On-Demand (148)
Advancing Business Performance: Align IT Vendor Risk to Enterprise Risk Management
Recorded: January 24 | 2017 Attend
Growing exposure to IT risks has made organizations across industries volatile. Recent IT vendor incidents like data and security beaches, violation of privacy guidelines, which caused substantial fines, penalties, brand value, highlight that IT vendor risks are business risks and require focus from the leadership.
Evolving an Enterprise Risk Management Program
Recorded: November 17 | 2016 Attend
Organizations are suffering from volatility across all risk types, and in every organization, there are a multitude of applications and devices with threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements, and senior management are being pressured to improve enterprise risk management capabilities.
Delivering Data Security with Hadoop and the IoT
Recorded: August 9 | 2016 Attend
The Internet of Things (IoT) is here to stay, and Gartner predicts there will be over 26 billion connected devices by 2020. This is driving an explosion of data which offers tremendous opportunity for organizations to gain business value, and Hadoop has emerged as the key component to make sense of the data and realize the maximum value. On the flip side, the surge of new devices has increased the potential for hackers to wreak havoc, and Hadoop has been described as the biggest cybercrime bait ever created.
Data-Centric Security: Staying Ahead of the Threat Curve
Recorded: Sept 21 | 2016 Attend
Over recent years, several organizations have suffered damaging data breaches where sensitive data was stolen. Alarmingly, things seem to be getting worse, and the results can be devastating. With the expanding threat landscape and the rise of the data-centric enterprise, companies must have parallel development of their security architecture to protect their sensitive data. But in the time it's taken for data security to catch up with the changing environment, organizations have found their compliance and data protection programs vulnerable.
How to Identify and Reduce the Risks of 3rd Party Vendors
Recorded: April 12 | 2016 Attend
In a landscape filled with new threats and regulations managing the risks of 3rd party vendors is vitally important. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential 3rd party risks. They want to see organizations proactively identifying potential risks, verifying that business partners providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents.
Implementing a Risk Migration Plan for PCI DSS 3.1
Recorded: March 22 | 2016 Attend
Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.
Threat and Vulnerability Management: A Key Enabler of an Organizations IT GRC Program
Recorded: February 24 | 2016 Attend
In every organization, there are a multitude of applications and devices and a universe of threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements. It is no longer enough to have a handful of diligent security and compliance professionals managing the organization's risk strategies and controls. Their processes must embrace business and mission professionals' knowledge of risk, who evaluate the causal impact of threats to their operational performance, and participate in decision-making to meet their risk posture goals.
Best Practices to Prevent Data Breaches in 2016
Recorded: December 10 | 2015 Attend
In 2014 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
Enterprise Risk – Taming the Devil in the Data
Recorded: November 12 | 2015 Attend
In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders across all sectors. The growth of data is increasing exponentially, organizations are suffering from volatility across all risk types, and need to re-think their enterprise risk strategy. At the heart of this strategy is the need for a single consistent view of the data, and a data-centric, multi-platform approach to secure valuable customer and corporate data assets, end-to-end.
Managing Third-Party Risk to Strengthen IT Vendor Governance
Recorded: October 29 | 2015 Attend
Managing third-party risk is a big undertaking. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Not only are the risks associated with third-party vendors increasing, but regulators are turning their attention to the need for organizations to manage IT vendor risk more effectively.
Realizing Data Security Potential
Recorded: September 15 | 2015 Play
Inadequate security and dedicated cyber attackers have led enterprise data breaches to increase at an alarming pace. Staggering numbers of affected customers - and financial losses - are sending shock waves through the business world, and creating a sense of urgency around identifying solutions. Finding a way to ward off cyber intruders has become a critical challenge.
A Business Risk Approach to IT Governance
Recorded: July 23 | 2015 Play
As corporate information technology infrastructure increases in size and complexity, corporations are recognizing the need for a better mechanism for assessing IT's role and alignment to the key corporate initiatives. What began as a series of best practices has evolved into the field known as IT governance.
A Payment Breach Prevention Plan
Recorded: June 23 | 2015 Attend
The total number of fraudulent payment card transactions has grown every year since 2006, and experts are calling 2014 "the year of the breach." The Ponemon Institute found that each breach cost the average retailer $8.6 million in related expenses, and the price tag connected with a data breach increased across the board, reaching $20.8 million for financial service firms, $14.5 million for technology companies and $12.7 for communications providers.
Understanding EMV, End-to-end encryption, and Tokenization
Recorded: March 19 | 2015 Play!
Data breaches are a widespread problem with over 1.1 billion records compromised in the last 10 years. According to the Verizon 2014 Data Breach Investigations Report, the vast majority of breaches occurred against small to mid-sized companies.
Preparing for PCI DSS 3.0 and VISA Mandates
Recorded: February 19 | 2015 On-Demand!
The clock is ticking for enterprises that have not yet upgraded their payment card processing systems to be compliant with Payment Card Industry Data Security Standard (PCI DSS) 3.0. As the Jan. 1, 2015 mandatory deadline approaches, there is increasing urgency to not only understand the most important changes in PCI DSS 3.0, but also to be ready for a rigorous QSA assessment against those changes. Since PCI 3.0 is bigger, harder and more expensive than the previous iteration, merchants have their work cut out for them.
Top Guidelines for Hadoop Security and Governance in 2015
Recorded: January 21 | 2015 Play
In 2015 the size of the digital universe will be tenfold what it was in 2010. Large-scale data breaches are on the rise across all sectors, and enterprise data security initiatives must evolve to address new and growing threats. Consumer transactions, personally identifiable information, customer records, and the like, all flowing together into the Hadoop 'data lake', will enable critical business insights but also means Hadoop installations will be a rich target for cyber-crime.