Recorded: September 27 | 2018 Attend
Compliance is a fundamental pillar to effective risk management at any company. However, simply complying with laws and regulations without considering the broader threat landscape can result in disaster. Certainly, a balance between compliance and risk is necessary. Ensuring compliance represents an organization's starting point, not the endgame, should be a priority.
In a dynamic threat environment, forward-thinking organizations have concluded that the goal of total protection is elusive and that a risk-based approach to governance and management of cybersecurity is necessary. That is easier said than done, as the way most information security professionals measure risk today fails to quantify threats in terms the business can understand and use. In this CPE accredited webinar, our panel of experts will discuss:
- Aligning risk and compliance metrics and controls across functional domains
- Benchmarking existing process for managing the risks identified by stakeholders
- Creating a transparent 'system of record' and collaborative process life-cycle management system
- Prioritizing control efforts accordingly
- Aligning compliance investments with compliance risk ratings and business priorities
NASBA CPE Information
Register for this session via the console below. In order to be awarded the full credits, you must be respond to three out of the four polling questions asked during the program, and attend the session for a minimum of 45 minutes.
Qualifying participants will earn 1.0 CPE credit
Field of Study: Information Technology
Prerequisites: Basic knowledge of internet security issues within enterprise and the financial industry.
Who Should Attend: This session is suitable for executives, managers and key staff in all GRC and Information Security roles (including risk, audit, compliance, ethics, legal, performance, IT, Data Security, Cyber Security etc…). Members of technology providers and professional service firms will also benefit from understanding the issues and approaches covered on this session.
Program Level: Overview
Delivery Method: Group Internet Based. This is a group live event for NASBA authorized continuing education credit. Qualifying attendees will receive a certificate of completion of this event indicating 1 hour of CPE.
Executive IT Forums, Inc, is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have the final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.
Kelley Vick. Director of Programs for Executive IT Forums, Inc. Kelley has over 15 years of experience and is a regular host for the IT GRC Forum program. She is a professional writer and freelance journalist based in Brooklyn, New York. Kelley is an expert in program development and in addition to her work at Executive IT Forums she has worked as a producer and writer for national news networks, published articles in leading magazines, and is frequently featured as a case expert on television (You may have seen her recently on Snapped). Originally from Georgia, Kelley received her BBA in International Business from the University of Georgia, then earned a Master’s degree from the Medill School of Journalism at Northwestern University. Kelley’s education and work has taken her to more than 30 countries and given her the opportunity to live and work in dynamic cities around the globe. These adventures have given Kelley a unique perspective as well as a natural flair for effective communication.
Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. At APACS he started the move to confront the reality of the threat to payment systems and the implications this has on any risk and security decisions taken. He was instrumental in helping the industry coordinate the response to the wave of e-banking attacks that started in 2004, and the development of a card based customer authentication strategy to protect e-banking channels. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. This included contributing to the strategic development of the Council through representing Visa Europe at the PCI SSC's Executive Committee, as well as the technical development of the standards. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe. Colin was responsible for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. He has now built on this experience by learning first-hand what PCI DSS means to merchants through his experience at Carlson Wagonlit Travel. Applying PCI DSS to probably one of the most complex industry verticals and one where it is almost impossible to spend money as a customer without using credit cards! He is now working as a freelance consultant helping retailers and service providers solve their cyber security and payment security compliance dilemmas.
Scott Petry is the CEO of Authentic8. Scott has been using the cloud to disrupt the information security market for nearly 20 years. He founded Postini in 1999, which pioneered the cloud-delivered service model for email security and content compliance. After Postini was acquired by Google, Scott remained as Director of Product Management for Google Enterprise. In 2010, he co-founded Authentic8, a secure virtual browser solution designed to address the inherent lack of security in the protocols the world uses to access the web. He graduated with a B.S. from San Diego State University.
Marc French is the Senior Vice President and Chief Trust Officer at Mimecast. He has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role, Marc was the CSO of Endurance International Group/Constant Contact and has held a variety of senior security roles at EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet. Marc is a frequent speaker at industry events and currently chairs the MassTLC CISO group as well as serving on the Board of Directors for Infragard-Boston.
Stephen Boyer, CTO & Co-Founder at Bitsight. Prior to BitSight, Stephen was President and Cofounder of Saperix (acquired by Firemon), a company spun out of the MIT Lincoln Laboratory focused on vulnerability and network topology risk analysis. At MIT he led R&D programs solving large-scale national cybersecurity problems.