Hi [[ session.user.profile.firstName ]]

Auditing the Cloud; What is the necessary comfort level?

* Attendees of this webcast will receive CPE credit.

Cloud Computing has been hailed as the long sought after answer of low cost computing , where users can remotely store their data into the cloud and enjoy the on-demand high quality applications and services from a shared platform of resources. By outsourcing their data storage, users can be relieved from the burden of local data storage and maintenance, in some cases eliminating IT departments all together. However, no longer having physical possession of their data makes the data integrity protection in the Cloud environment sets the stage for a potentially lethal environment, especially for users with constrained computing resources and capabilities. Thus, allowing or even mandating 3rd party security and compliance audits for Cloud Service Providers (CSP) is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed.

The number one concern for many organizations is how to ensure adequate information security i.e. confidentiality, integrity and availability of critical data stored by the cloud service provider whilst also balancing the need for confidentiality versus integrity versus availability. This serious concern has created the need for standardization and consistency in audit and assurance practices in the cloud computing space, particularly third party audit and assurance. Over burdening the Cloud Service Providers with a multitude of continuous audits will increase the cost of the service and the internal costs associated with monitoring and managing the audit processes and reports.

Join our panel of experts as they discuss the issues surrounding the main concerns of Cloud Computing, the different audit approaches and tools that are being offered, the evaluation of those tools and what is a common sense, efficient and cost effective process to follow when evaluating a Cloud Service Provider.
Recorded Feb 1 2012 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Marlin Pohlman, CGO, EMC; Kevin Hardcastle, ISO, Washington Uni; Taiye Lambo, Founder, HISPI; and Raj Samani, CTO, McAfee
Presentation preview: Auditing the Cloud; What is the necessary comfort level?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Critical Actions to Finalize Your GDPR Compliance Program: Conclusion Jan 30 2018 6:00 pm UTC 75 mins
    Moderated by Dr. Branden Williams.
    The new EU General Data Protection Regulation (GDPR) rule looms and will take affect in May 2018, but only a third of companies are on track to be compliant by the due date. GDPR is the most significant change in data privacy regulation in more than 20 years. It represents an extraordinary shift in the way businesses will be expected to operate when they gather, process, maintain, and protect customer data. Any organization that retains information of EU citizens must be in compliance or face huge fines of up to 4% of worldwide turnover.

    In this webinar series you will hear from industry experts facing the same challenges you face and find out how they're meeting and surpassing critical implementation check points, and you will learn what actions other organisations are taking preparation for data protection – not only for GDPR, but for long-term data protection.
  • CPE Webinar: Critical Actions to Finalize Your GDPR Compliance Program: Part 1 Dec 12 2017 6:00 pm UTC 75 mins
    Moderated by Dr. Branden Williams. Panelists from RSA, Absolute, and BitSight TBC
    Attendees can earn 1 CPE credit on this session.

    The new EU General Data Protection Regulation (GDPR) rule looms and will take affect in May 2018, but only a third of companies are on track to be compliant by the due date. GDPR is the most significant change in data privacy regulation in more than 20 years. It represents an extraordinary shift in the way businesses will be expected to operate when they gather, process, maintain, and protect customer data. Any organization that retains information of EU citizens must be in compliance or face huge fines of up to 4% of worldwide turnover.

    In this webinar series you will hear from industry experts facing the same challenges you face and find out how they're meeting and surpassing critical implementation check points, and you will learn what actions other organisations are taking preparation for data protection – not only for GDPR, but for long-term data protection.
  • Digital GRC: Innovations for Early Identification and Management of Risk Nov 16 2017 6:00 pm UTC 60 mins
    Moderated by Colin Whittaker; Yo Delmar, MetricStream; Jason Ford, Contegix; and Cameron Jackson, Riskonnect
    Attendees can earn 1 CPE credit on this session.

    Digitization has become deeply embedded in enterprise strategy, as nearly all businesses and activities have been slated for digital transformations. The significant advantages of digitization, with respect to customer experience, revenue, and cost, have become increasingly compelling, and we are starting to see digital transformations in risk create real business value by improving efficiency and the quality of risk decisions.

    The state of risk management at most global, multiregional, and regional banks is abundant with opportunity. Current processes are resource intensive and insufficiently effective, as indicated by average annual fines above $400 million for compliance risk activities alone. By improving the efficiency and effectiveness of current risk-management approaches, digital risk initiatives can reduce operating costs for risk activities by up to 30 percent, and a digitized risk function can provide better monitoring and control and more effective regulatory compliance. On this webinar our panel of experts will discuss digital innovations for risk management success.
  • CPE Webinar: A Data Security Survival Guide in an Interconnected World Oct 25 2017 5:00 pm UTC 75 mins
    Rebecca Herold, The Privacy Professor; M P. Suby, Frost & Sullivan; Deral Heiland, Rapid7; Bharath Vasudevan, ForcePoint
    Attendees can earn 1 CPE credit on this session.

    As the number of internet-connected devices skyrockets into the billions, a data security strategy is an increasingly important part of any organization’s ability to manage and protect critical information. Enterprises are migrating to the cloud in droves, however, protecting data in the cloud remains a challenge as employees push to access cloud apps from any device, anywhere. In the last year alone, 1 in 3 organizations were hacked more than 5 times, and with the increased number of attacks the financial cost of security incidents is also rising.

    In many cases, breaches are caused by a combination of benevolent insiders, targeted attacks, and malicious insiders. For example, targeted attacks are often enabled inadvertently by well-meaning insiders who fail to comply with data or security policies, which can lead to a data breach. In this webinar, our panel will discuss major trends impacting cyber security – from the rising frequency of attacks and types of threats that organizations should be concerned about the most, and they will adress the risks, priorities, and capabilities that are top of mind for enterprises as they migrate to the cloud.
  • A Tactical Guide to Reducing Your Data Breach Risk Recorded: Aug 29 2017 71 mins
    Dr. Branden Williams; Farshad Ghazi, HPE; Yo Delmar, MetricStream; Jordan Rogers, Rapid7; and Billy Sokol, MarkLogic
    Over 90% of the world’s data has been generated in the last few years. Accompanying this rapid growth in data comes exponential risks, as witnessed by the spike in cyber attacks of which no organization seems immune. The financial rewards gained by the perpetuators of cyber attacks is blatant, and this is driving continued attacks on companies containing massive amounts of consumer data. For these companies securing data is only half the battle. The risks can be greater when data is transmitted externally, hence it is critical that organizations know where sensitive data is going, how it is being transmitted, and how it is being handled and stored.

    On this webinar our panel of experts will discuss some of the best practices organizations can consider to reduce the risk of suffering from a data breach, and to proactively prepare for any subsequent breach that could happen.
  • Orchestrating Effective IT Risk Management Across the Lines of Defense Recorded: Aug 8 2017 65 mins
    Kelley Vick, IT GRC Forum; Cameron Jackson, Riskonnect; Weston Nelson, Moss Adams Advisory Services
    Today’s IT risk environment is more threatened than ever thanks to the growth in sophisticated cyber attacks and security vulnerabilities. Now, complex, hard-to-detect attacks could bring down not just a single institution but also large parts of the internet and the financial markets. Organizations need an intelligent approach when it comes to assessing IT risk and managing compliance.

    Staying safe is no longer just about deflecting attackers. It’s about staying ahead of attackers who are already inside the organization, and banks are doing this through structured lines of defense that enhance security capabilities, involve IT risk managers in operations, and expand internal audits mandate so they can cover business disruption. On this webinar presentation we will address some ways how organizations can as a part of an Integrated Risk Management initiative orchestrate effective IT risk management across the lines of defense.
  • Data-Centric Security for GDPR Compliance Recorded: Jun 27 2017 74 mins
    Moderated by Mark Chaplin, ISF; with panelists: Carole Murphy, HPE; Les McMonagle, Blue Talon; Cheryl Tang, Imperva.
    In today’s threat landscape, traditional approaches to securing data are falling short. Since 2015 we have seen some of the largest data breaches ever and it is clear that no industry or organization is immune from cyber attacks. The threat landscape is increasingly dangerous, while new technologies are distributing sensitive data farther across locations, devices and repositories. Starting in May 2018, enforcement will kick in on the European Union’s General Data Protection Regulation (GDPR), a move that could have a stronger privacy/security standardization effect than any technological effort has to date. Globalization efforts will make GDPR compliance essential for global companies wherever they are located.

    The development of a comprehensive data-centric security program, including data discovery, classification, encryption, and file protection, can uniquely position your organization to protect what matters most, and make security move with your data to comply with global regulations such as GDPR. On this webinar our panel of experts will discuss the key points that you should consider when developing such a program for your organization.
  • Strategies for Effective 3rd Party Risk Management Recorded: May 23 2017 63 mins
    Scott Roller, Founder of 3WP; Rebecca Herold, Privacy Professor; Sam Kassoumeh, SecurityScorecard. James Christiansen, Optiv.
    The challenges that organizations face today are increasingly more complex than in the past. The constant change of the global economy, dynamics of business risks and opportunities, and an increased threat of cyber-attacks add complexities we’ve never faced. As organizations rely on more and more third parties to grow and thrive, they’re exposed to higher levels of risk, and regulators are focused on the need for organizations to manage 3rd party risk more effectively.

    Manual processes, silos in contract administration, and technology and resource constraints can all lead to significant errors in the third party supply chain that leads to violation of privacy guidelines and security breaches, which cause substantial fines, penalties, and damage to brand value. On this webinar our panel of experts will discuss the risks and repercussions associated with third party contract management shortcomings, common gaps in third party contract management processes, examples of how new solutions and technologies can help organizations optimize their third party processes, and effective strategies for managing 3rd Party Risk.
  • Streamlining Your Data-Security Program to Meet Regulatory Change Recorded: Apr 4 2017 60 mins
    Colin Whittaker, Moderator; Vibhav Agarwal, MetricStream, Mark Bower, HPE Security - Data Security, and Brian Kelley, IDERA.
    Data security and the challenge of data protection is increasing in scope and difficulty. The massive volume of data that businesses are collecting is growing exponentially, and managing compliance delivery is a daunting task with huge negative consequences for getting it wrong. While organizations have long needed to safeguard intellectual property and confidential information, changes in information technology and business models introduce new threats, and new regulations. Governments and industry bodies are imposing new regulations to motivate organizations to protect the privacy and confidentiality of information. Responsibilities can vary widely by region and by industry, and staying on top of an ever-shifting regulatory landscape is complex and challenging, but it isn't impossible.

    Successful organizations coordinate enterprise-wide regulatory compliance activities with tools to identify and address new and changing regulations, and are able to map the impact of these regulations across the entire infrastructure, and prioritize compliance activities according to business impact. By deploying a consistent, sustainable, scalable and measurable process for managing regulatory change, they are able to eliminate manual, non-scalable and non-strategic activities to reduce the cost and improve the speed of regulatory compliance programs.

    On this webinar our panel of experts will discuss the key points to streamline your data-security program and meet regulatory change.
  • Key Steps to Implement & Maintain PCI DSS Compliance in 2017 Recorded: Feb 28 2017 60 mins
    Dr. Branden Williams; Smrithi Konanur, HPE Security; Kevin Eberman, Mineraltree; Asma Zubair, WhiteHat Security
    In today’s digital landscape, it’s much easier for criminals to access sensitive payment card data, not only gaining direct access to a consumer’s available funds, but also their personal identity. With cyber attacks becoming much more advanced, the PCI DSS standard has been forced to adapt to address these new threats.

    However, PCI compliance is something that any organization can successfully achieve. The requirements of PCI DSS are clear, but it takes work to accomplish compliance across an organization. On this webinar our panel will discuss some best practices, and solutions that provides your business with an easy, cost effective and highly automated way to achieve compliance with PCI DSS in 2017.
  • Advancing Business Performance: Align IT Vendor Risk to ERM Recorded: Jan 24 2017 61 mins
    Scott Roller 3WP; Yo Delmar, MetricStream, Albert Biketi, HPE Security -Data Security, Russell McGuire, Riskonnect
    Growing exposure to IT risks has made organizations across industries volatile. Recent IT vendor incidents like data and security beaches, violation of privacy guidelines, which caused substantial fines, penalties, brand value, highlight that IT vendor risks are business risks and require focus from the leadership. An immature ITVRM programs limits the insights which are necessary for strengthening vendor relationships and building a robust ERM program. Rather than treating each risk in isolation, organizations need to have an integrated approach to manage risks holistically and in line with their business operations and objectives. With the growing dependency on IT and IT vendors, organizations need to align enterprise and IT VRM objectives to build a resilient framework suitable for today’s environment.

    During the session, panelists will discuss how organizations can strengthen vendor management in the current landscape and improve business performance.

    - Causes of Vendor Risks incidents and the impact on the enterprise
    - Best approach to align IT vendor risk to enterprise risk
    - Building mature VRM Program
    - Role of technology in integrating Vendor risk to Enterprise risk management
  • Evolving an Enterprise Risk Management Program Recorded: Nov 17 2016 76 mins
    Colin Whittaker, Russell McGuire, Riskonnect; Yo Delmar, MetricStream; Albert Biketi, HPE; and Marshall Toburen, RSA
    Organizations are suffering from volatility across all risk types, and in every organization, there are a multitude of applications and devices with threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements, and senior management are being pressured to improve enterprise risk management capabilities.

    An organization’s enterprise risk management (ERM) program can be a powerful management tool for achieving strategic and operational objectives, but it can be difficult to maintain and grow over time. If an ERM program is not moving forward it stagnates, so executives need to implement a program that evolves with the times. Implementation has its challenges but there are a range of responses that can be effective for each ERM program challenge. In this webinar our experts discuss these responses and address some of the ways to implement an evolving GRC program that gets boardroom backing.
  • IT Security & Privacy Governance in the Cloud Recorded: Oct 18 2016 61 mins
    Moderated by Rebecca Herold, The Privacy Professor; Jacqueline Cooney, BAH, Daniel Catteddu, CSA, Chris Griffith from HPE
    After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.

    While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
  • Data-Centric Security: Staying Ahead of the Threat Curve Recorded: Sep 21 2016 60 mins
    Dr Branden Williams; Robert Shields, Informatica; Steve Durbin, VP of the ISF; Farshad Ghazi, HPE Security - Data Security
    Over recent years, several organizations have suffered damaging data breaches where sensitive data was stolen.Alarmingly, things seem to be getting worse, and the results can be devastating. With the expanding threat landscape and the rise of the data-centric enterprise, companies must have parallel development of their security architecture to protect their sensitive data. But in the time it’s taken for data security to catch up with the changing environment, organizations have found their compliance and data protection programs vulnerable.

    CISOs must take steps to protect data that is expanding in volume, variety and velocity, and adopt security perimeters around identity attributes and data-centric security. Sensitive data must be continuously monitored for situational awareness and risk management, and CISOs should follow policies that encompass all data silos if they are to avoid security chaos. Enterprises must have an understanding of where sensitive data resides, who has access to it, and how it is impacted by new types of threats and vulnerabilities. Armed with these capabilities, CISOs can enhance sensitive data security to stay ahead of the threats, maintain regulatory compliance, and improve operational efficiency.

    Attend this panel discussion as we discuss the key issues which CISOs should be addressing today.
  • The GRC Evolution of Digital Enterprises with Convergence of ERM & Cybersecurity Recorded: Aug 25 2016 62 mins
    Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
    Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.

    Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.

    Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
  • Delivering Data Security with Hadoop and the IoT Recorded: Aug 9 2016 62 mins
    Robert D. Schneider, Partner at WiseClouds LLC, Reiner Kappenberger, HPE Security - Data Security
    The Internet of Things (IoT) is here to stay, and Gartner predicts there will be over 26 billion connected devices by 2020. This is driving an explosion of data which offers tremendous opportunity for organizations to gain business value, and Hadoop has emerged as the key component to make sense of the data and realize the maximum value. On the flip side the surge of new devices has increased potential for hackers to wreak havoc, and Hadoop has been described as the biggest cybercrime bait ever created.

    Data security is a fundamental enabler of the IoT, and if it is not prioritised the business opportunity will be undermined, so protecting company data is more urgent than ever before. The risks are huge and Hadoop comes with few safeguards, leaving it to organizations to add an enterprise security layer. Securing multiple points of vulnerability is a major challenge, although when armed with good information and a few best practices, enterprise security leaders can ensure attackers will glean nothing from their attempts to breach Hadoop.

    In this webinar we will discuss some steps to identify what needs protecting and apply the right techniques to protect it before you put Hadoop into production.
  • Combating Targeted Attacks to Protect Payment Data and Identify Threats Recorded: Jun 22 2016 61 mins
    Moderator: Colin Whittaker, PCI Industry Alumni; George Rice, HPE Security; Mike Urban, Javelin, Miguel Gracia,CardConnect
    The face of the threat landscape is becoming increasingly sophisticated and highly targeted. Advanced threats are succeeding in their effort to gain access to payment data of target organizations. CISOs, CXOs, and other executives need to become knowledgeable about the potential impacts of targeted attacks and advanced persistent threats. They need to become actively engaged in developing and implementing effective protective strategies.

    During this webinar we will discuss recommendations and best practices to help organizations develop a sustainable security program designed to respond quickly to targeted attacks and minimize the consequences of any data breaches.
  • PCI DSS: Preventing Costly Cases of Non Compliance Recorded: May 24 2016 62 mins
    Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • How to Identify and Reduce the Risks of 3rd Party Vendors Recorded: Apr 12 2016 60 mins
    Rebecca Herold (The Privacy Professor); Duncan Jones, Forrester; Yo Delmar, MetricStream; Neil Hooper, Rsam
    In a landscape filled with new threats and regulations managing the risks of 3rd party vendors is vitally important. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential 3rd party risks. They want to see organizations proactively identifying potential risks, verifying that business partners providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents.

    During this webcast our panel will specifically address the practical 'how to's' around identifying and reducing the risks of 3rd party vendors, and we will focus on:

    - Typical risks resulting from third party relationships
    - Common deficiencies of vendor management practices used during the on-boarding process, and the life of the relationship
    - Moving from a reactive to a proactive (preventative) vendor management process
    - Real world examples will be used to illustrate the key points and recommendations
  • Implementing a Risk Migration Plan for PCI DSS 3.1 Recorded: Mar 22 2016 61 mins
    Dr Branden Williams; Mason Karrer, RSA; Stuart Hince, HPE Data Security, Emma Sutcliffe, PCI SSC
    Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.

    In a landscape filled with new threats and new regulations, risk management has never been more critical. On this webinar we will look at ways to address the SSL and TLS vulnerabilities by implementing a pragmatic risk migration plan. Join us to learn about innovative data-centric protection technologies that mitigate risk, enable compliance, and are all the more important – especially if potentially insecure transfer methods will continue to be used through mid-2018.
Empowering the GRC Community
The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Auditing the Cloud; What is the necessary comfort level?
  • Live at: Feb 1 2012 7:00 pm
  • Presented by: Marlin Pohlman, CGO, EMC; Kevin Hardcastle, ISO, Washington Uni; Taiye Lambo, Founder, HISPI; and Raj Samani, CTO, McAfee
  • From:
Your email has been sent.
or close