• Implementing IT-GRC: Five Biggest Pitfalls in IT Governance, Risk & Compliance (IT-GRC)

    November 11th, 2008, (56 minutes)

    Speaker Sanjay Anand, Chairperson of the SOX Institute

    While there is no one right way to implement a GRC or IT-GRC strategy in your organization, there certainly are best practices that have emerged over the past several years. This presentation (webinar) looks at what can you do to put in place an effective IT-GRC strategy in your organization, and then more importantly what can you do not make the same mistakes that many professionals and organizations have made in the past. The topic of IT-GRC (Governance, Risk, Compliance) is one that has become more and more prevalent. However, there is a lot of confusion around what it is, how it relates to the business, and how the three pieces (G, R and C) relate to each other. This presentation explains some aspects about IT-GRC, in particular how to implement it, and what common pitfalls to watch out for. While no one size fits all, every organization will benefit from the lessons here.

  • PCI Best Practices

    September 30th, 2008, (60 minutes)

    Speaker Dr. David Taylor, Research Director of the PCI Knowledge Base

    PCI V1.2 is coming. Will you be ready? Dr. David Taylor takes the sting out of PCI implementation, by revealing the results of new research focused on PCI best practices and implementation strategies.

  • Use of UCF and Other Frameworks for Managing GRC Programs

    September 11th, 2008, (60 minutes)

    Speaker Dorian Cougias, author of "Say What You Do: Building a framework of IT controls, policies, standards, and procedures and The Language of Compliance: A Glossary of Terms, Acronyms, and Extended Definitions."

    What if you could simplify your GRC strategy? Have you heard of UCF, but don't know much about it? Dorian Cougias discusses the use of the Unified Compliance Framework (UCF) and other frameworks for managing GRC programs.

  • The PCI Leadership Report

    June 25th, 2008, (62 minutes)

    Join Dr. David Taylor, CISSP, Founder of the PCI Knowledge Base and Research Director of the PCI Security Alliance

    In the case of Hannaford, a retailer which was PCI compliant and still got breached, demonstrates that much more is needed, beyond basic PCI compliance, in order to have a secure enterprise. This webinar draws on research from the PCI Knowledge Base, including over 100 hours of anonymous, personal interviews with merchants, PCI assessors, banks, card processors and technologists, to identify and quantify what leading companies are doing, beyond basic compliance. The goal is to provide a set of guidelines and best practices for how to bridge the gap between compliance and securing the ecosystem.

    Topics covered in the webinar will include:

    • The top 5 vulnerabilities which remain, even after a company is PCI compliant
    • The 5 most important tools you can implement at a reasonable cost
    • The top 5 persistent procedural problems that permeate compliant companies

  • GRC Industry Survey sets a Benchmark for Compliance Programs and Spend

    April 29th, 2008, (60 minutes)

    Join Sanjay Anand, Chairperson of the SOX Institute and Chrisan Herrod, Executive Editor of The Compliance Authority

    The Compliance Authority and SOX Institute issued a GRC benchmark survey in March 2008 to 1000's of compliance professionals and practitioners that resulted in more than 450 completed surveys. The survey objective is to establish an industry benchmark for compliance programs, priorities and spend. The benchmark results will be discussed in this free webinar sponsored by Compliance Spectrum.

    The webinar will take the form of a panel discussion featuring Sanjay Anand, Chairperson of the SOX Institute, and Chrisan Herrod, Executive Editor of The Compliance Authority. Anand and Herrod will discuss the survey responses and implications for compliance professionals and their respective programs. Moderating the event will be John Engel, Director of Marketing at the SOX Institute.

    The survey represents a strong cross section (industries, company size, roles) of the compliance market and presents a balanced picture of the current state of compliance programs. The results offer webinar participants peer-level insight into the current state of compliance programs, including:

    • Regulatory priorities
    • Compliance program costs and budget expectations
    • Barriers to implementing a successful compliance program
    • Approaches to reducing the cost of compliance
    • Tools utilized to automate the compliance process

  • From IT Compliance to IT Governance: Managing Risk within the IT Organization / Assessing the ROI for IT Compliance: A Systems Approach (Part 2)

    March 12th, 2008, (55 minutes)

    Join Chrisan Herrod, Executive Editor, The Compliance Authority Magazine (TCA) and Victor N. Berlin, Ph.D., President, University of Fairfax

    • Learn the difference and the relationship between IT Compliance and IT Governance
    • Learn how to move to an integrated Governance, Risk, and Compliance Model for your IT Organization
    • Learn how to assess ROI for IT compliance
    • Explore the data surrounding ROI for automating IT Compliance
    • Explore the concept of GRC best practices as a contributor to the Green IT movement

  • Taking IT from the Backroom to the Boardroom!

    January 23, 2008, (60 minutes)

    Join Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Chrisan Herrod, Managing Director, IT Compliance Magazine

    There is a need and recognition of the fact that IT is no longer just an afterthought (or a neverthought!) in business today. Businesses are highly dependent upon IT, and not just for reasons of efficiency and productivity but also for competitive and viability reasons as well. This presentation will focus on these aspects of IT in the context of Governance, Risk and Compliance (GRC). As IT makes its way into the Boardroom, however, it can serve a more valuable purpose within the organization. Specifically, IT can be used to better integrate the organization as a whole, can be used to align various parts of the organization, can be used to proactively compete in an ever-changing and more aggressive competitive landscape, and can even drive corporate strategy in technology-dependent companies and industries.

    • Historical view of IT
    • Current/changing view of IT
    • Traditional Role of IT in the Backroom
    • How IT is Making Its Way into the Boardroom
    • Roles and Responsibilities of board members for IT
    • Recommendations for How to Integrate IT in the Boardroom
    • General Definitions and concepts of IT Alignment and IT Strategy
    • IT Governance in the Context of IT Compliance and IT Risk Management

  • From IT Compliance to IT Governance: Managing Risk within the IT Organization / Assessing the ROI for IT Compliance: A Systems Approach (Part 1)

    November 8th, 2007, (66 minutes)

    Join Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Victor N. Berlin, Ph.D., President, University of Fairfax

    • What is the difference between IT Compliance and IT Governance
    • Learn how to move to an IT Governance Model for your Organization
    • Develop an integrated approach to IT Risk using a governance model
    • Learn how to assess ROI for IT compliance
    • Explore the data surrounding ROI for automating IT Compliance

  • IT Change and Configuration Management

    October 4th, 2007, (48 minutes)

    Join Rob Ayoub, Industry Manager, Network Security Technologies, Frost & Sullivan and Victor N. Berlin, Ph.D., President, University of Fairfax as they address:

    • Software Engineering Practices Relating to IT Governance and Compliance Today
    • Testing and Assessing Best Practices in IT Compliance Automation: An Action Research Program

  • Global Compliance Strategies

    June 21, 2007

    The Role of PCI DSS

    Presented by: Dr. David Taylor, CISSP

    One of the most costly errors that large enterprises make is to manage compliance on a "regulation-by-regulation" basis. Despite the emergence of compliance reporting tools that cross all major laws, regulations and standards, the majority of organizations we've consulted with do not have a funded "Compliance Officer" role or organization and manage by what can only be called the "checklist approach."

    This Webinar will examine the commonalities among the major laws, regulations and standards and suggest some specific technologies, processes and management strategies that can save a large organization both money and time. Because we have found the comprehensiveness of the Payment Card Industry Data Security Standard (PCI DSS) to be an effective "best of breed" set of standards (as it's based on ISO 17799 as well as OWASP), we will focus on how these standards may be generalized and applied beyond their payment card industry origins.

    The Need for IT Compliance Research and Education

    Presented by Victor N. Berlin, Ph.D.

    The absence of empirical research in the IT compliance sector, especially as it relates to PCI, underscores a major vulnerability in the field. Organizations must conduct systematic PCI Compliance research and education in order to systematically test, review and disseminate results about PCI compliance practices. Such research and education will ensure a continuing aggregation of reliable knowledge about PCI Best Practices.. Without this knowledge, managers and executives will be forced to "fly by the seat of their pants" and PCI attaining compliance objectives will be "hit or miss."

    Research based training and education ensures that methods and techniques provided to executives and managers will produce reliable results. Furthermore, such research ensures organizations understand the limitations of any recommendations.

  • Comparing and Contrasting European and U.S. Approaches

    March 21st, 2007, (60 minutes)

    Chrisan Herrod, Vice President of Compliance Solutions at Scalable Software and former Chief Security Officer with the SEC, will team up with Paul Neale, Executive Vice President of DOAR Litigation Consulting, a litigation-consulting firm based in the U.S. with clients worldwide, and Quentin Archer, a Partner at the London-based law firm Lovells, to summarize and discuss key issues relating to Compliance Management in the U.S. and Europe.

    During the last months of 2006, Scalable Software, Compliance Spectrum and IT Compliance Magazine conducted extensive research in both North America and Europe. This webinar will focus on sharing the findings that were garnered during this extensive research.