Register | Submissions | Contact Us  
The Compliance Authority: Compliance Insights, Perspectives & Best Practices in Compliance ManagementCompliance Articles on Compliance Management for the Enterprise: The Compliance AuthorityCompliance Webinars: The Compliance Authority- Insights, Perspectives & Best Practices in Compliance ManagementThe Compliance Authority BlogCompliance Events: The Compliance Authority- Know about all the events related to complianceCompliance Sponsors: The Compliance Authority- Learn about Sponsorship & Partnership OpportunitiesPartners: The Compliance Authority- Learn about Partnership OpportunitiesCompliance Experts: The Compliance Authority- Leading Experts & Practitioners in Compliance ManagementAbout The Compliance Authority- Insights, Perspectives & Best Practices in Compliance Management

Compliance Webinar- IT Compliance Management

Recorded Compliance Webinars

Upcoming Webinars

Non-Vulnerability Threats—Hackers Outsmart Agency Perimeter Security
Tuesday, July 15, 2008 at 1:00 PM EDT
Length: 60 Minutes
Register Now >>

Featured Speakers:
  • Robert Ayoub, Industry Manager, Frost & Sullivan North America, Information and Communication Technologies Practice
  • Chrisan Herrod, Executive Editor, The Compliance Authority Magazine and Web Site, V.P. Strategic Alliances at Compliance Spectrum
  • Ron Meyra, Product Marketing Manager, Radware
How do you protect your agency against an HTTP page flood attack generated by botnets that attempt to take your Web site offline by downloading the same Web page 1,000,000 times per second? How do you protect your own agency staff from being recruited as hosts and used to launch these types of flood attacks?

"The second phase of the attacks used much more sophisticated attack tools—mainly botnets...the attacks came from 75 or more jurisdictions using 1 million or more computers. The fascinating thing about this is that the people who owned those computers actually had no idea they were attacking another government."
—Lauri Almann, Permanent undersecretary of Defense, Estonia: Lessons from the cyberattacks on Estonia, GCN, June 16, 2008
Welcome to the new wave of hacker exploits: Non-Vulnerability Attacks!
HTTP flood attacks, phishing, spam, application scans and brute force attacks are examples of non-vulnerability threats. Non-vulnerability attacks do not exploit a software design flaw. Instead, they misuse legitimate application services for malicious activity. Detection through traditional perimeter security cannot combat these attacks.

How do you mitigate risks associated with these new cyber threats?
Tune into this interactive Radware eSeminar on July 15 and learn more about:
  • Non-vulnerability threats
  • Limitations of current IPS/IDS, anti-virus and firewall solutions
  • The impact of the emerging threat landscape on compliance and risk mitigation
  • Real-time signature protection for real-time threats
Register and qualify for a 30-minute security consultation with Radware regarding emerging network-based threats that cannot be detected by traditional IPS such as: application misuse threats, SSL attacks and VoIP service misuse.

Recorded Webinars

IT Compliance Management: The PCI Leadership Report
June 25, 2008 at 12:00 PM EDT
Length: 60 Minutes
Listen Now >>

Join Dr. David Taylor, CISSP, Founder of the PCI Knowledge Base and Research Director of the PCI Security Alliance

In the case of Hannaford, a retailer which was PCI compliant and still got breached, demonstrates that much more is needed, beyond basic PCI compliance, in order to have a secure enterprise. This webinar draws on research from the PCI Knowledge Base, including over 100 hours of anonymous, personal interviews with merchants, PCI assessors, banks, card processors and technologists, to identify and quantify what leading companies are doing, beyond basic compliance. The goal is to provide a set of guidelines and best practices for how to bridge the gap between compliance and securing the ecosystem.

Topics covered in the webinar will include:

- The top 5 vulnerabilities which remain, even after a company is PCI compliant
- The 5 most important tools you can implement at a reasonable cost
- The top 5 persistent procedural problems that permeate compliant companies


GRC Industry Survey 2008: A Benchmark for Compliance Programs and Spend
Recorded April 29, 2008 (60 Minutes)
Listen Now >>

Join Sanjay Anand, Chairperson of the SOX Institute and Chrisan Herrod, Executive Editor, The Compliance Authority

The Compliance Authority and SOX Institute issued a GRC benchmark survey in March 2008 to 1000s of compliance professionals and practitioners that resulted in more than 450 completed surveys. The survey objective is to establish an industry benchmark for compliance programs, priorities and spend. The benchmark results will be discussed in this free webinar sponsored by Compliance Spectrum.

The webinar will take the form of a panel discussion featuring Sanjay Anand, Chairperson of the SOX Institute, and Chrisan Herrod, Executive Editor of The Compliance Authority. Anand and Herrod will discuss the survey responses and implications for compliance professionals and their respective programs. Moderating the event will be John Engel, Director of Marketing at the SOX Institute.

The survey represents a strong cross section (industries, company size, roles) of the compliance market and presents a balanced picture of the current state of compliance programs. The results offer webinar participants peer-level insight into the current state of compliance programs, including:

- Regulatory priorities
- Compliance program costs and budget expectations
- Barriers to implementing a successful compliance program
- Approaches to reducing the cost of compliance
- Tools utilized to automate the compliance process

Who should attend this webinar:
- Chief Compliance Officers
- Chief Information Security Officers
- Compliance managers and practitioners
- Internal/External Auditors



Taking IT from the Backroom to the Boardroom!
January 23, 2008, (60 minutes)
Listen Now >>

Join Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Chrisan Herrod, Managing Director, IT Compliance Magazine

There is a need and recognition of the fact that IT is no longer just an afterthought (or a neverthought!) in business today. Businesses are highly dependent upon IT, and not just for reasons of efficiency and productivity but also for competitive and viability reasons as well. This presentation will focus on these aspects of IT in the context of Governance, Risk and Compliance (GRC). As IT makes its way into the Boardroom, however, it can serve a more valuable purpose within the organization. Specifically, IT can be used to better integrate the organization as a whole, can be used to align various parts of the organization, can be used to proactively compete in an ever-changing and more aggressive competitive landscape, and can even drive corporate strategy in technology-dependent companies and industries.

- Historical view of IT
- Current/changing view of IT
- Traditional Role of IT in the Backroom
- How IT is Making Its Way into the Boardroom
- Roles and Responsibilities of board members for IT
- Recommendations for How to Integrate IT in the Boardroom
- General Definitions and concepts of IT Alignment and IT Strategy
- IT Governance in the Context of IT Compliance and IT Risk Management



From IT Compliance to IT Governance: Managing Risk within the IT Organization / Assessing the ROI for IT Compliance: A Systems Approach (Part 1)
November 8th, 2007 (66 minutes)
Listen Now >>

Join Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Victor N. Berlin, Ph.D., President, University of Fairfax
  • What is the difference between IT Compliance and IT Governance
  • Learn how to move to an IT Governance Model for your Organization
  • Develop an integrated approach to IT Risk using a governance model
  • Learn how to assess ROI for IT compliance
  • Explore the data surrounding ROI for automating IT Compliance


IT Change and Configuration Management
October 4th, 2007 (48 minutes)
Listen Now >>


Join Rob Ayoub, Industry Manager, Network Security Technologies, Frost & Sullivan and Victor N. Berlin, Ph.D., President, University of Fairfax as they address:

  • Software Engineering Practices Relating to IT Governance and Compliance Today
  • Testing and Assessing Best Practices in IT Compliance Automation: An Action Research Program


Global Compliance Strategies
June 21, 2007
Listen Now >>

The Role of PCI DSSPresented by Dr. David Taylor, CISSP
One of the most costly errors that large enterprises make is to manage compliance on a "regulation-by-regulation" basis. Despite the emergence of compliance reporting tools that cross all major laws, regulations and standards, the majority of organizations we've consulted with do not have a funded "Compliance Officer" role or organization and manage by what can only be called the "checklist approach."This Webinar will examine the commonalities among the major laws, regulations and standards and suggest some specific technologies, processes and management strategies that can save a large organization both money and time. Because we have found the comprehensiveness of the Payment Card Industry Data Security Standard (PCI DSS) to be an effective "best of breed" set of standards (as it's based on ISO 17799 as well as OWASP), we will focus on how these standards may be generalized and applied beyond their payment card industry origins.

The Need for IT Compliance Research and EducationPresented by Victor N. Berlin, Ph.D.
The absence of empirical research in the IT compliance sector, especially as it relates to PCI, underscores a major vulnerability in the field. Organizations must conduct systematic PCI Compliance research and education in order to systematically test, review and disseminate results about PCI compliance practices. Such research and education will ensure a continuing aggregation of reliable knowledge about PCI Best Practices.. Without this knowledge, managers and executives will be forced to "fly by the seat of their pants" and PCI attaining compliance objectives will be "hit or miss."Research based training and education ensures that methods and techniques provided to executives and managers will produce reliable results. Furthermore, such research ensures organizations understand the limitations of any recommendations.

Comparing and Contrasting European and U.S. Approaches to Compliance
March 21st, 2007, (60 minutes)
Listen Now >>

Chrisan Herrod, Vice President of Compliance Solutions at Scalable Software and former Chief Security Officer with the SEC, will team up with Paul Neale, Executive Vice President of DOAR Litigation Consulting, a litigation-consulting firm based in the U.S. with clients worldwide, and Quentin Archer, a Partner at the London-based law firm Lovells, to summarize and discuss key issues relating to Compliance Management in the U.S. and Europe. During the last months of 2006, Scalable Software, Compliance Spectrum and IT Compliance Magazine conducted extensive research in both North America and Europe. This webinar will focus on sharing the findings that were garnered during this extensive research.

Sponsor/Partner Offers

University of Fairfax
Let your INFOSEC career soar! A Compliance Spectrumâ„¢ Fellowship can help you earn an INFOSEC MS/PhD online. Read more >>

JME Software sponsored a survey to discover trends and challenges organizations face with identity and access auditing as it relates to compliance initiatives. Survey results will be summarized on a free hour-long webinar on February 13, 2008. Register Now >>

HOME | ARTICLES | WEBINARS | BLOG | EVENTS | SPONSORS | EXPERTS | ABOUT | CONTACT
Copyright ©2008 The Compliance Authority, Inc. | Privacy Policy