Information Security Series: Data Classification Program
The first webinar in the series will discuss the ingredients to define a data classification policy and expand operational procedures to assist data owners in classifying the data. This classification is the first step in identifying the “crown jewels” for an organization. Some of the topics covered by the webinar will include:
- Data Classification Policy and examples
- Process of classifying data (and examples on how to classify data)
- Process of labeling classified data (Example of SharePoint for Microsoft classified documents)
- Discussion of role of a data owner
RecordedMay 3 201250 mins
Your place is confirmed, we'll send you email reminders
Do you want evidence that risk in your organization is not increasing?
Do you want to address audit committee concerns about how you monitor risk within your internal audit or risk department at an enterprise or group level?
Do you want to show that internal audit is integrating analytics to focus your audit efforts on emerging or high risk activities?
Then this webinar may contain information you will find useful. The webinar discusses how analytics have monitored GL transactions to help internal audit and risk functions:
•Ensure business behaviors are not changing
•Provide visibility to executives on the impact of GL policy changes
•Get ahead of whistle blower calls
•Distinguish significant versus insignificant GL activity
Randy will describe a few of the hundreds of cyberattacks he and his partners have helped clients respond to. He will describe the wider cyber-threat environment that generates such attacks. Randy will discuss the best-practice defenses businesses and other entities deploy to reduce the risk that they will be victims of cyberattacks and the tools “compromise-ready” organizations use to minimize the effects of attacks when they occur. Randy will also describe the steps business managers and internal auditors must take to respond to data security incidents.
It takes just one misstep, one careless quote in the news media or one misguided post on social media to damage the reputation of an entire company and its executives. The key to managing a crisis is to have a plan in place beforehand—and that includes the critical issue of communications, both internally and externally. At this webinar, our experts will talk about crisis communications and how to mitigate the damage when your organization’s worst nightmare comes true. We’ll show you how to craft key messages, how to choose the right spokesperson, how to respond to the media and take control of an interview. We’ll help you determine if and how you should respond to the media, and we’ll explore the critical top ten list for handling crisis communications within your organization. This webinar will not only provide valuable information to the internal auditors but also
•discuss how internal auditors can prepare the organizations and executives they work with to prepare for and respond to the media in a crisis,
•the importance of developing a crisis communications plan and key steps to take before and after a crisis hits. This should be information they can use to audit the readiness and effectiveness of their organizations crisis communications preparation.
Physical Security is often ignored but continues to be a key component of the overall information security strategy. This webinar will be centered on Physical Security Governance and the ability to take a holistic view of security components and apply them to the policies and procedures established within business units. This ensures that security exists to mitigate risk. Through the use of metrics we can then measure risk and once the information has been attained, then and only then can a proper security program be developed with security risk at its center point. The use of metrics will ensure also that there are checks and balances allowing an audit or assessment to succeed. Finally security governance will make sure that you have the proper people, processes, and technology in place to protect the business and take a risk-based approach to ensuring you have the proper level of protection.
Matt Neely is the Director of Strategic Initiatives at SecureState. His main focus is helping clients understand and address security risks to foster business innovation. Matt has over 15 years of experience working in the physical and cybersecurity industry focused on risk management, penetration testing, and incident response. He is also the author of the book Wireless Reconnaissance in Penetration Testing.
Pierre Bourgiex is the VP Business Development at SecureState. He has over 14 years of experience in security with a variety of companies such as, Tyco Integrated Security, ADT and Hysecurity. His primary focus is on creating, implementing and improving the mindset and strategy of an organization
Senior executives in the Forbes/Deloitte survey mentioned the following as their biggest concerns: Social media; Data mining and analytics; Mobile applications; Cloud computing; and Cyber attacks. Rethinking governance in the digital age, according to Deloitte, is moving from value protection to value creation. Such a value creation calls for a better management of customer journey, according to McKinsey, and this calls for a careful understanding of on-line presence, managing the digital media process, and engaging customer carefully to both recognize and address various risks. The digital services developed to support such a customer journey calls for an agile information system architecture, and this architecture has to be closely tied to an agile business architecture that is not just governing internal and external stakeholders relationships and addressing risks, but enabling the firm to creating value. Examples in health care are used to illustrate this approach.
Dr. Mohan Tanniru is the Professor of MIS in the Decision and Information Science Department of the School of Business Administration at Oakland University. He has published extensively in information technology research for the last 30 years in areas such as IT strategy, knowledge base/expert systems, decision support and business analytics, and health care delivery management. His work has appeared in journals such as ISR, MIS Quarterly, Decision Sciences, DSS, JMIS, IEEE Transactions in Eng. Management, Expert Systems and Applications, Information and Management and Communications of ACM. He has taught at the University of Arizona, Syracuse, and the University of Wisconsin-Madison, and was the Dean of the School of Business Administration and the founding director of the Applied Technology of Business Program at Oakland University.
Based on all your feedback, we are bringing Dr. Aggarwal back for another webinar. This is an introductory seminar on the major costs and risks faced by a business when it considers or engages in cross-border operations. Nevertheless, this seminar presents a powerful but intuitive and simple framework for thinking about and dealing with the challenges in globalization. Three major categories of such risks will be considered. 1) Those due to Distance, 2) Those due to Institutional Differences, and 3) Those due to Cultural Differences.
This webinar is designed to be suitable not only for executives just starting to consider globalization, but also for executives with extensive experience in global business.
Michael Gerdes, CISSP and Molly Talafuse CISA, CRISC
How safe is your organization? With many recent, highly publicized security breaches, it’s clear that we’re all at risk. Hacking has literally become a global business with personal data at the top of the list of commodities up for sale. With all the breaches in the news, many media outlets have focused on the susceptibility of companies to malware, while ignoring other critical flaws that likely contributed to the success of these breaches. Among these are failures in common IT processes such as change management, software release control, and access control to production environments. A common thread in these flaws is most often the lack of effective governance and oversight of the information risks inherent in these processes. This webinar will help you 1) learn about some common flaws in security and IT practices, 2) understand the critical role a partnership between security and Internal Audit has in breach prevention, and 3) identify some practical steps your information security and audit teams can take to reduce risks.
According to IIA guidance, internal auditors are charged with monitoring organizational ethics and assessing whether management policies, procedures, and practices support ethical operations. And while management usually seeks to set, promote, and perpetuate an ethical climate, some leaders seem either motivated by self-interest or so focused on other operational priorities that they overlook their obligation to steward organizational ethics.
What can internal audit do to articulate this risk of unethical behavior? How can internal audit influence the tone at the top? How can internal auditors persuade management to see the value proposition for ethical leadership? This webinar addresses these questions and equips auditors, audit directors, and CAEs to make a compelling argument as to how ethical leadership drives bottom-line results.
By the end of this webinar, participants should be able to:
-Compare contrasting views of behavioral ethics
-Differentiate between moral and conditioned honesty
-Examine rationalizations commonly indicative of moral disengagement
-Explain why ethical stewardship is a primary leadership responsibility
-Correlate ethical leadership to organizational results
-Formulate a compelling argument in favor of an ethical tone at the top
Richard Cozart will provide insights into the mysteries of windows logs. He will discuss the following:
•Configuring Audit Policies
•What information is contained in windows logs?
•How to interpret the windows logs?
•Recommendations for event monitoring
•Security Information & Event Management (SIEM) Software
We all have heard that everyone should review logs, this is your chance to get details on how to do it.
From political hacktivists to international cybercrime organizations, enterprise security has been under a barrage of attacks that run the gamut of complexity. Security breaches now seem inevitable even at organizations that invest heavily in their information security operations. With numerous recent examples of cybercriminals and malware penetrating corporate networks almost at will, the role of incident response teams has been thrust into the spotlight. In this presentation I will discuss the fundamentals of incident response planning and the critical role audit has in reviewing incident response plans, documentation and the plan testing process.
At the end of this session:
You will understand:
-identify the different types of incidents
-roles and responsibilities
-team activation process
-response process flows
-response scenarios, and
-auditing incident response
We all heard of the recent hacks of Target and Neiman Marcus. Millions of consumers were affected as their Personally Identifiable Information (PII) were stolen. This incident raised a reg flag for majority of the organizations. The question is being asked: What can we do to protect our environment from such an incident? And usually the auditor is asked if the organization is prepared to protect its PII.
This webinar will identify the information each auditor must understand regarding PII and also list out the tasks each auditor must do to protect the PII.
As a member of several corporate boards, Dr. Aggarwal is well aware of the responsibilities of being a board of directors member. One of the primary responsibilities, according to Tom Horton (“Directors & Boards” author), is to secure the future of the organization. According to Mr. Horton, the very survival of the organization depends on the ability of the board and management not only to cope with future events but to anticipate the impact those events will have on both the company and the industry as a whole.”
According to Dr. Aggarwal, it is incumbent on directors to demand information and insight that will help them secure the future of the organization—which could be everything from the seemingly most innocuous moves by a competitor to the most threatening moves by a foreign nation potentate.
Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are a couple topics about which the directors should demand information and insight. When is the last time these two topics were discussed during your board meeting? You could have discussed the succession plan of a CEO as part of business continuity. But with BCP and DRP, we are implying the readiness of your organization in event of a natural or man-made disasters.
In this webinar, Dr. Aggarwal will provide a series of ten questions which every board member must consider, and every internal auditor must be prepared to answer.
Most of you are probably excited about the new release of Apple’s operating system, iOS7. This operating system not only has enhanced user features but has several cool security features. Jeff Ingalsbe will present the key security enhancements in iOS7 and identify those features which every auditor must know and understand.
Jeff Ingalsbe is an Assistant Professor, Department Chair, and Director of University of Detroit Mercy’s “Center for Cyber Security and Intelligence Studies.” Mr. Ingalsbe runs a state-of-the-art cyber security laboratory where students gain real world competencies through exploration of cyber security problems. Until recently, Mr. Ingalsbe managed the Information Technology Security Consulting Group at Ford Motor Company. He was involved in information security solutions for the enterprise, consumerization exploration, threat modeling efforts, and strategic security research. His BSEE and MSCIS degrees are from Michigan Technological University and the University of Detroit Mercy, respectively. He is currently working on a PhD Information Systems Engineering at the University of Michigan Dearborn.
This webinar will cover the details of assessing and managing risks of changing currencies.
Some of the major topics covered in this webinar will include:
•Why Exchange Rates Change?
•Changing Exchange Rates, Trade, and Investment
•Corporate Impact of Exchanges Rate Changes
•Determining Transactions, Translation, and Economic Exposures
•Financial Hedging of Net Exchange Rate Risks
•Operational Hedging of Net Exchange Rate Risks
•Audit Considerations in Exchange Rate Risk Management
Mapping process flows is critical to understanding, documenting, and improving your processes. Learn how to develop world-class business process maps that highlight automation, best practices, manual steps, task assignment, activities of internal partners and external vendors, and more while ensuring accurate documentation and key participant input. This session will demystify the complexity around process mapping and provide hands on tools and tips that you can begin using immediately.
Leveraging Analytics in IA – Critical Success Factors and Integration Key Drivers
This webinar will assist participants in developing a roadmap to accelerate the integration of analytics within the internal audit function. During this webinar participants will learn how characteristics of their organization's strategic vision, business environment and technology impact the use of analytics. By understanding these characteristics, or critical success factors, internal audit can determine the type of analytic they should use to support various audits.
During this webinar we will also discuss the types of audit evidence supported by different forms of analytics, and what internal audit should do to accelerate the integration of analytics into the audit when they work in an analytic "friendly" organization. We will also discuss techniques internal audit can use to help organizations develop good analytic practices and become analytic “friendly.”
The dynamic nature of accounting standards, filing rules and financial market regulations demands that you stay one step ahead of the changes. This presentation will provide an overview of accounting and compliance requirements with a focus on two elements of a myriad of critical items to consider in your financial reporting and internal audits for 2013 – the JOBS Act and Conflict Minerals.
•JOBS Act: Establishes SEC requirements for emerging growth companies that makes it easier to raise capital and provides an IPO ‘on-ramp’ to phase in certain requirements.
•Conflict Minerals Rule: Mandated by the Dodd-Frank Act with direct impact to half of all public companies including technology, automotive, and industrial products industries.
Learn how these and other changes may impact your audit scope and work plans and why you must partner with your accounting organization to stay one step ahead.
According to some of the industry experts, the security and management of smart devices like iPads, iPhones and Android phones are quickly becoming the weakest link in most organizations. The internal auditors would like to audit the management and security of these devices and are looking for a structured audit approach.
The third webinar ion the series will focus on protecting the data which has been classified. This webinar will discuss the examples of how a DLP solution can assist in protecting and monitoring the classified data.
Tune in for the latest in our Ask the Experts Series! This session is all-about-Azure: cloud computing and PaaS for the enterprise. During this session we will show you how and why to use the benefit/credit that comes with your Visual Studio Subscription.
In this webcast, you will learn:
- About other available Azure programs
- Application development tests on Azure
- What other customers are doing on Azure and how it is paying large dividends
What every organization needs to know before, during, and after a ransomware attack.
Ransomware has one goal: to get your money. It locks away files until payment is made. Ransomware attackers collected more than $US 209 million from victims during the first three months of 2016 alone, with the volume of attacks 10 times higher than all of 2015.
Ransomware makes headlines when hospitals are taken offline or police departments pay cybercriminals to decrypt their files. Proofpoint has unparalleled visibility into the advanced threats, including ransomware, that are aimed at organizations today. Proofpoint can dynamically analyze and block in real-time the malicious URLs and attachments that can evade antivirus and reputation filters to deliver ransomware.
Join Jennifer Cheng, Director, Product Marketing, Proofpoint for this webinar to learn how to defend against ransomware with our anti-evasion technology.
•Why ransomware is surging.
•Where it comes from.
•What to do before, during, and after an attack.
•Should you pay or not? What to consider.
Exploit kits don’t stop. Neither should your business.
La versión 3.2 del PCI DSS (Payment Card Industry Data Security Standard) ha sido anunciada - las organizaciones que deben cumplir precisan entender los cambios y sus implicaciones. Participe de nuestro webinar para entender más sobre por qué fue lanzado tan rápido y cómo puedes parar mejor a tu organización.
• El alcance de la nueva versión PCI DSS 3.2
• ¿Qué significa para su negocio?
• ¿Por qué deberías implementar los cambios, aunque no sean mandatorios?
• ¿Qué puede venir en el futuro próximo?
Many recent data breaches have exploited security weaknesses in the networks of third parties to attack businesses. With supply chains growing and business functions increasingly outsourced, the number of third party organizations with access to your company’s most sensitive data has increased dramatically. How should organizations assess and manage the cyber risk by their vendors and suppliers? What kinds of policies and controls should organizations put in place in order to mitigate third party cyber risk? How can organizations continuously monitor the cybersecurity performance of their critical vendors in real time?
Getting familiar with third party cyber risk management best practices and industry standards is a good start towards mitigating cyber risk for your organization. Join Jake Olcott, VP of Business Development as he discusses these topics and more.
Social Engineering has been around for as long as the crooks have but in a modern online world, running a con game has never been easier. And that’s why we need to be savvy.
A social engineer can research you on Facebook and LinkedIn; read up about your company on its website; and then target you via email, instant messaging, online surveys…and even by phone, for that personal touch. Worse still, many of the aspects of a so-called “targeted attack” like this can be automated, and repeated on colleague after colleague until someone crumbles.
Greg Iddon will take you into the murky world of targeted attacks, and show you how to build defences that will prevent one well-meaning employee from giving away the keys to the castle.
Hear from your industry peers and other security experts on this very important topic of Ransomware in Critical Infrastructure:
•A brief history of ransomware and its current state in terms of technology and methods utilized by attackers.
•A roundtable discussion on security and compliance risks associated with ransomware at different points of integrated IT-OT infrastructure.
•Best practices and technologies for protecting your organization against ransomware.
Billy Glenn, Pacific Gas & Electric, Principal Security Solution Architect
Gavin Worden, Sempra Energy Utilities, Manager, Information Security Operations Center
Christopher Ellefsen, BKK Group, Senior Network Engineer
Bryan Lee, Palo Alto Networks - Unit 42, Threat Intelligence Researcher
Jack Whitsitt, EnergySec, Senior Security Strategist
Del Rodillas, Palo Alto Networks, Solution Lead for ICS/SCADA Security
Immer größer wird die Anzahl der Unternehmen die ihre IT-Services teilweise oder ganz an Clouddienstleister abgeben. Dies führt zu einem erhöhten Aufwand und einigen Komplikationen wenn es zu Sicherheitsvorfällen kommt.
In diesem Webinar präsentiert Mathias Fuchs Strategien wie Unternehmen trotzdem effizient Sicherheitsvorfälle untersuchen und eindämmen können. Anhand einer Fallstudie wir gezeigt wie sich cloudbasierte Untersuchungen von herkömmlichen unterscheiden.
Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.
Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.
Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.