Top Requirements for Successfully Automating SOX: Part 2

Corporations give their law firms more sensitive information than any other type of vendor. Yet surveys show that 70% of companies do not assess the security of their firms and legal service providers. The Association of Corporate Counsel through its 10,000 member companies is looking to change this. Based on a new and innovative model, ACC recently launched its Data Steward Program for assessing and accrediting law firms. Developed through an industry-wide collaboration, this global program is set to be the standard in the legal industry. Join ACC during this webinar as it discusses this easier and more thorough approach to assessing information security, including:

- Why it’s difficult for companies to assess their law firms today, and why firms hate the traditional security assessment approach
- How the ACC Data Steward Program has developed a standard, relevant and easier approach
- How global standards such and NIST and ISO are winning out over proprietary controls – if the right controls are selected
- How this model could become the standard approach across all industries

Join us for what is certain to be an interesting and lively discussion.

2021 is set to be an exciting one for privacy protection legislation as several notable privacy laws will begin enforcement, with several others falling in line to the new international standard set by the GDPR. Even though the General Data Protection Regulation (“GDPR”) became effective on May 25, 2018, its application to U.S.-based employers continues to evolve and increase in complexity. For U.S. employers of European Union (“EU”) residents, renewed concerns have arisen regarding cross-border data transfers, and with meeting GDPR compliance demands. This is particularly important with regard to remote working arrangements, COVID-19 contact tracing, and interaction with global HR data systems.

Join this expert panel webinar and learn how to streamline compliance with global data breach notification regulations to operationalize critical functions at every stage of privacy program maturity. You will also learn:

- Trends and key observations on the effect of GDPR since inception
- The impact the GDPR has had on influencing newer regulations, as well as a look into other emerging GDPR-like regulations.
- How to use risk scoring to determine if a breach requires notification to regulatory authorities and impacted individuals.
- Strategies for implementing a best-in-class program that addresses all phases of privacy management.
- How compliance with the GDPR has impacted privacy professionals’ work and our organizations.

Earn 1.5 CPE Credits on this webinar.

Procurement, IT, and Compliance leaders struggle to manage today’s complex regulatory environment, expansive supply chains, and compliance burdens. Difficulties increase as organizations subject themselves to additional risk by involving more third parties—suppliers, sales agents, and even charities—as regulations grow ever-more complex.

These third-party threats can result in severe impact to your brand and bottom line—but compliance gaps can be managed more effectively, often by eliminating manual processes and embracing digital tools. On this CPE Accredited webinar our panel of experts will take a deep-dive into how to operate your program and drive effective third-party risk management, including:

- KPIs to measure effectiveness and prove the impact and benefits of risk management strategies
- Examples of real-life third-party risk management programs—what worked (and what didn’t)
- Roles that Governance, Risk, and Compliance (GRC) play in your risk management

*Earn 1.5 CPE Credits on this webinar

Cyber-risk management has been forever changed by COVID-19. From the sudden and exponential growth of the remote workforce to the increase in cyber threats that exploit the expanding attack surface, the pandemic has created new challenges which require new strategies for effectively managing cyber risk. This paradigm shift has accelerated the demand for efficiency and forced a new mindset for risk and compliance teams who are relying on automation technologies like never before.

During this webinar our panel of experts will discuss the challenges to cyber risk management accelerated by the COVID-19 pandemic, and how to overcome these moving forward. You’ll learn about:

- The new evolving risks and challenges
- Strategies that can be used to help mitigate those risks
- Using automation technologies to increase efficiency and agility
- How to gain a competitive advantage by rapidly adjusting to shifting regulations

*Earn 1.5 CPE Credits on this webinar

The frequency and severity of security incidents has risen as cyber criminals continually adapt their methods of attack to maximize profit, from mass-market approaches, to compromising as many organizations as possible, to more sophisticated attacks that target specific companies. This is why building an IT security strategy that has data-driven threat intelligence (TI) at its core is so critical.

However, many organizations view pure threat feeds as their best opportunity to “get started” with threat intelligence, and then struggle to make sense of the massive quantities data. During this webinar, our panel of experts will discuss what types of intelligence will prove truly beneficial to your organization and how to apply it to drive IT control assurance and effectiveness, including how to:

- Understand the value of different intelligence sources and how to work with them.
- Gain fully contextualized alerts in real time with no false positives.
- Effectively detect new threats, methods, and incidents.
- Implement quality intelligence that informs your entire security strategy.
- Consistently improve the efficiency and efficacy of your security operations.

Earn 1.5 CPE Credits on this educational webinar.

Last year, 59% of companies experienced a third-party data breach, and current global uncertainty is a reminder of the increasing complexity of managing third-party risk. Balancing the risks and benefits of using third parties to deliver business services has always been key and during a crisis, the risks can be significantly heightened. Current TPRM approaches may prove to be insufficient, both during and after the crisis. This begs the question: at a time when IT resources are already stretched, how can IT and security teams support the business in its use of third parties while minimizing the risks they create and improving business resilience?

On this expert panel webinar we’ll discuss some of the current, crisis-related trends and break down how organizations can adapt their TPRM program to improve business resilience, including how to:

- Determine your organization’s third-party resilience
- Start new partnerships on a strong foundation
- Protect your data by sharing only what you need to
- Check your internal processes are up to the task

*Attend live for 1.5 CPE Credits

Working From Home (WFH) is rapidly becoming the new norm, and cyber criminals across the globe are leveraging the panic induced by this pandemic to launch disruptive cyber-attacks. In the new WFH normal, you will have to secure every aspect of the architecture, whether it’s on premise hardware, cloud infrastructure or your employee’s endpoint devices. Any weakness in this entire chain will expose your IT infrastructure to security risks.

This means it is critical that businesses quickly find ways to support their workers to work remotely and to do so in a secure manner. On this CPE accredited panel discussion webinar our experts will examine how to build resilience in a digital enterprise with a focus on agile cloud security in the new WFH environment. Don’t miss this opportunity to question the experts on the dos and don’ts of securing your remote workers, strengthen your security posture in this time of extreme uncertainty, and:

- Learn how to educate your home workers on basic security hygiene,
- Understand the threat landscape and how cyber-criminals are leveraging fears around COVID-19 to attack your business,
- Discover how to use cloud collaboration tools more securely,
- Receive best practices you can put into place to eliminate security blind spots.

Cyberattacks can cost an organisation its reputation, its customers and a great deal of money, making CEOs and board members more accountable. Yet, research shows that a high percentage of corporate boards are not actively involved in cybersecurity oversight. Nonetheless, Gartner estimates by 2021, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually.

When communicating your cybersecurity program to the board, it is important to translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.In order to justify the desired cybersecurity expense, you must clearly present the risks, the plan you will implement to protect the company’s assets, and the rationale behind the cost. In this webinar, our expert panel will discuss how to present cybersecurity to the board and get buy-in, including how to:

- Map out your cybersecurity program.
- Get an independent view of your current cybersecurity state and present the facts.
- Translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.
- Propose concrete solutions and demonstrate ROI.

Many organizations rely on governance, risk, and compliance (GRC) technology to consolidate risk information from internal sources (such as finance, IT, and operations) and external sources to understand their threat landscape. Yet as vendor ecosystems grow in size and complexity, risk management teams are increasingly struggling to procure and maintain high-quality, real-time data to feed their GRC systems.

Creating a threat intelligence strategy is essential for a company to identify and prioritize threats effectively. But when it comes time to choose threat intelligence services and products it can be hard to know where to start. In this webinar, our expert panel will discuss how to use real-time threat intelligence to accelerate threat detection, including how to:

- Understand the important distinction between threat data and intelligence.
- Establish what types of intelligence will prove beneficial to your organization and be critical for ROI.
- Gain complete visibility into all of your organization’s API traffic, and analyze relevant intelligence effectively from large volumes of threat data.
- Empower your teams to leverage automation to detect and block threats to your organization. 

Third-party risk management (TPRM) programs are designed to offload that risk, but the current approach isn’t providing the intended results. According to the Ponemon Institute, nearly 61% of U.S. companies have experienced a data breach caused by a third party.

To build an efficient TPRM program, it's critical to understand which vendors and suppliers present the most risk, as well as which ones are essential to your operations. By understanding where to prioritize your time, you can onboard key vendors faster, spend the right amount of time performing due diligence, and invest the most resources assessing and monitoring the third parties that matter most, helping to increase security and performance.

On this webinar our panel of experts will share their experiences and discuss how to:

- Overcome the most common vendor risk challenges
- Prioritize your third parties by criticality
- Streamline your due diligence and vendor assessment process
- Encourage effective communication between internal stakeholders
- Establish a continuous improvement cycle to encourage better results year over year
- Achieve efficiencies out of TPRM tools

Under the weight of new and changing regulations around the world, many organizations struggle to achieve compliance. They often lack a holistic view of their compliance profile and face increasing challenges due to digital transformation. Chief Compliance Officers who take a top-down approach are often met with resistance, but a successful program requires management to actively participate, not just sign off.  

Organizations can no longer afford to apply check-the-box approaches to compliance. Executive management must take a variety of actions to demonstrate leadership and commitment to the company’s compliance management program. On this webinar our panel of experts will discuss the current compliance landscape and challenges facing today's organizations, and they will address best practices to modernize your compliance program, including how to:

- Use a risk-based approach to meet regulatory demands.
- Employ digital transformation in the management of compliance obligations.
- Understand the impacts of regulatory changes and minimize resource-intensive manual processes.
- Get buy-in from other departments and create a working group of stakeholders to develop and improve your compliance program.

In response to the Coronavirus Pandemic, countries are turning to tech to find solutions for containing the spread of the virus. New government initiatives including contact tracing apps are being implemented at lightning speed, and tele-health regulation is being approved in days instead of years. The world is rapidly digitizing in response to all users working from home simultaneously, companies are adding network technology to expand coverage and capability, and online video conferencing is exploding.

But what does this all mean for privacy, and how can companies maintain compliance with regulations such as the GDPR in the current climate? Join us to learn from our panel of security and privacy experts as they discuss how to implement a framework for compliance in the current climate, including how to:

- Improve resiliency around this new risk landscape,
- Better align global privacy data regulations and Enable business agility in a changing environment,
- Foster greater interplay between executive leadership to make informed decisions,
- Create successful privacy frameworks that are globally aligned.

In response to the COVID-19 pandemic, more employees are working from home than ever before, introducing corporate devices to a variety of new and evolving vulnerabilities. We recently examined the data we routinely collect from Internet traffic to learn more about how this unprecedented shift to remote work changed the security landscape — and the results were alarming.

During this webinar, Dan Dahlberg, Director of Data Research at BitSight, will dive into our research and provide proven recommendations for mitigating cybersecurity risk across a remote workforce. Join us on Wednesday, July 15, for:

- Insights into the hidden dangers lurking in residential networks
- Tips on navigating the new security challenges
- Best practices for monitoring your expanding attack surface and ensuring all digital assets are secure

High-Profile Data Breaches have placed a spotlight on the risk of cyber security breaches with vendors and subcontractors, expanding the need to have greater rigor in third-party risk management and ongoing risk assessments. By integrating third-party risk management systems with other enterprise systems, external data sources, and analysis and reporting applications, and organization can deliver significant benefits and centralize processes into a single, automated platform that standardizes workflows and reduces manual effort.

On this CPE accredited webinar our panel of experts will address how to strengthen your third-party risk management process for improved efficiency and effectiveness, and get more from your platform investment through automated integrations with a broader digital ecosystem. Attendees will learn:

- How integrations with external data sources accelerate the assessment process and improve security, financial, and reputation risk reviews,
- Where to connect to internal systems — ERP, GRC, CRM, Contracts, and more — throughout the third-party management lifecycle,
- The pros and cons of various integration methods and how to make a best-fit choice,
- How to strengthen and streamline your third-party risk management efforts.

Security practitioners around the world are struggling to cope with the challenges posed by remote workers during the COVID-19 pandemic. With all users working from home simultaneously, there is a tremendous load and increased security risks across private networks and the cloud. In light of more workers accessing data from the cloud, many organizations are taking a "zero trust" approach, including the use of solutions such as Privileged Access Management (PAM).

If your organization is just getting started with a Privileged Access Management (PAM) program, or you are focused on implementing advanced PAM strategies to align with a COVID-19 environment, this CPE accredited webinar will address what you need to know for data security. Our panel of experts will outline the key challenges and offer some clear recommendations that emphasize the critical role of people, processes and technology in effectively mitigating PAM risk, including:

- Tracking and Securing Every Privileged Account
- Governing and Controlling Access
- Recording and Auditing Privileged Activity
- Operationalizing Privileged Tasks
- Creating a Zero Trust environment

Companies work with third-party vendors to help them become leaner, more agile, flexible, and efficient, so they can go to market faster and beat the competition. However, onboarding remains the most time consuming and pressurized part of the process, as security leaders try to balance meeting the demands with the business with the fundamentals of good security. According to Gartner it now takes an average of 90 days to onboard a new vendor, 20 days longer than four years ago.

Furthermore, the recent large scale shift to work from home in response to COVID-19 has accelerated the adoption of new vendors as companies try to enable a newly remote workforce, adding even more pressure on third-party risk managers to onboard and operationalize third-parties faster than ever. Join BitSight’s Evan Tegethoff, Will Ricciardi, and Andrew Calo to learn how third-party risk managers can create faster, less costly and more scalable onboarding processes that enable the business to grow faster and become adaptive to a changing environment, including how to:

- Reduce time and cost to onboard new vendors
- Scale your program more efficiently
- Use tiering to prioritize your assessment process
- Use an adaptive process to monitor your vendors