How to Select the Right GRC Solution for Your Organization
Governance, risk management and compliance (GRC) processes are extensive; they are how an organization is directed and managed to achieve goals, considering risks to achievement, and complying with applicable laws and regulations.
Issues around information have become central to organizational strategies and GRC software is needed in organizations, and investment in these areas has been increasing. The GRC software space is vast with over 400 GRC software providers that span multiple categories and sub-categories of GRC related software.
Implementing a solution can be a lengthy and costly exercise, so it is imperative to choose carefully from the large number of options in the market. The issue is sifting through all the vendors with their offerings to find the one that best fits your organization. Buyers should have a clear understanding of their organizations functionality requirements, and a strategy in place for selecting the right partner. Join this webcast, and learn how to choose the right GRC solution for your organization as our experts discuss:
- How to understand your organizations functionality needs.
- Guidance for selecting the right partner including examples of good RFP questions.
- How to sift through the different solutions and make weighted assessments against solution criteria.
- Core maintenance and ongoing feeding requirements.
RecordedMay 17 201261 mins
Your place is confirmed, we'll send you email reminders
Dr Branden Williams; Mike Urban, Javelin; Farshad Ghazi, HPE Security - Data Security
Over recent years, several organizations have suffered damaging data breaches where sensitive data was stolen.Alarmingly, things seem to be getting worse, and the results can be devastating. With the expanding threat landscape and the rise of the data-centric enterprise, companies must have parallel development of their security architecture to protect their sensitive data. But in the time it’s taken for data security to catch up with the changing environment, organizations have found their compliance and data protection programs vulnerable.
CISOs must take steps to protect data that is expanding in volume, variety and velocity, and adopt security perimeters around identity attributes and data-centric security. Sensitive data must be continuously monitored for situational awareness and risk management, and CISOs should follow policies that encompass all data silos if they are to avoid security chaos. Enterprises must have an understanding of where sensitive data resides, who has access to it, and how it is impacted by new types of threats and vulnerabilities. Armed with these capabilities, CISOs can enhance sensitive data security to stay ahead of the threats, maintain regulatory compliance, and improve operational efficiency.
Attend this panel discussion as we discuss the key issues which CISOs should be addressing today.
Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.
Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.
Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
Robert D. Schneider, Partner at WiseClouds LLC, Reiner Kappenberger, HPE Security - Data Security
The Internet of Things (IoT) is here to stay, and Gartner predicts there will be over 26 billion connected devices by 2020. This is driving an explosion of data which offers tremendous opportunity for organizations to gain business value, and Hadoop has emerged as the key component to make sense of the data and realize the maximum value. On the flip side the surge of new devices has increased potential for hackers to wreak havoc, and Hadoop has been described as the biggest cybercrime bait ever created.
Data security is a fundamental enabler of the IoT, and if it is not prioritised the business opportunity will be undermined, so protecting company data is more urgent than ever before. The risks are huge and Hadoop comes with few safeguards, leaving it to organizations to add an enterprise security layer. Securing multiple points of vulnerability is a major challenge, although when armed with good information and a few best practices, enterprise security leaders can ensure attackers will glean nothing from their attempts to breach Hadoop.
In this webinar we will discuss some steps to identify what needs protecting and apply the right techniques to protect it before you put Hadoop into production.
Moderator: Colin Whittaker, PCI Industry Alumni; George Rice, HPE Security; Mike Urban, Javelin, Miguel Gracia,CardConnect
The face of the threat landscape is becoming increasingly sophisticated and highly targeted. Advanced threats are succeeding in their effort to gain access to payment data of target organizations. CISOs, CXOs, and other executives need to become knowledgeable about the potential impacts of targeted attacks and advanced persistent threats. They need to become actively engaged in developing and implementing effective protective strategies.
During this webinar we will discuss recommendations and best practices to help organizations develop a sustainable security program designed to respond quickly to targeted attacks and minimize the consequences of any data breaches.
Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire
There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.
This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
Rebecca Herold (The Privacy Professor); Duncan Jones, Forrester; Yo Delmar, MetricStream; Neil Hooper, Rsam
In a landscape filled with new threats and regulations managing the risks of 3rd party vendors is vitally important. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential 3rd party risks. They want to see organizations proactively identifying potential risks, verifying that business partners providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents.
During this webcast our panel will specifically address the practical 'how to's' around identifying and reducing the risks of 3rd party vendors, and we will focus on:
- Typical risks resulting from third party relationships
- Common deficiencies of vendor management practices used during the on-boarding process, and the life of the relationship
- Moving from a reactive to a proactive (preventative) vendor management process
- Real world examples will be used to illustrate the key points and recommendations
Dr Branden Williams; Mason Karrer, RSA; Stuart Hince, HPE Data Security, Emma Sutcliffe, PCI SSC
Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.
In a landscape filled with new threats and new regulations, risk management has never been more critical. On this webinar we will look at ways to address the SSL and TLS vulnerabilities by implementing a pragmatic risk migration plan. Join us to learn about innovative data-centric protection technologies that mitigate risk, enable compliance, and are all the more important – especially if potentially insecure transfer methods will continue to be used through mid-2018.
Eric Vanderburg, the "Sheriff of the Internet"; Yo Delmar, MetricStream, Vivek Shivananda, Rsam, and Joe Fantuzzi, RiskVision
In every organization, there are a multitude of applications and devices and a universe of threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements. It is no longer enough to have a handful of diligent security and compliance professionals managing the organization's risk strategies and controls. Their processes must embrace business and mission professionals’ knowledge of risk, who evaluate the causal impact of threats to their operational performance, and participate in decision-making to meet their risk posture goals.
Organizational GRC context is achieved by correlating business criticality, threat reachability, IT controls and vulnerabilities to optimize business performance through prioritized remediation, resulting in the desired risk posture with compliance governance. CIOs and CROs need to holistically integrate threat and vulnerability management processes into the broader IT governance and risk management program. This approach will allow IT organizations to not only deal with cyber-threats effectively, but also manage IT risks and compliance mandates more proactively.
Join this executive panel as we discuss ways to use threat and vulnerability management to enable your IT GRC program.
Moderator: Rebecca Herold (The Privacy Professor) Panel: RSA, HPE Security - Data Security, Booz Allen Hamilton
In 2014 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
Join this educational panel webinar to hear experts discuss how to establish a data protection plan and educate employees to maintain PCI compliance, and enforce basic security best practices and leverage technology solutions to prevent data breaches in 2016.
Brandon Dunlap, Managing Director of Research, BrightFly; Terence Spies, CTO, HP Security Voltage
In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders across all sectors. The growth of data is increasing exponentially, organizations are suffering from volatility across all risk types, and need to re-think their enterprise risk strategy. At the heart of this strategy is the need for a single consistent view of the data, and a data-centric, multi-platform approach to secure valuable customer and corporate data assets, end-to-end.
Join our experts as they discuss a new generation of risk technologies which use a holistic approach to data management and address the risks inherent when data is at rest in storage, in motion on the network, and in use in analytics and business processes.
Drew Wilkinson,Booz Allen Hamilton; Yo Delmar, MetricStream; Vivek Shivananda, Rsam
Managing third-party risk is a big undertaking. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Not only are the risks associated with third-party vendors increasing, but regulators are turning their attention to the need for organizations to manage IT vendor risk more effectively.
Organizations should start by compiling a comprehensive inventory of all partnering third-parties and their associated risks, which will enable management to segment IT vendor risk accordingly and focus efforts by priority. They should also designate a business owner for managing third-party relationships, and provide them with the right decision-making powers to establish a disciplined governance and escalation framework for dealing with incidents that occur.
By implementing such best practice organizations can streamline, automate and integrate IT Vendor governance, risk management, compliance, and audit programs, to build a new, more effective paradigm of supply chain performance. Join this education session as we address these key concepts and challenges for managing third-party risk to strengthen IT vendor governance.
Dr Branden Williams (Moderator); Terence Spies, HP Security Voltage; Chris White, Booz Allen Hamilton; Erez Schwarz, Imperva
Inadequate security and dedicated cyber attackers have led enterprise data breaches to increase at an alarming pace. Staggering numbers of affected customers - and financial losses - are sending shock waves through the business world, and creating a sense of urgency around identifying solutions. Finding a way to ward off cyber intruders has become a critical challenge.
There is a need to create value around company data. One way to do this is to ensure that the workforce knows and understands the threats that are out there and the measures that are in place to protect against them. Data security is not one size fits all, nor is a data security communication plan. Finding the ideal fit for any company may take trial and error, but an educated and mindful workforce will serve to support the mission of IT security teams tasked with keeping confidential information secure. Join this educational panel webinar to hear experts discuss how to realize data security potential across an enterprise.
Eric Kavanagh (Moderator); Paul Quanrud, TCS; Keith Breidt, Booz Allen Hamilton; Yo Delmar, MetricStream
As corporate information technology infrastructure increases in size and complexity, corporations are recognizing the need for a better mechanism for assessing IT's role and alignment to the key corporate initiatives. What began as a series of best practices has evolved into the field known as IT governance.
IT governance is no longer just a theoretical concept, it is a fundamental business necessity, and an iterative process which requires senior management commitment over the long term in order to see results. By implementing a business risk approach to IT governance corporations can deliver immediate benefits to the entire organization.
Join Eric Kavanagh, the Bloor Group; Paul Quanrud, TCS; Keith Breidt, BAH; and Yo Delmar, MetricStream; for this educational session as they address some of the key concepts and challenges with IT governance. They will answer as many questions as we can fit in to the 45 minute Q&A, and will provide research materials for you to takeaway.
If you would like to attend please confirm your position below.
Dr Branden Williams; Stuart Hince, HP Security Voltage; Chris Merritt, Lumension; Merritt Maxim, Forrester
The total number of fraudulent payment card transactions has grown every year since 2006, and experts are calling 2014 "the year of the breach." The Ponemon Institute found that each breach cost the average retailer $8.6 million in related expenses, and the price tag connected with a data breach increased across the board, reaching $20.8 million for financial service firms, $14.5 million for technology companies and $12.7 for communications providers.
With attacks continually on the rise, it's more important than ever that merchants protect themselves from the potentially huge financial losses and damages to their brand and customer loyalty associated with a data breach. Join this educational session to gain insights and some key steps to prevent payment card breaches across your organization.
With the increased regulation and scrutiny of the past decade, it is important for organizations to implement best practices in order to maintain control and achieve compliance with evolving regulatory requirements.
Compliance teams of the brave new world are set up to discuss risks with the key business leaders, and have sufficient resources to ensure company compliance programs are implemented effectively. Their software applications for managing enterprise governance, risk management, and compliance (eGRC) continue to mature with impressive features and functions, and they are making notable strategic advances by linking these three business functions for more informed decision-making, to reduce risk exposure, lower audit costs, and demonstrate compliance.
To replicate similar success in your eGRC program, you will need to focus on selling GRC value, practicing good GRC project management, and embedding GRC into corporate culture. Join this educational panel webinar as our experts delve deeper into this, and identify the best practices for implementing an eGRC program in 2015.
Moderator: Branden Williams. Panel: Ralph Spencer Poore, PCI SSC; Terence Spies, HP Voltage; Scott Carcillo, Merchant Link
Data breaches are a widespread problem with over 1.1 billion records compromised in the last 10 years. According to the Verizon 2014 Data Breach Investigations Report, the vast majority of breaches occurred against small to mid-sized companies.
As a result many retailers are focused on bolstering payment security and reducing fraud by implementing solutions such us EMV, End-to-end encryption (E2EE), and Tokenization. These solutions can work in tandem to protect merchants, and enable them to exceed regulatory requirements by securing card data across all payment environments.
In this session our experts will present and define the three technologies, address the drivers that are leading the United States to implement EMV, and explain the complementary role of Tokenization with respect to EMV and End-to-end encryption.
Moderated by Branden Williams. Emma Sutcliffe, PCI SSC; Terence Spies, Voltage Security; Matt Getzelman, Coalfire
* On this webcast we're giving away a pass ($2,490 value) to our partner event: The 3rd Annual Stress Testing USA Congress being held in NYC on March 18-19, 2015. All attendees will be included in the draw.
The clock is ticking for enterprises that have not yet upgraded their payment card processing systems to be compliant with Payment Card Industry Data Security Standard (PCI DSS) 3.0. Since Jan. 1, 2015 , there is increasing urgency to not only understand the most important changes in PCI DSS 3.0, but also to be ready for a rigorous QSA assessment against those changes. Since PCI 3.0 is bigger, harder and more expensive than the previous iteration, merchants have their work cut out for them.
PCI DSS founding member, Visa Inc. recently changed its policy on compliance assessments for the PCI DSS. More specifically, Visa decided that merchants who meet a stringent set of criteria including processing 75% of transactions using "Chip and PIN" enabled terminals, may be able to apply for an exemption from PCI DSS assessment requirements. Unfortunately, not all merchants are aware of the change, and fewer understand what it means.
In this special presentation, our expert panel will explain the changes and their implications, and offer a detailed review of PCI DSS 3.0 to help enterprises prepare for assessments and make PCI compliance a whole lot easier.
Brandon Dunlap, Brightfly; Vidya Phalke, MetricStream; Sudeep Venkatesh, Voltage; Rebecca Herold, The Privacy Professor
In 2015 the size of the digital universe will be tenfold what it was in 2010. Large-scale data breaches are on the rise across all sectors, and enterprise data security initiatives must evolve to address new and growing threats. Consumer transactions, personally identifiable information, customer records, and the like, all flowing together into the Hadoop ‘data lake’, will enable critical business insights but also means Hadoop installations will be a rich target for cyber-crime.
Organizations are now faced with more stringent and expanding regulations, and must implement better governance, more effective risk management policies, and smarter data management approaches to enable them to do a much better job of controlling their business through the information explosion. As companies look at GRC technology, they should assess the capability of these solutions to deliver continuous monitoring of controls, key risk and security indicators, policies, and ensure they are natively integrated with critical business systems.
We invite you to attend this round-table webinar as our panel of experts will discuss top guidelines for Hadoop security and governance in 2015, and provide guidance for assessing new technology solutions to ensure they will achieve your objectives.
Within the financial services industry, middle office analytics and simulations continue to grow in volume and complexity. Massive compute and storage demands cause strain on IT resources. While new technologies promise speed and scalability, evaluating this unique middle office environment requires a look at compliance, risk, and pricing analytics to determine potential gains and losses. In this webinar, IDC – Financial Insights Research Director, Bill Fearnley, looks at current middle office IT workflows supporting analytics, backtesting and financial modeling and evaluates a hybrid cloud infrastructure to support growing demands.
In this webinar, you’ll:
· Hear an IDC Analyst’s view on the current financial services IT environment
· Learn of common challenges and approaches to combat growing strain on compute and storage infrastructure
· Join in a discussion about the viability of enabling cloud services to expand compute and storage capacity
· Gain guidance on how large hedge funds and investment banks are overcoming inherent cloud challenges like latency, data accessibility, and cost management
Many corporations are looking overseas for continued business growth in both consumer and business markets. Now more than ever, customer contact data is a vital corporate asset.
If you are responsible for managing global address data, this webinar is for you. You will learn how to optimize performance from Informatica’s Address Verification product by developing best practices for global address data management.
During this webinar, viewers will learn:
•Developing quality acceptance standards for multiple data sources
•Identifying and troubleshooting poor quality incoming data
•Creating business rules for exception processing
•Understanding language and cultural idiosyncrasies that affect address data
•Educating your team about the Do’s and Don’ts of global address management
•Developing core best practices for your organization
•Selecting the best parameters in Address Verification for your specific business needs
Join industry veteran and thought leader, Sheila Donovan, President and Founder of Global DM Solutions, as she walks through this exciting content.
Today's expectations of security executives is to do more with less: provide tighter security with less resources for a dynamic, hybrid, complex IT environment.
As an existing Tufin customer, you can turn the Tufin Orchestration Suite from a management tool into a strategic infrastructure.
Join us for the second webinar in our Executive Webinar Series: "Cut Audit Prep and Tighten Security with Continuous Compliance" and learn how you can maximize your Tufin investment to:
•Cut audit preparations by enforcing continuous compliance across the hybrid network
•Tighten security posture with a unified zone-based security policy
•Maximize agility AND policy compliance with proactive risk analysis
Reserve your seat now!
We look forward to you joining us.
Unfortunately many organizations today are losing the race against the hacker community by a large margin. As noted in the Verizon 2016 Data Breach Investigation Report, the percent of compromises that transpired in “days or less” has risen from 67% to 84% over the last 10 years. Over this same time period, the percent of compromise discoveries that occurred in “days or less” also improved, but not enough to narrow the time gap between compromise and discovery. In other words, the bad guys are accelerating their exploits faster than the good guys are accelerating their ability to discover.
The path to narrowing the time gap between compromise and discovery, and then neutralising business-impacting incidents, is through a comprehensive and mission-oriented Security Information and Event Management (SIEM). A well-designed SIEM not only advances security objectives, but it also works to direct personnel and process for maximum impact. With limited resources and a rising number of attacks, not all solutions are created equal. You need to ensure they are getting the best bang for your buck.
In this webinar, Michael Suby, vice president of research at the global research and consulting organization Frost & Sullivan, will discuss the factors that contribute to SIEM’s total cost of ownership.
• How to calculate the total cost of ownership of a SIEM
• The basic functionality that every SIEM should have to confidently breeze through preliminary activities
• The SIEM attributes that will have a lasting impact on your organization’s cost efficiency in effectively managing risk
Join us to learn the features that should be on the top of your scorecard when evaluating a SIEM for either first-time deployment or replacement.
*This webinar will be conducted in Mandarin
Organizations are turning to leverage big data and analytics to ‘look’ for indicators of intent or indicators of compromise, thus helping organizations focus their security resources on the threats at hand. The challenge though is how to process the vast amount of data, and furthermore, keep it relevant, timely, actionable – contextual. The challenge becomes harder when threat actors utilize a variety of techniques to maintain anonymity, reduce their ‘fingerprint’ and mask their intent.
In this webinar, Adam will share how Akamai leverages the vast amount of data that it sees daily to help its customers improve their security decisions, when the threat would otherwise be unclear. John will showcase how Akamai’s big data and analytics platform, Cloud Security Intelligence, powers its Client Reputation service. A service that provides the ability to forecast intent and protect applications against Distributed Denial of Service (DDoS) and application layer attacks, and how active defence can be applied to a variety of response mechanisms, delivering an intelligent contextually aware defence.
As of 2016, California requires all companies, no matter where they are based, to implement a minimum set of mobile security controls if they process sensitive personal information about California residents. Spend 30 minutes with us on how to comply with these new requirements. Review the California Data Breach Report for the new requirements.
This webcast is for Mobile IT and information security professionals and their legal and compliance teams. This webcast will cover:
The foundational security controls now required by law
How these controls are applied to mobile
Best practices to achieve compliance
The central role of Enterprise Mobility Management (EMM)
Chat is an excellent channel to improve service desk productivity, but when dealing with complex issues, it’s sometimes not enough. If your chat solution is implemented in a standalone silo, then customers may have to transfer to phone support when their issues go beyond the point of text, resulting in a disjointed customer experience. But if the chat transitions directly into a screen-sharing session, the support agent can instantly see and resolve the issue while maintaining a seamless conversation. This session will outline how to increase the value and power of chat through integrating it with other solutions such as remote support, knowledge bases, CRM and more. Turn your service desk into a one-stop-shop with a modern, integrated approach to support.
Many Security Operation Centers operate in a reactive mode. They primarily respond to alerts that are being presented to them by implemented detection technologies. And we all know alerts are generated in overwhelming volumes, severely crippling SOC’s effectiveness and efficiency. Today’s threat landscape requires SOCs to operate ever more proactively to keep up with the threat actors. More and more SOCs therefor are actively ‘hunting’ for threats that may be residing in the environment they are to defend. ‘Hunting' however requires a different approach from the traditional, reactive mode, not least for the SOC experts themselves.
Join Matias Bevilacqua, Mandiant Principal Incident Response Consultant, as he discusses tips and tricks for hunting for those lurking threats: what to look for, what tools to use, etc.? You will leave the session with some hands-on material to start turning over stones and uncover threats you never knew were there.
This presentation will enumerate some of the risks, old and new, of migrating to a cloud infrastructure as well as the risks posed by consumer and employee “cloud creep”. I will detail how your business could impacted and illustrate some architectural and procedural changes that can help to mitigate these risks.