● Sector-specific insights tied to recent ransomware trends
● Vulnerabilities that indicate heightened risk of ransomware
● Programmatic areas to reduce the likelihood of being a ransomware victim

Ransomware: How to Reduce Your Likelihood of Being a Victim

Data breaches are one of the world’s biggest cybersecurity threats for organizations of all sizes. A recent survey conducted by the Ponemon Institute revealed that 59% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate. Incorporating current threat intelligence is critical to building and maintaining an effective third-party risk program. 

A successful third-party risk program should provide comprehensive threat intelligence to empower teams to understand, and take action against potential risks by monitoring for key indicators, including data leakage, incident reports, domain abuse, email security, vulnerable infrastructure, web application security, dark web attention and breach intelligence. Join this expert panel discussion to learn how to determine the risk of third parties by applying threat intelligence, including how to:
- Understand inherent risk and how that risk impacts our third party’s security 
- Assess third parties to identify, prioritize, and mitigate gaps in their security control implementation
- Map out hacker workflows (kill chains) for identified attack scenarios
- Continuously monitor and update everything in relationship to the current threat landscape

Applying Threat Intelligence to Improve Visibility into Third-Party Risks

For many organizations, Sarbanes-Oxley compliance is mandatory, but automation of the self-assessment process can make it less painful.  There are many advantages to using an IT GRC tool to automate assessments such as speed, efficiency, data integrity, and improved analysis. 
 
In this 1-hour live webcast, Chris Noell, EVP of Product Management at TruArx, will uncover the top automation requirements organizations should consider to successfully automating SOX quarterly self-assessments. 

In this session, you will learn:
1. Top requirements to successfully automate SOX Quarterly Self-Assessments
2. Best practices for defining and executing an effective compliance strategy
3. How you can quickly and cost-effectively enable automated quarterly self-assessments 
 
Who should attend?
Simply, anyone who is researching, implementing, or managing a Sarbanes-Oxley (SOX) compliance program should attend this webcast.

Top Requirements for Automating SOX Quarterly Self-Assessments

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Top Requirements for Automating SOX Quarterly Self-Assessments

Presented by

About this talk

More from this channel