PCI DSS: Preventing Costly Cases of Non Compliance
Recorded: May 24 | 2016 Attend
There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.
How to Identify and Reduce the Risks of 3rd Party Vendors
Recorded: April 12 | 2016 Attend
In a landscape filled with new threats and regulations managing the risks of 3rd party vendors is vitally important. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential 3rd party risks. They want to see organizations proactively identifying potential risks, verifying that business partners providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents.
Implementing a Risk Migration Plan for PCI DSS 3.1
Recorded: March 22 | 2016 Attend
Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.
Threat and Vulnerability Management: A Key Enabler of an Organizations IT GRC Program
Recorded: February 24 | 2016 Attend
In every organization, there are a multitude of applications and devices and a universe of threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements. It is no longer enough to have a handful of diligent security and compliance professionals managing the organization's risk strategies and controls. Their processes must embrace business and mission professionals' knowledge of risk, who evaluate the causal impact of threats to their operational performance, and participate in decision-making to meet their risk posture goals.
Best Practices to Prevent Data Breaches in 2016
Recorded: December 10 | 2015 Attend
In 2014 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
Enterprise Risk – Taming the Devil in the Data
Recorded: November 12 | 2015 Attend
In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders across all sectors. The growth of data is increasing exponentially, organizations are suffering from volatility across all risk types, and need to re-think their enterprise risk strategy. At the heart of this strategy is the need for a single consistent view of the data, and a data-centric, multi-platform approach to secure valuable customer and corporate data assets, end-to-end.
Managing Third-Party Risk to Strengthen IT Vendor Governance
Recorded: October 29 | 2015 Attend
Managing third-party risk is a big undertaking. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate through IT Vendors within the supply chain. Not only are the risks associated with third-party vendors increasing, but regulators are turning their attention to the need for organizations to manage IT vendor risk more effectively.
Realizing Data Security Potential
Recorded: September 15 | 2015 Play
Inadequate security and dedicated cyber attackers have led enterprise data breaches to increase at an alarming pace. Staggering numbers of affected customers - and financial losses - are sending shock waves through the business world, and creating a sense of urgency around identifying solutions. Finding a way to ward off cyber intruders has become a critical challenge.
A Business Risk Approach to IT Governance
Recorded: July 23 | 2015 Attend
As corporate information technology infrastructure increases in size and complexity, corporations are recognizing the need for a better mechanism for assessing IT's role and alignment to the key corporate initiatives. What began as a series of best practices has evolved into the field known as IT governance.
A Payment Breach Prevention Plan
Recorded: June 23 | 2015 Attend
The total number of fraudulent payment card transactions has grown every year since 2006, and experts are calling 2014 "the year of the breach." The Ponemon Institute found that each breach cost the average retailer $8.6 million in related expenses, and the price tag connected with a data breach increased across the board, reaching $20.8 million for financial service firms, $14.5 million for technology companies and $12.7 for communications providers.
A Best Practice Blueprint for eGRC
Recorded: May 26 | 2015 Play
With the increased regulation and scrutiny of the past decade, it is important for organizations to maintain best practices in order to control and achieve compliance with evolving regulatory requirements.
Understanding EMV, End-to-end encryption, and Tokenization
Recorded: March 19 | 2015 Play!
Data breaches are a widespread problem with over 1.1 billion records compromised in the last 10 years. According to the Verizon 2014 Data Breach Investigations Report, the vast majority of breaches occurred against small to mid-sized companies.
Preparing for PCI DSS 3.0 and VISA Mandates
Recorded: February 19 | 2015 On-Demand!
The clock is ticking for enterprises that have not yet upgraded their payment card processing systems to be compliant with Payment Card Industry Data Security Standard (PCI DSS) 3.0. As the Jan. 1, 2015 mandatory deadline approaches, there is increasing urgency to not only understand the most important changes in PCI DSS 3.0, but also to be ready for a rigorous QSA assessment against those changes. Since PCI 3.0 is bigger, harder and more expensive than the previous iteration, merchants have their work cut out for them.
Top Guidelines for Hadoop Security and Governance in 2015
Recorded: January 21 | 2015 Play
In 2015 the size of the digital universe will be tenfold what it was in 2010. Large-scale data breaches are on the rise across all sectors, and enterprise data security initiatives must evolve to address new and growing threats. Consumer transactions, personally identifiable information, customer records, and the like, all flowing together into the Hadoop 'data lake', will enable critical business insights but also means Hadoop installations will be a rich target for cyber-crime.
Top Security Guidelines for EMV and Mobile Payments in 2015
Recorded: December 4 | 2014 Play
More than 100 million Americans have lost personal information in a data breach over the last year, and identity theft is the fastest growing crime in the US. As a result, President Obama has launched a government initiative to support the US migration to EMV and improve information sharing on cyberfraud threats, and nearly half of US merchant terminals are expected to accept EMV cards by the end of next year.
Don't Be the Next Headline: Data Security Best Practices for 2015 and Beyond
Recorded: November 4 | 2014 Play
Albert Einstein once observed: "Technological progress is like an axe in the hands of a pathological criminal." His words were eerily prophetic of the continuous news of data breaches in the retail and banking sectors.
Securing Hadoop – the Data-Centric Approach
Recorded: October 1 | 2014 Play
If you're embarking on Hadoop adoption you know that sensitive customer and corporate data will be in the ecosystem – transactional data, intellectual property, customer files, and more. As Adrian Lane of Securosis has noted, "High quality data produces better analysis results—which is why a key ingredient is sensitive data." Now the question becomes how to keep sensitive data secure as it moves into and beyond Hadoop, and—most importantly—how to protect the data but still make it accessible by many different users with varying analytic needs and ad-hoc processes.
The Case for Building Your Own Secure, Compliant Cloud
Recorded: September 24 | 2014 Play
What is driving expansion to the cloud? In most cases, it's cost. But for many enterprise IT organizations, it is about agility, efficiency, and productivity.
Panel: Why EMV is Not the Only Answer to Payment Security
Recorded: September 16 | 2014 Play
2013 was the worst year yet in terms of data breaches, with over 740 million records exposed, and 2014 is shaping up to be more of the same. Security analysts estimate the costs of the data breach that hit U.S. retailer Target are approaching half a billion dollars for the company. The total cost of the breach including losses incurred by banks, consumers and others–could easily reach into the billions of dollars, and the incidents continue in the food industry, state government, and other sectors.
Compliance Does Not Equal Security – A Risk-Based Plan for ePHI Protection
Recorded: August 20 | 2014 Play
With the emergence of big data healthcare analytics, electronic health information exchange, clinical data warehousing, and other technologies for optimizing patient care, the healthcare industry has never been more reliant on electronic data and the strict requirements associated with the data. The advances in business processes, technology and regulations require that data security initiatives evolve to address new and growing threats. Coincidentally, in a recent survey, 69% of organizations felt that provisions of the Affordable Care Act (ACA) have the effect of increasing or significantly increasing risks to patient privacy and security.