Carlos Krause, Modulo & Rich Licato, Airlines Reporting Corporation
Unless you have been hiding under a rock for over a year, you and your peers have realized that Third-Party Risk is a major component of overall risk management and security programs. In this webinar you will hear the top lessons learned from Modulo’s years of implementing IT vendor risk programs, as well as helpful examples from Rich Licato and Airlines Reporting Corporation (ARC). By sharing these experiences you can discover how to implement a world-class vendor management program and gain insights from professionals that have actually been there and done it!
At a time where most organizations are embracing digitalization, the associated risks and cyber threats have accordingly increased as new forms of data are created. This makes Governance, Risk & Compliance (GRC) a necessity for organizations who deal with sensitive information such as customer data.
EnterpriseManagement360º asks Modulo’s Stephen Gant how security officers can better navigate these complex issues.
Information Security Risk Management has never been more pressing in light of increasing cyber attacks across all industries, in particular healthcare. Medical-related identity theft accounted for 43 percent of all identify thefts reported in the United States in 2013, according to the Identity Theft Resource Center.
In light of the alarming trend of increasing risk surrounding data loss, patient and employee information protection, and potential fines, Yale New Haven Health System takes cyber security seriously. Steve Bartolotta, head of Yale New Haven Health System’s risk management expert, talks about the challenges of building good processes for enterprise-wide information security. He and securitycurrent’s Vic Wheatman discuss common problems facing organizations today and some possible measurable actions to take. In this podcast with Vic Wheatman, Bartolotta describes the tools he uses to support YNHHS’s risk management system and what he has gained.
Carlos Krause, CISSP, Head of Professional Services - Modulo
Many organizations still use spreadsheets and emails for business critical processes related to Governance, Risk, and Compliance (GRC) management. These more “manual” processes become burdensome as infrastructure scales out or new compliance and policy requirements emerge. Without a traceable and efficient way to perform, track, and report GRC assessment results, organizations face the possibility of failing audits, costly fines, and reputation damage.
Modulo’s solutions for GRC help automate processes, which improve the efficiency and traceability of GRC activities. Modulo’s Risk Manager™ software automates GRC tasks based on both proven processes aligned with international standards and on your own established methodologies.
In this session, learn how to:
• Align processes to the “plan, do, check, act” methodology
• Replicate and improve internal processes using an easily configurable workflow tools
• Build and send user-friendly, traceable surveys
• View assessment results in detailed and high-level dashboards and reports
• Leverage audit log to monitor the history of assessment participation and issue remediation
Carlos Krause, Modulo & Tony UcedaVelez, VerSprite
Good security risk management begins with a repeatable process within security governance, risk management, and compliance (GRC). GRC and many security risk management processes fail when organizations rely too much on point-solution technologies rather than repeatable processes.
Do you have an optimal security risk management program? Two experts discuss security risk management best practices and “quick-win” GRC automation opportunities. In this live webinar, learn how to:
Create governance for security risk management
Identify gaps in foundational processes
Build a GRC automation deployment timeline
Demo video of Modulo Risk Manager Version 9.1, featuring enhanced functionality for the following Modulo Risk Manager’s modules: GRC Intelligence; Policy; Organization, Risk, Compliance, Workflow; as well as improved system stability and performance, low-impact bug fixes and a new version of the installer, released initially for internal use, to help speed up the installation process.
Carlos Krause, Manager of Professional Services, CISSP, CISA, MCSO
Is your vulnerability management program vulnerable? If you are unsure or answered “yes," sign up to join Carlos Krause, Modulo’s lead technical consultant for Part 2 of this two-part webinar series.
In Part 1, Carlos identified key challenges and pitfalls most vulnerability management programs face. In Part 2, he will outline best practices and action items to improve your vulnerability management process, including how to:
*Integrate your vulnerability management program with the risk and compliance actions in the organization
*Harmonize vulnerability metrics with other programs and assessments
*Represent risks in a business language
*Plan and deploy a successful implementation
Carlos Krause presented this topic at ISACA ISRM 2014 at a record-setting Megatrend Session. Due to its popularity, we wanted to bring it to you in a webinar series. Don’t miss out!
Carlos Krause, Manager of Professional Services, CISSP, CISA, MCSO
In this webinar, Carlos Krause, Modulo’s lead technical consultant, will identify key challenges and pitfalls most vulnerability management programs face, including how to:
*Understand the main components and steps of an efficient vulnerability management program
*Define requirements and criteria for scoping, collecting, analyzing, evaluating, accepting, and treating vulnerabilities
*Identify the pitfalls of a typical vulnerability management implementation
To learn more about best practices and action items to improve your vulnerability management process and reduce enterprise risk, join us for Part II on Thursday December 18 at 11:30am ET.
Cadence Bank recently established the Technology & Operations Governance and Risk Management under the Enterprise Risk Management function reporting to the Board of Directors of the bank. On a recent regulatory audit, the ERM team was recognized for achieving a workable governance framework and integrating the Technology Governance and Risk Management, using Modulo’s GRC automation software as the technology to help execute all our risk and compliance assessments. GRC automation software facilitated Cadence Bank’s objective of achieving the implementation of the new regulatory requirement of the “Three Levels of Defense” being enforced by the regulatory agencies.
Learn how in this case study, as Cadence Bank’s CISO Lillibett Machado discusses ways to develop a technology GRC framework and use automation to facilitate the new functions required for the CISO’s responsibilities within GRC.
This webinar features Modulo Risk Manager customer Rich Licato, Managing Director, Corporate Security for Airlines Reporting Corporation (ARC). Rich explores the breadth of GRC use cases ARC has deployed, including:
- Audit Remediation
- Vulnerability Management / Pen Testing
- PCI and ISO Compliance
- SANS Top 20 Critical Security Controls
- Vendor Management
- Employee Policy Attestation
- Operational Incidents
- Enterprise Risk Management
- Business Continuity
Rich will discuss some of his strategies around deploying the different applications of GRC automation and share the highlights of his successes.
Doug Powell of BC Hydro and Steve Hunt of Hunt Business Intelligence
As we move toward interconnected, "smart" systems, security professionals must play a focused role in enterprise risk management. Doug Powell, critical infrastructure protection professional and security industry thought leader, and Steve Hunt, security industry luminary and analyst, team up to debate the continually increasing complexity of the environment in which security professionals operate, in light the Snowden breach, the Internet of Things, cyberhackers, and looming national threats. During this webinar, Powell and Hunt will debate the possibility of achieving true security and give some practical, actionable recommendations for modern age security risk management. Questions addressed include:
• Does physical security have any impact on information protection?
• Is it possible for IT, Operational Technology, and physical security to work together?
• Can an integrated process and program ensure security meets business objectives?
When an automated third party risk management program is in place, risk assessments are performed more efficiently and effectively, allowing for additional analyses on third party criticality and faster, smoother expansion of third party networks. The right third party risk solution will also increase visibility and report security and compliance based on the activities and departments third parties support.
Watch this end-user case study and learn how to…
- Understand the basics of risk and risk management
- Understand the importance of utilizing a risk management process
- Be able to identify, analyze, evaluate, and manage your enterprise third party risks
- Consider GRC to automate and synchronize efforts in your third party risk management
With ever increasing security threats and other widespread supply chain disruptions, Supply Chain Security (SCS) is now officially a reality of both day-to-day business and trade compliance. View this webinar to learn how Supply Chain Security (SCS) Risk Management addresses heightened threats to the supply chain including cyber-terrorism, organized crime, theft and tampering, and country-of-origin risks.
Doug Powell, Manager of SMI Security, Privacy & Safety at BC Hydro, and Steve Hunt, CEO of Hunt Business Intelligence, continue the discussion on ESRM for Critical Infrastructure protection. Key topics include integrating operational, technological, and physical security; the criticality of people, process, and technology in CI protection; and the need for a unified GRC model to make business run better.
Doug Powell, Manager of SMI Security, Privacy & Safety at BC Hydro, and Steve Hunt, CEO of Hunt Business Intelligence, present ESRM for Critical Infrastructure protection. Key topics include integrating operational, technological, and physical security; the criticality of people, process, and technology in CI protection; and the need for a unified GRC model to make business run better.
Flexible, scalable, affordable :: Solutions for GRC
Modulo provides flexible, scalable and affordable GRC solutions for the leaders in information and risk management. Modulo's software solutions for governance, risk, and compliance allow users to better manage technology risk, compliance, and policy requirements, monitor critical assets, and ensure good governance and business continuity.
High Availability doesn’t trump Disaster Recovery and there is nothing simple about creating a recovery capability for your business – unless you have a set of data protection and business continuity services that can be applied intelligently to your workload, managed centrally, and tested non-disruptively. The good news is that developing such a capability, which traditionally required the challenge of selecting among multiple point product solutions then struggling to fit them into a coherent disaster prevention and recovery framework, just got a lot easier.
Join us and learn how DataCore’s Software-Defined and Hyper-Converged Storage platform provides the tools you need and a service management methodology you require to build a fully functional recovery strategy at a cost you can afford.
The industry was surprised when Dell announced its intent to acquire EMC for $67 billion, the largest tech deal ever. Merging two large stagnate companies with very different cultures and high-level of overlap in products can pose significant challenges.
Join this webinar to learn about:
- The acquisition implications and how it’ll affect your long-term storage investment
- The uncertainty on Dell and EMC’s roadmap and which products will continue to be invested in
-Alternate storage solutions that enable you to transform data into insights and value for your organization
ESET’s Sr. Security Researcher, Stephen Cobb, will analyze the current cybersecurity threats trending during the first half of 2016. We’re covering everything from ransomware to regulatory risks and mobile malware to IoT vulnerabilities. Learn about what trends are on the horizon and gain practical advice for managing these risks:
•PCI and two-factor authentication
•PUAs and scamware
•Privacy by design
•General Data Protection Regulation (GDPR)
Most organizations making an investment in NetApp Filers count on the system to store user data and host virtual machine datastores from an environment like VMware. In addition these organizations want their NetApp systems to do more and be the repository for the next wave of unstructured data; data generated by machines. NetApp systems are busting at the seams, so these organizations are trying to decide what to do next.
To help you find out what to do next, join Storage Switzerland and Caringo for our live webinar and learn:
1. What are the modern unstructured data use cases
2. The challenges NetApp faces in addressing its customers’ issues
3. Other solutions; can all-flash or object storage solve these challenges
4. Making the move - how to migrate from NetApp to other systems
5. How to re-purpose, instead of replacing your NetApp
The 2016 BCI Horizon Scan, supported by important studies such as the 2016 Allianz Risk Barometer, the World Economic Forum Global Risks Report and the BCI Supply Chain Resilience Report paint a picture of increasing and ever evolving threats to our organizations and the world we live in.
This webinar explores those threats and trends and provides conclusions and key takeaways that shape how we all, as business continuity professionals, need to adjust our focus and initiatives to prepare and respond to the evolving environment we all live in.
Join Brian Zawada and 20/20 white paper Author John Jackson for a compelling look at how our roles will change in the years ahead.
Global enterprises have quietly funneled enormous amounts of data into Hadoop over the last several years. Hadoop has transformed the way organizations deal with big data. By making vast quantities of rich unstructured and semi-structured data quickly and cheaply accessible, Hadoop has opened up a host of analytic capabilities that were never possible before, to drive business value.
The challenges have revolved around operationalizing Hadoop to enterprise standards, and leveraging cloud-based Hadoop as a service (HaaS) options offering a vast array of analytics applications and processing capacity that would be impossible to deploy and maintain in-house.
This webcast will explain how solutions from IBM and WANdisco address these challenges by supporting:
- Continuous availability with guaranteed data consistency across Hadoop clusters any distance apart, both on-premises and in the cloud.
- Migration to cloud without downtime and hybrid cloud for burst-out processing and offsite disaster recovery.
- Flexibility to eliminate Hadoop distribution vendor lock-in and support migration to cloud without downtime or disruption.
- IBM's BigInsights in the cloud, and BigSQL, which allows you to run standard ANSI compliant SQL against your Hadoop data.
Many enterprise organizations are moving beyond antivirus software, adding new types of controls and monitoring tools to improve incident prevention, detection, and response on their endpoints. Unfortunately, some of these firms are doing so by adding tactical technologies that offering incremental benefits only.
So what’s needed?
A strategic approach that covers the entire ESG endpoint security continuum from threat prevention to incident response. A truly comprehensive solution will also include advanced endpoint security controls that reduce the attack surface and tight integration with network security, SIEM, and threat intelligence to improve threat detection and response processes.
Join ESG senior principal analyst Jon Oltsik, Intel Security, and Bufferzone on a webinar on July 21 at 10am PT/1pm ET to learn more about next-generation endpoint security requirements and strategies.
It may be summer, but IT never takes a vacation. As business projects slow, IT takes advantage of the downtime to shore up the infrastructure and overhaul systems. With all eyes on technology these days, everything from security breaches to system outages get outsized attention. It’s a lot to contend with.
While any old cloud can provide a bit of shade, the iland cloud can do more. Our purpose built – and consistently enhanced – iland cloud console provides a welcome reprieve from the pain of managing cloud workloads, ensuring their security – and even answer questions from the executive suite.
Join a webinar from our product experts, showing how the iland cloud console integrates:
- A full complement of proactive security technologies
- Tools to provision and manage VMs, vApps, network and more
- 12 months of performance and capacity data
- On-demand reporting for your executives and auditors
- A host of “bonus features” to make your life easier
Join this webinar to see how the iland cloud, with it’s innovative console, does more than outsource infrastructure. We’ll pour you a tall glass of virtual ice water, turn on the A/C, and make sure that your cloud operation is cool as a cucumber.