| Register | Log In | Submissions | Contact Us |
|
||
|
|
||
|
||
|
||
|
Recorded WebinarsImplementing IT-GRC: Five Biggest Pitfalls in IT Governance, Risk & ComplianceTuesday, November 11, 2008 11 a.m. central/12 p.m. eastern 60 minutes Listen Now >> While there is no one right way to implement a GRC or IT-GRC strategy in your organization, there certainly are best practices that have emerged over the past several years. This webinar looks at what can you do to put in place an effective IT-GRC strategy in your organization, and how to avoid the mistakes that many professionals and organizations have made in the past. IT-GRC has become a prevalent buzzword. However, there is a lot of confusion around what it is, how it relates to the business, and how governance, risk and compliance relate to each other. This webinar describes the core of IT-GRC, how to implement it, and common pitfalls to watch out for. While no one size fits all, every organization will benefit from the lessons here. Sanjay Anand is chairman of the SOX Institute and is known as a global expert on Corporate Governance and Regulatory Compliance with 20 years of experience as a strategic advisor, certified consultant, professional speaker and published author. Complying with PCI V1.2, Quick Start with Spectra Wednesday, October 29, 2008 11 a.m. Central / 12 p.m. Eastern Length: 60 Minutes Listen Now >> PCI DSS V1.2 is here! With the release of PCI DSS V1.2 on October 1, the industry standard for protecting credit card and other sensitive data has shifted into a new gear. What changes do you need to plan for? How can you quickly implement these changes in your compliance process? In this webinar, you will learn the primary changes included PCI DSS V1.2 and how you can use Spectra to quickly and easily incorporate these new requirements into your compliance process. Spectra gives you a quick start on updating your compliance strategy to meet the new PCI V1.2 requirements. Steve Helwig, Compliance and Policy Analyst will review the PCI v1.2 changes and Dan Hoffmann, Director of Product Management, give you a tour of Spectra PCI support and demonstrate the easiest way to get to IT compliance with PCI. Key benefits:
PCI Best Practices Tuesday, September 30 at 1200 p.m. EDT Length: 60 Minutes Listen Now >> >> PCI V1.2 is coming. Will you be ready? Dr. David Taylor takes the sting out of PCI implementation, by revealing the results of new research focused on PCI best practices and implementation strategies. Dr. David Taylor, Research Director of the PCI Knowledge Base Use of UCF and Other Frameworks for Managing GRC Programs Recorded: September 11, 2008 Length: 60 Minutes Listen Now >> We all suffer from audit fatigue. IT staff suffers with following too many guidelines and defending the same controls over and over again. Auditors suffer because their workload is compounded with additional regulatory guidelines for which they have to create examinations and interviews. This webinar explores how we can all lessen the burden of audit fatigue by unifying compliance controls. Whether you call it harmonizing, cross-walking, or unifying -- the idea is the same; comply once and attest to compliance for multiple regulatory guidelines. Dorian Cougias, who with Marcelo Halpern of Latham & Watkins, co-founded the Unified Compliance Framework, will walk users through the methodology the UCF uses for unifying compliance. Even if you aren't interested in the UCF, you will learn about a methodology that has been often copied. Non-Vulnerability Threats—Hackers Outsmart Agency Perimeter Security Length: 60 Minutes Listen Now >> How do you protect your agency against an HTTP page flood attack generated by botnets that attempt to take your Web site offline by downloading the same Web page 1,000,000 times per second? How do you protect your own agency staff from being recruited as hosts and used to launch these types of flood attacks? "The second phase of the attacks used much more sophisticated attack tools—mainly botnets...the attacks came from 75 or more jurisdictions using 1 million or more computers. The fascinating thing about this is that the people who owned those computers actually had no idea they were attacking another government."Robert Ayoub, Industry Manager, Frost & Sullivan North America, Information and Communication Technologies Practice Chrisan Herrod, Executive Editor, The Compliance Authority Magazine and Web Site, V.P. Strategic Alliances at Compliance Spectrum Ron Meyra, Product Marketing Manager, Radware IT Compliance Management: The PCI Leadership Report June 25, 2008 at 12:00 PM EDT Length: 60 Minutes Listen Now >> In the case of Hannaford, a retailer which was PCI compliant and still got breached, demonstrates that much more is needed, beyond basic PCI compliance, in order to have a secure enterprise. This webinar draws on research from the PCI Knowledge Base, including over 100 hours of anonymous, personal interviews with merchants, PCI assessors, banks, card processors and technologists, to identify and quantify what leading companies are doing, beyond basic compliance. The goal is to provide a set of guidelines and best practices for how to bridge the gap between compliance and securing the ecosystem. Topics covered in the webinar will include: • The top 5 vulnerabilities which remain, even after a company is PCI compliant • The 5 most important tools you can implement at a reasonable cost • The top 5 persistent procedural problems that permeate compliant companies Dr. David Taylor, CISSP, Founder of the PCI Knowledge Base and Research Director of the PCI Security Alliance GRC Industry Survey 2008: A Benchmark for Compliance Programs and Spend Recorded April 29, 2008 Length: 60 Minutes Listen Now >> The Compliance Authority and SOX Institute issued a GRC benchmark survey in March 2008 to 1000s of compliance professionals and practitioners that resulted in more than 450 completed surveys. The survey objective is to establish an industry benchmark for compliance programs, priorities and spend. The benchmark results will be discussed in this free webinar sponsored by Compliance Spectrum. The webinar will take the form of a panel discussion featuring Sanjay Anand, Chairperson of the SOX Institute, and Chrisan Herrod, Executive Editor of The Compliance Authority. Anand and Herrod will discuss the survey responses and implications for compliance professionals and their respective programs. Moderating the event will be John Engel, Director of Marketing at the SOX Institute. The survey represents a strong cross section (industries, company size, roles) of the compliance market and presents a balanced picture of the current state of compliance programs. The results offer webinar participants peer-level insight into the current state of compliance programs, including: • Regulatory priorities • Compliance program costs and budget expectations • Barriers to implementing a successful compliance program • Approaches to reducing the cost of compliance • Tools utilized to automate the compliance process Who should attend this webinar: • Chief Compliance Officers • Chief Information Security Officers • Compliance managers and practitioners • Internal/External Auditors Sanjay Anand, Chairperson of the SOX Institute and Chrisan Herrod, Executive Editor, The Compliance Authority Taking IT from the Backroom to the Boardroom! January 23, 2008 Length: 60 minutes Listen Now >> There is a need and recognition of the fact that IT is no longer just an afterthought (or a neverthought!) in business today. Businesses are highly dependent upon IT, and not just for reasons of efficiency and productivity but also for competitive and viability reasons as well. This presentation will focus on these aspects of IT in the context of Governance, Risk and Compliance (GRC). As IT makes its way into the Boardroom, however, it can serve a more valuable purpose within the organization. Specifically, IT can be used to better integrate the organization as a whole, can be used to align various parts of the organization, can be used to proactively compete in an ever-changing and more aggressive competitive landscape, and can even drive corporate strategy in technology-dependent companies and industries. • Historical view of IT • Current/changing view of IT • Traditional Role of IT in the Backroom • How IT is Making Its Way into the Boardroom • Roles and Responsibilities of board members for IT • Recommendations for How to Integrate IT in the Boardroom • General Definitions and concepts of IT Alignment and IT Strategy • IT Governance in the Context of IT Compliance and IT Risk Management Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Chrisan Herrod, Managing Director, IT Compliance Magazine From IT Compliance to IT Governance: Managing Risk within the IT Organization / Assessing the ROI for IT Compliance: A Systems Approach (Part 1) November 8th, 2007 Length: 66 minutes Listen Now >> • What is the difference between IT Compliance and IT Governance • Learn how to move to an IT Governance Model for your Organization • Develop an integrated approach to IT Risk using a governance model • Learn how to assess ROI for IT compliance • Explore the data surrounding ROI for automating IT Compliance Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Victor N. Berlin, Ph.D., President, University of Fairfax IT Change and Configuration Management October 4th, 2007 Length: 48 minutes Listen Now >> • Software Engineering Practices Relating to IT Governance and Compliance Today • Testing and Assessing Best Practices in IT Compliance Automation: An Action Research Program Rob Ayoub, Industry Manager, Network Security Technologies, Frost & Sullivan and Victor N. Berlin, Ph.D., President, University of Fairfax Global Compliance Strategies June 21, 2007 Length: 60 minutes Listen Now >> The Role of PCI DSS—Presented by Dr. David Taylor, CISSP One of the most costly errors that large enterprises make is to manage compliance on a "regulation-by-regulation" basis. Despite the emergence of compliance reporting tools that cross all major laws, regulations and standards, the majority of organizations we've consulted with do not have a funded "Compliance Officer" role or organization and manage by what can only be called the "checklist approach."This Webinar will examine the commonalities among the major laws, regulations and standards and suggest some specific technologies, processes and management strategies that can save a large organization both money and time. Because we have found the comprehensiveness of the Payment Card Industry Data Security Standard (PCI DSS) to be an effective "best of breed" set of standards (as it's based on ISO 17799 as well as OWASP), we will focus on how these standards may be generalized and applied beyond their payment card industry origins. The Need for IT Compliance Research and Education—Presented by Victor N. Berlin, Ph.D. The absence of empirical research in the IT compliance sector, especially as it relates to PCI, underscores a major vulnerability in the field. Organizations must conduct systematic PCI Compliance research and education in order to systematically test, review and disseminate results about PCI compliance practices. Such research and education will ensure a continuing aggregation of reliable knowledge about PCI Best Practices.. Without this knowledge, managers and executives will be forced to "fly by the seat of their pants" and PCI attaining compliance objectives will be "hit or miss."Research based training and education ensures that methods and techniques provided to executives and managers will produce reliable results. Furthermore, such research ensures organizations understand the limitations of any recommendations. Comparing and Contrasting European and U.S. Approaches to Compliance March 21st, 2007 Length: 60 minutes Listen Now >> Chrisan Herrod, Vice President of Compliance Solutions at Scalable Software and former Chief Security Officer with the SEC, will team up with Paul Neale, Executive Vice President of DOAR Litigation Consulting, a litigation-consulting firm based in the U.S. with clients worldwide, and Quentin Archer, a Partner at the London-based law firm Lovells, to summarize and discuss key issues relating to Compliance Management in the U.S. and Europe. During the last months of 2006, Scalable Software, Compliance Spectrum and IT Compliance Magazine conducted extensive research in both North America and Europe. This webinar will focus on sharing the findings that were garnered during this extensive research.
|
|
|
|
