Getting PCI to the Cloud: Amazon Web Services and SafeNet
Presenter: Dean Ocampo, CISSP, Dir. of Product Marketing & Tom Stickle, Sr. Solution Architect, Amazon Web Services
Organizations who have locked down PCI in the traditional Data Center are now struggling with how to transform to a cloud-oriented world with their compliance-impacted data intact. Plainly put, PCI compliance is enabled through a combination of certified infrastructures, and protection and control of PAN data – and the same principles apply whether you're in the Data Center and in the Cloud. In this webcast, we'll show you what you need to know about PCI in the Cloud – selecting the right infrastructure, understanding audit scope, and a checklist for enforcing and enabling controls that will ensure critical protection and compliance of your data no matter where it goes.
Trusting Cloud Services with Intel® Trusted Execution Technology
Presenter: Iddo Kadim, Director of Data Center Virtualization Technologies, Intel
Security is a key concern in cloud today. Security solutions are often sold on the basis of fear—how to stop malicious hackers. And there is value in this, for the threats are often real. But in today's competitive world, one must also focus on how technology allows growth and innovation while also meeting security requirements. Attendees will learn how Intel is enhancing platforms with new security capabilities and enabling a broad ecosystem of solutions that allow companies to embrace virtualization and cloud without compromising security, thus gaining more efficiency, control and functional compliance.
Cloud Computing & the Law: How to Protect Your Data
Presenter: Jonathan Armstrong, Technology Lawyer Partner, Duane Morris LLP
All you ever wanted to know about the legal risks of cloud computing, but were too afraid to ask. In this webcast acclaimed technology lawyer Jonathan Armstrong gives a quick rundown of the legal issues of cloud computing including the latest news on regulatory developments in Europe and the Americas. Jonathan also discusses the UK regulator's checklist for cloud vendors and purchasers, data privacy issues and the need for flexibility and portability in legal agreements.
Vetting a Cloud Service Provider
Presenter: Emma Webb-Hobson, Information Assurance Consultant, QinetiQ
Examining the issues facing small to medium enterprises when choosing a cloud service provider. This presentation will give an overview of what areas and questions the SME procurer should consider to make an informed decision about adopting new cloud services.
Cloudonomics or Risky Business? How to Architect your Services
Presenter: Gregor Petri, Advisor on Lean IT and Cloud Computing, CA Technologies
The economies of cloud computing promise great rewards. But these rewards will only become reality if the associated risks of cloud computing are addressed. And preferably these risks should be addressed early on, ideally during the design of these services. In this session you will learn about a ground breaking new way to design, build and run new, reliable and secure cloud services. In the age of cloud computing, leveraging virtualization, abstraction and sourcing are key to delivering greater returns. See how this can be achieved in a simple and repeatable way.
Cloud Storage Security Introduction
Presenter: Glyn Bowden, SNIA & Storage Infrastructure Architect
The introduction of computing and data services in a virtualized and service provider context exposes the customer's information to a new set of threats and vulnerabilities. This session provides an introduction to those threats and what techniques are available to mitigate the threats.
Storm Clouds on the Horizon: Can I Trust My Data in the Cloud?
Presenters: Michael Sutton, VP of Research, Zscaler; Eran Feigenbaum, Director of Security, Google Apps; and Matt Broda, Security Strategist, Microsoft
Cloud vendors promise powerful resources at an attractive price and this has led many enterprises to consider migrating data and applications to cloud based architectures. Vendors also promise increased overall security thanks to the economies of scale which allow them to employ staff and technologies that offer greater security than a typical enterprise could justify. Yet many remain skeptical of the cloud when it comes to trusting a third party with precious data. At the same time, multi-tenant architectures housing data from multiple sources make clouds attractive targets for attackers.
Internal Gateway Tokenization: A Strategy to Reduce Risks & Lock-in
This session will focus on the value of internal tokenization in reducing scope and potential audit costs at the datacenter, with a specific focus on post-payment applications, databases, loyalty tracking systems, data warehousing, and business applications.
Top Requirements for Successfully Automating SOX Quarterly Self-Assessments: Vol. 2
Recorded: April 27 | 2011
For many organizations, Sarbanes-Oxley compliance is mandatory; both on the financial side and on the IT side managing the process can be an arduous an unwitting waste of time. Walkthroughs that need to be reviewed by numerous individuals, tens of controls that need to be sampled and tested in detail can come with time lags that makes an already detailed task more cumbersome.
Social media in your business: The Risks vs. The Opportunities
The widespread private use by employees is embraced by many businesses in their communications. The policies and procedures on the proper business use of social media should address the protection of intellectual property, but also consider and respect the interest of preserving the public domain and fair use/dealing, of stimulating fair competition and innovation.
PCI DSS 2.0 & Virtualization - Are You Compliant?
Understanding and complying with the PCI Data Security Standard (PCI DSS) can be a daunting task - especially if your organization has limited time and resources. The new PCI DSS 2.0 standard, which took effect Jan. 1, requires testing a virtualized environment to ensure that if you put multiple accounts onto a single processor, there is still segregation of data and all the data is protected.
Simplify IT Risk and Compliance Management
In this panel discussion we will address the challenges IT teams face as a result of siloed, inefficient point tool approaches to administering and enforcing security and compliance policy across hybrid IT infrastructures.
Integrating Risk Management Systems to Optimize GRC
Integrating IT Risk Management systems is critical for organizations who want to secure their IT investments from internal and external risks related to information security, infrastructure, project management and business continuity processes.
Top Requirements for Successfully Automating SOX Quarterly Self-Assessments
Presenting: Chris Noell, EVP of Product Management at TruArx
For many organizations, Sarbanes-Oxley compliance is mandatory, but automation of the self-assessment process can make it less painful. There are many advantages to using an IT GRC tool to automate assessments such as speed, efficiency, data integrity, and improved analysis.
The Confusion over BCMS Standards; Don’t just stand there do something
Recorded: Sept 23 2010
Presenting: Brian Zawada, Avalution Consulting & John DiMaria, eFortresses
There has been much debate regarding which guidelines or standards are best suited for organizational business continuity and management.
Benefits of IT Risk Management Process Automation
Recorded: 25 August 2010
Automating the IT Risk Management process is critical for organizations who want to secure their IT investments from internal and external risks related to information security, infrastructure, project management and business continuity processes.
Extending Your Risk and Compliance Program: Vendor Management Best Practices
Recorded: Wednesday, July 21st @ 2pm EST
Presented By: Michael Rasmussen, Corporate Integrity, and Chris Noel, TruArx.
In today's economic climate, many organizations outsource parts of their business to take advantage of cost savings and solution-expertise. However, as vendor relationships increase, it becomes more difficult to manage them. The risks assumed by outsourcing can be significant without a vendor management program.
Movin On Up: Making the Case for Backup and Recovery in the Cloud
When: Jan 13 2011
Presenting: Dave Bartoletti; Taneja Group, Senior Analyst
In this presentation, Taneja Group analyst Dave Bartoletti will share his insights, strategies and outlook on the rapidly emerging field of cloud-based data protection, including backup, recovery, replication and DR.
EOCs, TRCs, & BRCs! Oh, My!: The "Oz Syndrome"© in BC Planning
When: Jan 13 2011
Presenting: Javier Carrillo, Lead Business Continuity Planner
Individuals are sometimes thrust into the world of Oz (Business Continuity) with little or no background in the area. Through their journey in Oz, they stumble upon resources and find frequent barriers to success.
Continuity Challenges For Resilience In Your Supply Chain
When: Jan 13 2011
Presenting: Vicki Gavin, Head of Business Continuity, The Economist Group
Join Vicki Gavin, Head of Business Continuity as she explores the emerging challenges in 2011 for business resilience in the supply and industry chain.
BCDR a Discipline or a Project?
When: Jan 13 2011
Presenting: Paul Rivett, Operations Director, CNet Training
What is the perception of BCDR & cloud backup - are they useless you test them?
Legal Risks in Cloud Backup
When: Jan 13 2011
Presenting: Ibrahim Hasan, CEO, Act Now Training
Ibrahim Hasan is a recognised expert on data protection, freedom of information and surveillance law. He was previously Principal Solicitor at Calderdale Council and has worked for Bradford Council and Nottinghamshire County Council.
Framework to Evaluate Your BCDR Plans
When: Jan 13 2011
Presenting: Shankar Swaroop, Director of BCDR, NEXCOM
An organization's resiliency is directly related to the effectiveness of its continuity capability. An organization's continuity capability—its ability to perform its essential functions continuously—rests upon key components and pillars, which are in turn built on the foundation of continuity planning and program management.
Cloud Backup and Recovery: Why now? Why Cloud?
When: Jan 13 2011
Presenting: Ashar Baig; Chairman of Cloud Backup & Recovery, SIG, SNIA
Most companies are so focused on data backup that they often forget "why" they are backing up their data in the first place. Data protection (backup, snapshots, replication, CDP, etc.) is just a means to an end.
