Carlos Krause, Modulo & Rich Licato, Airlines Reporting Corporation
Unless you have been hiding under a rock for over a year, you and your peers have realized that Third-Party Risk is a major component of overall risk management and security programs. In this webinar you will hear the top lessons learned from Modulo’s years of implementing IT vendor risk programs, as well as helpful examples from Rich Licato and Airlines Reporting Corporation (ARC). By sharing these experiences you can discover how to implement a world-class vendor management program and gain insights from professionals that have actually been there and done it!
At a time where most organizations are embracing digitalization, the associated risks and cyber threats have accordingly increased as new forms of data are created. This makes Governance, Risk & Compliance (GRC) a necessity for organizations who deal with sensitive information such as customer data.
EnterpriseManagement360º asks Modulo’s Stephen Gant how security officers can better navigate these complex issues.
Information Security Risk Management has never been more pressing in light of increasing cyber attacks across all industries, in particular healthcare. Medical-related identity theft accounted for 43 percent of all identify thefts reported in the United States in 2013, according to the Identity Theft Resource Center.
In light of the alarming trend of increasing risk surrounding data loss, patient and employee information protection, and potential fines, Yale New Haven Health System takes cyber security seriously. Steve Bartolotta, head of Yale New Haven Health System’s risk management expert, talks about the challenges of building good processes for enterprise-wide information security. He and securitycurrent’s Vic Wheatman discuss common problems facing organizations today and some possible measurable actions to take. In this podcast with Vic Wheatman, Bartolotta describes the tools he uses to support YNHHS’s risk management system and what he has gained.
Carlos Krause, CISSP, Head of Professional Services - Modulo
Many organizations still use spreadsheets and emails for business critical processes related to Governance, Risk, and Compliance (GRC) management. These more “manual” processes become burdensome as infrastructure scales out or new compliance and policy requirements emerge. Without a traceable and efficient way to perform, track, and report GRC assessment results, organizations face the possibility of failing audits, costly fines, and reputation damage.
Modulo’s solutions for GRC help automate processes, which improve the efficiency and traceability of GRC activities. Modulo’s Risk Manager™ software automates GRC tasks based on both proven processes aligned with international standards and on your own established methodologies.
In this session, learn how to:
• Align processes to the “plan, do, check, act” methodology
• Replicate and improve internal processes using an easily configurable workflow tools
• Build and send user-friendly, traceable surveys
• View assessment results in detailed and high-level dashboards and reports
• Leverage audit log to monitor the history of assessment participation and issue remediation
Carlos Krause, Modulo & Tony UcedaVelez, VerSprite
Good security risk management begins with a repeatable process within security governance, risk management, and compliance (GRC). GRC and many security risk management processes fail when organizations rely too much on point-solution technologies rather than repeatable processes.
Do you have an optimal security risk management program? Two experts discuss security risk management best practices and “quick-win” GRC automation opportunities. In this live webinar, learn how to:
Create governance for security risk management
Identify gaps in foundational processes
Build a GRC automation deployment timeline
Demo video of Modulo Risk Manager Version 9.1, featuring enhanced functionality for the following Modulo Risk Manager’s modules: GRC Intelligence; Policy; Organization, Risk, Compliance, Workflow; as well as improved system stability and performance, low-impact bug fixes and a new version of the installer, released initially for internal use, to help speed up the installation process.
Carlos Krause, Manager of Professional Services, CISSP, CISA, MCSO
Is your vulnerability management program vulnerable? If you are unsure or answered “yes," sign up to join Carlos Krause, Modulo’s lead technical consultant for Part 2 of this two-part webinar series.
In Part 1, Carlos identified key challenges and pitfalls most vulnerability management programs face. In Part 2, he will outline best practices and action items to improve your vulnerability management process, including how to:
*Integrate your vulnerability management program with the risk and compliance actions in the organization
*Harmonize vulnerability metrics with other programs and assessments
*Represent risks in a business language
*Plan and deploy a successful implementation
Carlos Krause presented this topic at ISACA ISRM 2014 at a record-setting Megatrend Session. Due to its popularity, we wanted to bring it to you in a webinar series. Don’t miss out!
Carlos Krause, Manager of Professional Services, CISSP, CISA, MCSO
In this webinar, Carlos Krause, Modulo’s lead technical consultant, will identify key challenges and pitfalls most vulnerability management programs face, including how to:
*Understand the main components and steps of an efficient vulnerability management program
*Define requirements and criteria for scoping, collecting, analyzing, evaluating, accepting, and treating vulnerabilities
*Identify the pitfalls of a typical vulnerability management implementation
To learn more about best practices and action items to improve your vulnerability management process and reduce enterprise risk, join us for Part II on Thursday December 18 at 11:30am ET.
Cadence Bank recently established the Technology & Operations Governance and Risk Management under the Enterprise Risk Management function reporting to the Board of Directors of the bank. On a recent regulatory audit, the ERM team was recognized for achieving a workable governance framework and integrating the Technology Governance and Risk Management, using Modulo’s GRC automation software as the technology to help execute all our risk and compliance assessments. GRC automation software facilitated Cadence Bank’s objective of achieving the implementation of the new regulatory requirement of the “Three Levels of Defense” being enforced by the regulatory agencies.
Learn how in this case study, as Cadence Bank’s CISO Lillibett Machado discusses ways to develop a technology GRC framework and use automation to facilitate the new functions required for the CISO’s responsibilities within GRC.
This webinar features Modulo Risk Manager customer Rich Licato, Managing Director, Corporate Security for Airlines Reporting Corporation (ARC). Rich explores the breadth of GRC use cases ARC has deployed, including:
- Audit Remediation
- Vulnerability Management / Pen Testing
- PCI and ISO Compliance
- SANS Top 20 Critical Security Controls
- Vendor Management
- Employee Policy Attestation
- Operational Incidents
- Enterprise Risk Management
- Business Continuity
Rich will discuss some of his strategies around deploying the different applications of GRC automation and share the highlights of his successes.
Doug Powell of BC Hydro and Steve Hunt of Hunt Business Intelligence
As we move toward interconnected, "smart" systems, security professionals must play a focused role in enterprise risk management. Doug Powell, critical infrastructure protection professional and security industry thought leader, and Steve Hunt, security industry luminary and analyst, team up to debate the continually increasing complexity of the environment in which security professionals operate, in light the Snowden breach, the Internet of Things, cyberhackers, and looming national threats. During this webinar, Powell and Hunt will debate the possibility of achieving true security and give some practical, actionable recommendations for modern age security risk management. Questions addressed include:
• Does physical security have any impact on information protection?
• Is it possible for IT, Operational Technology, and physical security to work together?
• Can an integrated process and program ensure security meets business objectives?
When an automated third party risk management program is in place, risk assessments are performed more efficiently and effectively, allowing for additional analyses on third party criticality and faster, smoother expansion of third party networks. The right third party risk solution will also increase visibility and report security and compliance based on the activities and departments third parties support.
Watch this end-user case study and learn how to…
- Understand the basics of risk and risk management
- Understand the importance of utilizing a risk management process
- Be able to identify, analyze, evaluate, and manage your enterprise third party risks
- Consider GRC to automate and synchronize efforts in your third party risk management
With ever increasing security threats and other widespread supply chain disruptions, Supply Chain Security (SCS) is now officially a reality of both day-to-day business and trade compliance. View this webinar to learn how Supply Chain Security (SCS) Risk Management addresses heightened threats to the supply chain including cyber-terrorism, organized crime, theft and tampering, and country-of-origin risks.
Doug Powell, Manager of SMI Security, Privacy & Safety at BC Hydro, and Steve Hunt, CEO of Hunt Business Intelligence, continue the discussion on ESRM for Critical Infrastructure protection. Key topics include integrating operational, technological, and physical security; the criticality of people, process, and technology in CI protection; and the need for a unified GRC model to make business run better.
Flexible, scalable, affordable :: Solutions for GRC
Modulo provides flexible, scalable and affordable GRC solutions for the leaders in information and risk management. Modulo's software solutions for governance, risk, and compliance allow users to better manage technology risk, compliance, and policy requirements, monitor critical assets, and ensure good governance and business continuity.
Having a single system of record of all program, portfolio, and project information reduces costs and allows governmental organizations to quickly snap to and comply with mandates and regulations.
Join this webcast to learn how integrated PPM solutions:
•Bring increased accountability across agency projects
•Facilitate real-time collaboration between project and program managers and their teams
•Reduce redundancy and manual effort
Ransomware and destructive attacks have changed the cybersecurity landscape. Modern business requires enhanced access to data to improve productivity, attract and retain customers, and run efficient supply chains – making the network perimeter more difficult to defend. At the same time, criminals are no longer content to just steal information, instead extorting ransoms after encrypting data or sometimes seeking to cripple organizations by destroying their data.
In this webcast you will learn about:
-Dangerous new threats such as ransomware and hacktivism, and how they differ from traditional threats
-Why new threats require a new focus
-Cybersecurity frameworks and best practices
-Enhancing your data protection and recovery capabilities to improve your cybersecurity defenses
-Why some data protection approaches may not be sufficient for advanced threats and how an Isolated Recovery approach provides a best layer of defense
CMDB Implementation is one of the most complicated of any ITSM programmes an organisation can undertake. The difficulties in creating a toolset, capable of linking hundreds of thousands of interconnected bits of data together in a meaningful manner while also supporting a highly fluid environment with dozens of changes each week, are formidable indeed.
Join Peter Hubbard, Principal ITSM Consultant at Pink Elephant EMEA, as he discusses the Pink Elephant approach to create a CMDB in the real world. He will demonstrate the critical importance of the scoping session and understanding the organisations requirements to ensure the CMDB supports the business. Peter will then show you how to turn those requirements into concrete actions to map and create your CMDB.
Faisal Usmani, Business Development and Strategy Lead for Comms at Cyient EMEA, will build on Peter’s theme; detailing how an effective CMDB implementation forms the basis for ITSM solutions. He will cite a case study that shows how this translates into a real world operational scenario that utilises actionable dashboards and provide valuable insights into your service performance at different levels within your organisation.
At the end of the session you should know the importance of being able to ask your ITSM organisation ‘For our CMDB, do we need a battle tank or body armour?’’
There has always been change in our profession. We originally started by implementing disaster recovery programmes. Soon after that, the businesses realized that the people aspect of recovery was needed as well. The results were the beginning of business continuity programmes. DR and BC have worked together almost two decades now with great success. We are now at a major transformation point again. Business continuity is now sharing more information and interacting more with security and compliance groups.
This session will go over what most of us already have in place, what we will need to add, and how all three groups interface together to provide a new resilience program for your environment. The goal of this session is to show the interactions between risk management, business continuity, security and compliance that form the components of a resilience programme.
58% experienced issues when failing over IT systems! - The State of IT Disaster Recovery in the UK – 2016 Survey
Find out if you’re ahead or behind on IT Disaster Recovery. In a survey commissioned by iland and conducted by Opinion Matters, 250 IT decision makers in the UK were asked about their DR experiences, challenges and strategies. And, we’re sharing the results!
Learn from your peers:
- The frequency of DR testing – how much is enough?
- The impact of IT outages – how disruptive would it be to your business?
- The trade-offs IT leaders make between downtime, cost and security – what trade-offs make sense for you?
Join iland and Zerto as we dig into the survey findings which will be a useful benchmark for your own DR strategies. Don’t miss it.
Avec le degré de maturité et le niveau de menace atteint par les ransomwares au cours de l’an dernier, comment pouvez-vous être sûrs que votre infrastructure IT est réellement protégée et que vous êtes prêt à parer à une attaque ?
Aujourd’hui, les responsables sécurité sont confrontés à :
•un manque de renseignements exploitables sur les menaces, qui leur permettraient de mieux cerner les acteurs et les campagnes susceptibles de viser leurs entreprises
•une carence en analystes de sécurité qualifiés, capables d’identifier le nombre croissant de menaces pénétrant leurs organisations. Par exemple, les cryptoransomwares sont en augmentation constante (+35 % en 2015 ) et il faut encore en moyenne plus de 200 jours à une entreprise pour découvrir qu’elle victime d’une attaque.
•peu d’expertise spécialisée dans les techniques requises pour réagir à des menaces et les neutraliser une fois que celles-ci ont pénétré leur environnement IT
Les gangs de rançonneurs ne cessant d’affiner leurs tactiques, les entreprises ont besoin d’être parfaitement au courant des menaces et des risques qu’elles encourent. Symantec vous donne rendez-vous pour un webcast consacré aux attaques par ransomware. Vous y découvrirez ce qui est arrivé à une société et les mesures qu’elle a prises pour remédier à la menace.
The cyber threat landscape has never been more dynamic, than what we are seeing today. With an expanding surface area for attacks and a cybercriminal ecosystem worth billion of dollars on a global scale, cybercriminals are constantly pursuing new methods to obtain financial funds.
It is no different in the Nordics – a region that is well known for its natural resources, innovations in renewable energy and healthcare, proximity to the Arctic, and emphasis on transparency in government is also a prime target for cybercriminals. These unique attributes make the region a prime target for cyber threat groups looking to capitalize on Nordic countries’ robust economies and distinct geopolitical concerns.
Join Jens Monrad, Senior Intelligence Account Analyst at FireEye, who will discuss:
* The Threat Landscape in the Nordics
* Trends and Insights in Malware detections across the Nordics
* Geopolitical situations which can influence the threat landscape in the Nordics
* How having accurate and enriched threat intelligence can enable organisations to make tactical, operation and strategic decisions.
Register today and learn what tools, processes and information organisations need in order to allow them to fully reconstruct the attack scenario and help make the right decisions based on the attack, as well as prepare for the next one.
El año pasado, el ransomware alcanzó un nivel de peligrosidad y profesionalidad nunca visto hasta ahora: ¿cómo puede estar seguro de que su infraestructura informática está protegida y de que está preparado para gestionar un ataque?
En la actualidad, los líderes de los equipos de seguridad se enfrentan a los siguientes desafíos:
•Una falta de inteligencia procesable sobre amenazas para mejorar su comprensión sobre los ciberdelincuentes y campañas que podrían tener como objetivo a su empresa.
•Muy pocos analistas de seguridad cualificados que puedan identificar el creciente número de amenazas que se infiltran en su organización. Por ejemplo, el uso del ransomware de cifrado como herramienta de ataque por parte de los ciberdelincuentes continuó aumentando en 2015, con un crecimiento del 35 %. Sin embargo, las empresas que sufren un ataque siguen tardando más de 200 días en conocerlo.
•Pocos conocimientos especializados en las técnicas necesarias para responder a las amenazas y repararlas una vez han invadido su entorno informático.
Los grupos de cibercriminales especializados en ransomware continúan evolucionando sus tácticas, por lo que las organizaciones deben ser plenamente conscientes de las amenazas que estos representan. Únase a Symantec en un webinar que se centrará en un ataque de ransomware para conocer más detalles sobre el incidente y sobre las medidas que tomó la empresa para reparar la amenaza.
Lo scorso anno il ransomware ha raggiunto un nuovo livello di evoluzione e pericolosità: come essere certi che l'infrastruttura IT sia protetta e in grado di affrontare un attacco?
Oggi i leader della sicurezza hanno importanti sfide da risolvere:
•Un’intelligence sulle minacce insufficiente a individuare gli aggressori e le campagne che potrebbero attaccare la loro azienda.
•La penuria di analisti di sicurezza competenti in grado di identificare il numero crescente di minacce che penetrano all’interno delle aziende. Nel 2015, ad esempio, l’uso del crypto-ransomware come strumento di aggressione è aumentato del 35%, ma le aziende aggredite impiegano ancora più di 200 giorni per accorgersi del problema.
•Scarsa conoscenza specializzata delle tecniche di incident response e remediation per gli ambienti IT colpiti.
Gli autori dei ransomware continuano ad affinare le proprie tattiche, e le aziende devono imparare a conoscere bene le nuove minacce. Partecipa al webinar Symantec che descrive un attacco di ransomware, le sue conseguenze e la strategia di remediation adottata dall’azienda colpita.
VCE VxRail Appliance with EMC data protection provides simple, fast and efficient protection of data and applications regardless of where they live, against whatever might happen, and at the right service level based on business value.