Browse communities
Browse communities
Presenting a webinar?

How to Select the Right GRC Solution for Your Organization

Moderator: Brandon Dunlap. Panel: Chris McClean, Forrester; Ben Tomhave, LockPath; Jean-Marie Zirano, MEGA
Governance, risk management and compliance (GRC) processes are extensive; they are how an organization is directed and managed to achieve goals, considering risks to achievement, and complying with applicable laws and regulations.

Issues around information have become central to organizational strategies and GRC software is needed in organizations, and investment in these areas has been increasing. The GRC software space is vast with over 400 GRC software providers that span multiple categories and sub-categories of GRC related software.

Implementing a solution can be a lengthy and costly exercise, so it is imperative to choose carefully from the large number of options in the market. The issue is sifting through all the vendors with their offerings to find the one that best fits your organization. Buyers should have a clear understanding of their organizations functionality requirements, and a strategy in place for selecting the right partner. Join this webcast, and learn how to choose the right GRC solution for your organization as our experts discuss:

- How to understand your organizations functionality needs.
- Guidance for selecting the right partner including examples of good RFP questions.
- How to sift through the different solutions and make weighted assessments against solution criteria.
- Core maintenance and ongoing feeding requirements.
May 17 2012
61 mins
How to Select the Right GRC Solution for Your Organization
Join us for this summit:
More from this community:

IT Governance, Risk and Compliance

  • Live and recorded (3389)
  • Upcoming (79)
  • Date
  • Rating
  • Views
  • L’ambiente dei tuoi clienti è sempre più complesso, Backup Exec 15 permette loro di esguire backup e recovery in modo semplice ed efficace, sempre e ovunque.
    Segui questo webinar e scopri come Backup Exec 15 può semplificare e rispondere alle esigenze delle diverse infrastrutture.
  • If your organization is reliant on a rapidly aging version of SQL Server, you need to join SQL Server experts Michael McCracken from HOSTING and Rodney Landrum, a Microsoft SQL Server MVP, from Ntirety for this in-depth discussion of the hows, whys and whats of upgrading from Microsoft SQL Server 200X to SQL Server 2014. The interactive webinar will cover:
    •The benefits of upgrading
    •Considerations to understand
    •How to smooth the transition
    •Q & A
  • Ingesting raw data into Hadoop is easy, but extracting business value leveraging exploration tools is not. Hadoop is a file system without a data model, data quality, or data governance, making it difficult to find, understand and govern data.

    In this webinar, Tony Baer, Principal Analyst of Ovum Research, will address the gaps and offer best practices in the end-to-end process of discovering, wrangling, and governing data in a data lake. Tony Baer will be followed by Oliver Claude who will explain how Waterline Data Inventory automates the discovery of technical, business, and compliance metadata, and provides a solution to find, understand, and govern data.

    Attend this webinar if you are:
    --A big data architect who wants to inventory all data assets at the field level automatically while providing secure self-service to business users
    --A data engineer or data scientist who wants to accelerate data prep by finding and understanding the best suited and most trusted data
    --A Chief Data Officer or data steward who wants to be able to audit data lineage, protect sensitive data, and identify compliance issues
  • Targeted malware, zero-day vulnerabilities and advanced persistent threats are increasingly responsible for data breaches. Why? Because they work. Most security products have a hard time protecting from advanced malware. This problem is compounded because attackers can easily mass produce new malware variants. What’s an IT person to do?

    Join us to learn key techniques to stop modern malware the first time. We will discuss:
    •What tactics work
    •Where to apply them
    •How to optimize cost, staffing and security.
  • Software defined architectures are all the buzz, helping to start conversations about transforming customer data centers from cost centers into competitive advantages. But in today’s economy, no business can afford to stand still. And a business is only as agile as its IT organization allows. An agile data center and IT department can:

    •Protect the infrastructure and easily recover if faults are found or predicted
    •Control access to data while meeting compliance and regulatory requirements
    •Deliver services quickly, resiliently, and cost-effectively

    Join us on at 10am GMT on 16th April 2015 and learn how Symantec’s view of the “Agile Data Center” covers delivering the right resources in the right way to the users. Whilst bringing a broader view on how you can introduce critical solutions and new revenues around disruptive customer events.
  • For years ClearCase was the standard for enterprise SCM. If you had a large number of developers and lots of projects ClearCase was a great choice, while ClearCase MultiSite provided basic support for distributed teams. Now industry trends are converging toward a new generation of development tools and processes. Today, continuous delivery brings agile development and DevOps together, promising much shorter development cycles and higher quality.

    Learn how moving from ClearCase to Subversion can improve your development processes and significantly reduce deployment cost and complexity. You'll also learn practical ClearCase to Subversion migration techniques.

    Topics Covered:
    • Differences and similarities between Subversion and ClearCase
    • How to merge in Subversion
    • Continuous delivery using Subversion: bringing agile and DevOps together for faster delivery and higher quality
    • ClearCase vs. Subversion in a distributed development environment
    • Migrating from ClearCase to Subversion
  • Recently cyber attacks against Industrial Control Systems (ICS) used by
    utilities and other Critical Infrastructure organizations have hit the
    newlines worldwide. Stuxnet is the best known cyber attack against an
    industrial installation, but it's not the only one.

    But what if cyber attacks were not the biggest threat to industrial
    networks and systems? Although malware is still a major point of
    interest, the sword of Damocles for critical industrial networks is
    represented by system misuse performed by disgruntled employees,
    contractors and vendors, as well as unintentional mistakes,
    network and system misconfiguration; all this could lead to the
    divergence or failure of critical processes.

    In this talk we will reshape the concept of ICS cyber security and will present our vision for a comprehensive approach to cyber security for ICS.
  • Adhering to international maritime sanctions requirements can be challenging in today’s regulatory landscape. Join Dow Jones Risk & Compliance and experts from HFW and Pole Star for a discussion on best practice in shipping compliance. Learn about regulatory developments -- including the latest UN Security Council communiques on "Sanctions compliance for the maritime transportation sector" -- and leverage case studies on the use of enhanced sanctions data and monitoring tools to mitigate sanctions risk.
  • As superfast connectivity becomes widely available, it will increase both data volume and velocity as well as new business opportunities. However, this dramatic leap forward will also result in new and potentially destructive activity online, which can affect an organisation’s defences both internally and within their supply chain. It has never been more important for businesses to assess and understand their critical infrastructure in an increasingly connected environment.

    During this webinar Steve Durbin, Managing Director of ISF Ltd, will discuss how businesses can update their resilience along with examining the role in securing the network boundary that investments in technology and third party provider programmes can play. This will necessarily include an assessment of cloud-based systems and the use of robust risk assessment methodologies.
  • An overview of how businesses can gain visibility into B2B transactions to speed decision-making, respond to changing customer and market demands, and optimize business processes.
  • Channel
  • Channel profile
  • A New IT Approach to GRC for Business Innovation Oct 22 2015 5:00 pm UTC 60 mins
    TBC
    The burden of the existing day-to-day IT workload has never been greater and continues to grow. The recent financial scandals and high profile data breaches have raised scrutiny to unprecedented levels. This scrutiny, together with new legislative changes, has resulted in an array of new compliance measures and related challenges, which have led to a melting pot of complexity that has seen organizations increase spend simply to 'keep the IT maintenance lights on'.

    Due to consumer demand, leaders are having to look hard at their IT strategy and ways to reduce expenditure so they can invest in innovation to future-proof the business. Many banks are considering whether a complete IT infrastructure overhaul would prove more beneficial as spending on basic maintenance and compliance does little to move the business forward, yet it consumes the vast majority of IT budget. Not complying is not an option, and reducing IT spend on compliance is difficult as associated projects have become high priority 'must haves' and budget 'must spends'. If organizations fail to adapt their approach it will remain impossible for IT departments to service the needs of the compliance office and still satisfy the business innovation agenda.

    Attend this webinar to learn more about:

    - Driving efficiencies to reduce the cost of compliance
    - Using compliance to enabling teams to focus their efforts more effectively
    - Automating business process to get ahead of compliance
    - Raising your organization's overall data privacy, compliance, and security profile
  • A Payment Breach Prevention Plan Jun 23 2015 5:00 pm UTC 60 mins
    Branden Williams, HP Security Voltage
    With fraudulent payment card transactions continually on the rise, it’s more important than ever that merchants protect themselves from the potentially huge financial losses and damages to their brand and customer loyalty associated with a data breach. The total number of attacks has grown every year since 2006, and experts are calling 2014 “the year of the breach.” The Ponemon Institute found that each breach cost the average retailer $8.6 million in related expenses, and the price tag connected with a data breach increased across the board, reaching $20.8 million for financial service firms, $14.5 million for technology companies and $12.7 for communications providers.

    Criminals have displayed a better understanding of how point-of-sale systems operate than the technicians that maintain them, so to reverse the trend security professionals must fully understand their POS architecture, integrated payment processing and weaknesses in the technology. The upside is that companies can minimize their risk and foster a culture of security awareness with a proactive security plan which includes a set of ongoing processes to assess threats, set risk tolerance, address vulnerabilities, and train staff.

    Join this educational session as our panel of experts discuss the key steps to prevent payment card breaches across your organization.
  • A Best Practice Blueprint for eGRC May 26 2015 6:00 pm UTC 60 mins
    Brandon Dunlap (Moderator), Chris McClean, Forrester, MetricStream, Rsam
    With the increased regulation and scrutiny of the past decade, it is important for organizations to implement best practices in order to maintain control and achieve compliance with evolving regulatory requirements.

    Compliance teams of the brave new world are set up to discuss risks with the key business leaders, and have sufficient resources to ensure company compliance programs are implemented effectively. Their software applications for managing enterprise governance, risk management, and compliance (eGRC) continue to mature with impressive features and functions, and they are making notable strategic advances by linking these three business functions for more informed decision-making, to reduce risk exposure, lower audit costs, and demonstrate compliance.

    To replicate similar success in your eGRC program, you will need to focus on selling GRC value, practicing good GRC project management, and embedding GRC into corporate culture. Join this educational panel webinar as our experts delve deeper into this, and identify the best practices for implementing an eGRC program in 2015.
  • Understanding EMV, End-to-end encryption, and Tokenization. Recorded: Mar 19 2015 60 mins
    Moderator: Branden Williams. Panel: Ralph Spencer Poore, PCI SSC; Terence Spies, HP Voltage; Scott Carcillo, Merchant Link
    Data breaches are a widespread problem with over 1.1 billion records compromised in the last 10 years. According to the Verizon 2014 Data Breach Investigations Report, the vast majority of breaches occurred against small to mid-sized companies.

    As a result many retailers are focused on bolstering payment security and reducing fraud by implementing solutions such us EMV, End-to-end encryption (E2EE), and Tokenization. These solutions can work in tandem to protect merchants, and enable them to exceed regulatory requirements by securing card data across all payment environments.

    In this session our experts will present and define the three technologies, address the drivers that are leading the United States to implement EMV, and explain the complementary role of Tokenization with respect to EMV and End-to-end encryption.
  • Preparing for PCI DSS 3.0 and VISA Mandates Recorded: Feb 19 2015 61 mins
    Moderated by Branden Williams. Emma Sutcliffe, PCI SSC; Terence Spies, Voltage Security; Matt Getzelman, Coalfire
    * On this webcast we're giving away a pass ($2,490 value) to our partner event: The 3rd Annual Stress Testing USA Congress being held in NYC on March 18-19, 2015. All attendees will be included in the draw.

    The clock is ticking for enterprises that have not yet upgraded their payment card processing systems to be compliant with Payment Card Industry Data Security Standard (PCI DSS) 3.0. Since Jan. 1, 2015 , there is increasing urgency to not only understand the most important changes in PCI DSS 3.0, but also to be ready for a rigorous QSA assessment against those changes. Since PCI 3.0 is bigger, harder and more expensive than the previous iteration, merchants have their work cut out for them.

    PCI DSS founding member, Visa Inc. recently changed its policy on compliance assessments for the PCI DSS. More specifically, Visa decided that merchants who meet a stringent set of criteria including processing 75% of transactions using "Chip and PIN" enabled terminals, may be able to apply for an exemption from PCI DSS assessment requirements. Unfortunately, not all merchants are aware of the change, and fewer understand what it means.

    In this special presentation, our expert panel will explain the changes and their implications, and offer a detailed review of PCI DSS 3.0 to help enterprises prepare for assessments and make PCI compliance a whole lot easier.
  • Top Guidelines for Hadoop Security and Governance in 2015 Recorded: Jan 21 2015 61 mins
    Brandon Dunlap, Brightfly; Vidya Phalke, MetricStream; Sudeep Venkatesh, Voltage; Rebecca Herold, The Privacy Professor
    In 2015 the size of the digital universe will be tenfold what it was in 2010. Large-scale data breaches are on the rise across all sectors, and enterprise data security initiatives must evolve to address new and growing threats. Consumer transactions, personally identifiable information, customer records, and the like, all flowing together into the Hadoop ‘data lake’, will enable critical business insights but also means Hadoop installations will be a rich target for cyber-crime.

    Organizations are now faced with more stringent and expanding regulations, and must implement better governance, more effective risk management policies, and smarter data management approaches to enable them to do a much better job of controlling their business through the information explosion. As companies look at GRC technology, they should assess the capability of these solutions to deliver continuous monitoring of controls, key risk and security indicators, policies, and ensure they are natively integrated with critical business systems.

    We invite you to attend this round-table webinar as our panel of experts will discuss top guidelines for Hadoop security and governance in 2015, and provide guidance for assessing new technology solutions to ensure they will achieve your objectives.
  • Top Security Guidelines for EMV and Mobile Payments in 2015 Recorded: Dec 4 2014 69 mins
    Branden Williams, Moderator; Ralph Spencer Poore, PCI SSC; Terence Spies; David Tushie; and Rajesh Sharma
    More than 100 million Americans have lost personal information in a data breach over the last year, and identity theft is the fastest growing crime in the US. As a result, President Obama has launched a government initiative to support the US migration to EMV and improve information sharing on cyberfraud threats, and nearly half of US merchant terminals are expected to accept EMV cards by the end of next year.

    As of October 1 of 2015, merchants and acquirers—not card issuers—will bear the financial burden resulting from fraudulent use of counterfeit, lost and stolen cards. It's a risk that's only mitigated by demonstration and documentation of EMV compliance. Beyond the liability shift, EMV holds promise as an enabler of secure mobile and e-commerce payments, with attractive PCI (Payment Card Industry) Security Standards-related benefits for merchants. Those who implement EMV contact- and contactless-enabled POS devices may be excused from PCI audits and the costs associated with them, creating further incentive to adopt EMV.

    In this webinar, we'll discuss the details behind the migration to EMV, how the technology works, and some top security guidelines for EMV and Mobile Payments in 2015.
  • Don't Be the Next Headline: Data Security Best Practices for 2015 and Beyond Recorded: Nov 4 2014 65 mins
    Moderator: Brandon Dunlap. Panel: Bob Russo, PCI SSC; Terence Spies, Voltage; Yo Delmar, MetricStream; Rick Dakin, Coalfire
    Albert Einstein once observed: "Technological progress is like an axe in the hands of a pathological criminal." His words were eerily prophetic of the continuous news of data breaches in the retail and banking sectors.

    Data breaches can be financially catastrophic as they drive costs to repair the damage, costs to secure their systems, costs to repay the consumers, losses in profits, losses in consumer confidence, and lawsuits seeking damages for alleged negligence. Intense media and Congressional scrutiny have classified all data breaches as direct attacks on privacy, and any company that has possession of personal identification information should consider itself in possession of potentially explosive material.

    Although the headline-making breaches are highly sophisticated, most attacks simply exploit lax security practices. In fact, Verizon's 2014 Data Breach Investigations Report found that 78 percent of the attacks were of very low or low difficulty. That means that in more than three-quarters of all breaches, attackers used basic methods that required few resources and no software customization. That's the bad news. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.

    Join our panel of experts as they discuss how to implement data security best practices, and how to prepare your experts with a crisis response plan to avoid being another headline.
  • Evolution of Encrypting Ransomware Recorded: Oct 23 2014 48 mins
    Tyler Moffitt-Senior Threat Research Analyst, Webroot
    Encrypting ransomware is a key term in the title as just ransomware is broad and can include threats that are very different, easy to detect, and don't encrypt files at infection - the key differentiation point that gives these threats the upper hand against AV.

    The presentation is going to be on all the encrypting ransomwares we've seen thus far. It will cover in-depth features of each one and how malware authors made improvements as time went on. There is quite a few so it will be a full presentations worth (cryptolocker, dir-crypt, cryptowall, cryptodefense, zero-locker, critroni, synolocker, cryptographic locker). I'll show from start to finish of an infection and what a user will experience and will highlight social engineering tactics along with the methods of payment circumventing money mules.
  • Securing Hadoop – the Data-Centric Approach Recorded: Oct 1 2014 62 mins
    Adrian Lane, Security Analyst – CTO, Securosis; and Sudeep Venkatesh VP, Solutions Architecture, Voltage Security
    If you’re embarking on Hadoop adoption you know that sensitive customer and corporate data will be in the ecosystem – transactional data, intellectual property, customer files, and more. As Adrian Lane of Securosis has noted, “High quality data produces better analysis results—which is why a key ingredient is sensitive data.” Now the question becomes how to keep sensitive data secure as it moves into and beyond Hadoop, and—most importantly—how to protect the data but still make it accessible by many different users with varying analytic needs and ad-hoc processes.

    Join us for an insightful discussion on data-centric security approaches for multi-platform enterprise environments, including Hadoop. Learn about techniques such as format-preserving encryption, tokenization, storage-level encryption, and data masking.

    RSVP Now if you need to understand how to enable analytics and insights without security risk, and how to neutralize data breaches through data-centric technologies that can integrate with Hive, Sqoop, MapReduce and other Hadoop specific interfaces.
  • The Case for Building Your Own Secure, Compliant Cloud Recorded: Sep 24 2014 61 mins
    David Chapa, CTO at EVault (Seagate); Jean-Louis Fritz Y. CRISC, Governance, Risk and Compliance leader
    *On this webcast we're giving away a pass to our partner event: Governance, Risk and Compliance for Financial Services on October 22-23*

    What is driving expansion to the cloud? In most cases, it’s cost. But for many enterprise IT organizations, it is about agility, efficiency, and productivity.

    The research firm, 451 Group says, “Cloud is a way of using technology, not a technology in itself,” and, in many cases, IT organizations have chartered new courses on their own to reach the same value as the hyper-scale cloud solution providers. Although, as with any DIY solution, comes caveat emptor. As any do-it-yourselfer will attest, at some point you must make adjustments, fixes, and, in some cases, scrap it and build it all over again. This is the nature of DIY. However, in today’s competitive marketplace, time and resources are limited, and for IT to be more agile, efficient, and productive, DIY may not be the best course of action moving forward.

    In this webinar, we will look at the trends of cloud and how building a secure, compliant cloud based on validated and converged infrastructures will be the way IT expands its way beyond the data center, into the cloud.
  • Panel Discussion: Why EMV is Not the Only Answer to Payment Security Recorded: Sep 16 2014 77 mins
    Brandon Dunlap, Bob Russo (PCI SSC), Jeff Cherrington, Bernard Vian, Terence Spies
    *On this webcast we're giving away a pass to our partner event: Governance, Risk and Compliance for Financial Services on October 22-23*

    2013 was the worst year yet in terms of data breaches, with over 740 million records exposed, and 2014 is shaping up to be more of the same. Security analysts estimate the costs of the data breach that hit U.S. retailer Target are approaching half a billion dollars for the company. The total cost of the breach including losses incurred by banks, consumers and others–could easily reach into the billions of dollars, and the incidents continue.

    With the Target incident seen as a watershed many financial institutions are planning to begin issuing EMV cards in the next two years, although many are still hesitant to commit to EMV because of uncertainty around retailer adoption of chip card point-of-sale terminals, questions about the viability of the business case for migrating from magnetic stripe cards to chip cards, as well as unresolved issues related to regulation and support for merchant routing choice. Meanwhile, the official release of PCI DSS v3.0 is here, delivering a fresh set of regulatory concerns for retailers.

    Clearly, traditional IT defenses are no longer working. But you can take control. Join us as we discuss key lessons learned from the recent breaches, and the latest developments in payment security.
  • Compliance Does Not Equal Security – A Risk-Based Plan for ePHI Protection Recorded: Aug 20 2014 63 mins
    Andrew Hicks, Healthcare Practice Director at Coalfire; and Mark Bower, VP Product Mgt, Voltage Security
    With the emergence of big data healthcare analytics, electronic health information exchange, clinical data warehousing, and other technologies for optimizing patient care, the healthcare industry has never been more reliant on electronic data and the strict requirements associated with the data. The advances in business processes, technology and regulations require that data security initiatives evolve to address new and growing threats. Coincidentally, in a recent survey, 69% of organizations felt that provisions of the Affordable Care Act (ACA) have the effect of increasing or significantly increasing risks to patient privacy and security.

    Chasing compliance is an expensive proposition that doesn’t adequately address the current security threats and vulnerabilities. Organizations that simply want to comply with the regulations are already at risk. A more effective program is risk-based -- one where incremental changes to controls can be made in real-time to more effectively combat current threats to your security program. Join us for this webinar where you’ll learn:

    - Why compliance is an outcome of an effective data protection program.
    - Risk assessment, analysis and management – what’s the difference and why you need them.
    - What is considered ‘reasonable’?
    - What leading healthcare organizations are doing today to protect data, with a focus on securing Big Data for healthcare analytics?
    - How data protection can help without getting in the way of patient care.
    - How do you protect from your healthcare organization public loss of confidence?
  • EMV & Payment Security: Evolving Beyond the Mag Stripe Recorded: Jul 15 2014 61 mins
    George Peabody (Glenbrook Partners), Terence Spies (CTO at Voltage Security)
    * On this webcast we're giving away a guest pass to 'Data Analytics for Manufacturing' in Chicago on August 18-19.

    Everything changed six months ago. The Target data breach caused us all to rethink payment security. The U.S. transition to EMV chip and pin cards, is around the corner. Tune into this webinar for a complete update on where EMV is today – lessons learned from Europe and Canada’s experience of EMV adoption, and the latest about the liability shift in the U.S. How and when will EMV be augmented by new approaches to card data in mobile wallets, online, and at the point of sale? Learn what you need to know about tokenization and the latest developments which are sure to impact your payment security and payment processing. Find out how you can build in flexibility during this time of transition and rapid evolution in technologies.

    Join us to find out what this evolution in payment architectures means for your business–with no single payment architecture in place any time soon.
Empowering the GRC Community
The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Select the Right GRC Solution for Your Organization
  • Live at: May 17 2012 6:00 pm
  • Presented by: Moderator: Brandon Dunlap. Panel: Chris McClean, Forrester; Ben Tomhave, LockPath; Jean-Marie Zirano, MEGA
  • From:
Your email has been sent.
or close
You must be logged in to email this