Recorded: with Gartner | 2011 View Webinar
When companies share sensitive documents with partners outside the corporate network, security, compliance and collaboration are often seen as a tradeoff. You can lock information down behind the firewall with strict policies and centralized control, but without collaboration. Or you can use a collaboration portal, but at the expense of security and the ability to enforce corporate confidentiality policies.
Recorded: 2011 Listen Now
Annual costs of data management are soaring. So how can your business stay ahead of the curve to achieve and maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS) and still deal with potentially millions of points of vulnerability?
In this session we will provide a detailed analysis on how PCI DSS 2.0 impacts your IT operations (e.g., network engineering, server management, and applications development); intended for technical audience.
Presenter: Tim Dunn, Vice President of Strategy, CA Technologies Security Europe
Traditional Identity and Access Management (IAM) platforms were built with one primary scenario in mind, to run on an enterprise's premises for their tightly scoped user community. The business and technology world has moved on, businesses want to be more innovative and agile. Gaining a competitive edge means exploiting technologies such as cloud, virtualisation, worker mobility enablement, personal device adoption, and business collaboration tools. IAM has become pivotal in enabling business innovation.
Presenter: Alan Priestly, Director, Cloud Marketing EMEA, Intel
Today, cloud access security requires more than a simplistic secure VPN tunnel or single sign on from tightly controlled corporate applications. Users are demanding access to the cloud from a wider range of clients and directly on the cloud platform itself. From a compliance standpoint it is a growing nightmare involving orphaned accounts, infected clients, and un-auditable silos of user activity data left outside enterprise control. In this session, Intel showcases key technologies that are being used in the market today to build a trusted client to cloud connection.
Presenter: Jason Wood, Assistant Professor, Jack Welch, President of WoodCPA Plus P.C.
The presentation will discuss audit considerations in a cloud computing environment. Technology professionals can learn what to expect from their auditors, and auditors can learn what areas to review in a cloud environment.
Presenter: Dean Ocampo, CISSP, Dir. of Product Marketing & Tom Stickle, Sr. Solution Architect, Amazon Web Services
Organizations who have locked down PCI in the traditional Data Center are now struggling with how to transform to a cloud-oriented world with their compliance-impacted data intact. Plainly put, PCI compliance is enabled through a combination of certified infrastructures, and protection and control of PAN data – and the same principles apply whether you're in the Data Center and in the Cloud. In this webcast, we'll show you what you need to know about PCI in the Cloud – selecting the right infrastructure, understanding audit scope, and a checklist for enforcing and enabling controls that will ensure critical protection and compliance of your data no matter where it goes.
Presenter: Iddo Kadim, Director of Data Center Virtualization Technologies, Intel
Security is a key concern in cloud today. Security solutions are often sold on the basis of fear—how to stop malicious hackers. And there is value in this, for the threats are often real. But in today's competitive world, one must also focus on how technology allows growth and innovation while also meeting security requirements. Attendees will learn how Intel is enhancing platforms with new security capabilities and enabling a broad ecosystem of solutions that allow companies to embrace virtualization and cloud without compromising security, thus gaining more efficiency, control and functional compliance.
Presenter: Jonathan Armstrong, Technology Lawyer Partner, Duane Morris LLP
All you ever wanted to know about the legal risks of cloud computing, but were too afraid to ask. In this webcast acclaimed technology lawyer Jonathan Armstrong gives a quick rundown of the legal issues of cloud computing including the latest news on regulatory developments in Europe and the Americas. Jonathan also discusses the UK regulator's checklist for cloud vendors and purchasers, data privacy issues and the need for flexibility and portability in legal agreements.
Presenter: Emma Webb-Hobson, Information Assurance Consultant, QinetiQ
Examining the issues facing small to medium enterprises when choosing a cloud service provider. This presentation will give an overview of what areas and questions the SME procurer should consider to make an informed decision about adopting new cloud services.
Presenter: Gregor Petri, Advisor on Lean IT and Cloud Computing, CA Technologies
The economies of cloud computing promise great rewards. But these rewards will only become reality if the associated risks of cloud computing are addressed. And preferably these risks should be addressed early on, ideally during the design of these services. In this session you will learn about a ground breaking new way to design, build and run new, reliable and secure cloud services. In the age of cloud computing, leveraging virtualization, abstraction and sourcing are key to delivering greater returns. See how this can be achieved in a simple and repeatable way.
Presenter: Glyn Bowden, SNIA & Storage Infrastructure Architect
The introduction of computing and data services in a virtualized and service provider context exposes the customer's information to a new set of threats and vulnerabilities. This session provides an introduction to those threats and what techniques are available to mitigate the threats.
Presenters: Michael Sutton, VP of Research, Zscaler; Eran Feigenbaum, Director of Security, Google Apps; and Matt Broda, Security Strategist, Microsoft
Cloud vendors promise powerful resources at an attractive price and this has led many enterprises to consider migrating data and applications to cloud based architectures. Vendors also promise increased overall security thanks to the economies of scale which allow them to employ staff and technologies that offer greater security than a typical enterprise could justify. Yet many remain skeptical of the cloud when it comes to trusting a third party with precious data. At the same time, multi-tenant architectures housing data from multiple sources make clouds attractive targets for attackers.
This session will focus on the value of internal tokenization in reducing scope and potential audit costs at the datacenter, with a specific focus on post-payment applications, databases, loyalty tracking systems, data warehousing, and business applications.
Recorded: April 27 | 2011
For many organizations, Sarbanes-Oxley compliance is mandatory; both on the financial side and on the IT side managing the process can be an arduous an unwitting waste of time. Walkthroughs that need to be reviewed by numerous individuals, tens of controls that need to be sampled and tested in detail can come with time lags that makes an already detailed task more cumbersome.
The widespread private use by employees is embraced by many businesses in their communications. The policies and procedures on the proper business use of social media should address the protection of intellectual property, but also consider and respect the interest of preserving the public domain and fair use/dealing, of stimulating fair competition and innovation.
Understanding and complying with the PCI Data Security Standard (PCI DSS) can be a daunting task - especially if your organization has limited time and resources. The new PCI DSS 2.0 standard, which took effect Jan. 1, requires testing a virtualized environment to ensure that if you put multiple accounts onto a single processor, there is still segregation of data and all the data is protected.
In this panel discussion we will address the challenges IT teams face as a result of siloed, inefficient point tool approaches to administering and enforcing security and compliance policy across hybrid IT infrastructures.
Integrating IT Risk Management systems is critical for organizations who want to secure their IT investments from internal and external risks related to information security, infrastructure, project management and business continuity processes.
Presenting: Chris Noell, EVP of Product Management at TruArx
For many organizations, Sarbanes-Oxley compliance is mandatory, but automation of the self-assessment process can make it less painful. There are many advantages to using an IT GRC tool to automate assessments such as speed, efficiency, data integrity, and improved analysis.
Recorded: Sept 23 2010
Presenting: Brian Zawada, Avalution Consulting & John DiMaria, eFortresses
There has been much debate regarding which guidelines or standards are best suited for organizational business continuity and management.
Recorded: 25 August 2010
Automating the IT Risk Management process is critical for organizations who want to secure their IT investments from internal and external risks related to information security, infrastructure, project management and business continuity processes.
Recorded: Wednesday, July 21st @ 2pm EST
Presented By: Michael Rasmussen, Corporate Integrity, and Chris Noel, TruArx.
In today's economic climate, many organizations outsource parts of their business to take advantage of cost savings and solution-expertise. However, as vendor relationships increase, it becomes more difficult to manage them. The risks assumed by outsourcing can be significant without a vendor management program.
When: Jan 13 2011
Presenting: Javier Carrillo, Lead Business Continuity Planner
Individuals are sometimes thrust into the world of Oz (Business Continuity) with little or no background in the area. Through their journey in Oz, they stumble upon resources and find frequent barriers to success.