News

October 29, 2008, (60 minutes)

PCI DSS V1.2 is here! With the release of PCI DSS V1.2 on October 1, the industry standard for protecting credit card and other sensitive data has shifted into a new gear. What changes do you need to plan for? How can you quickly implement these changes in your compliance process?

In this webinar, you will learn the primary changes included PCI DSS V1.2 and how you can use Spectra to quickly and easily incorporate these new requirements into your compliance process.

Spectra gives you a quick start on updating your compliance strategy to meet the new PCI V1.2 requirements. Steve Helwig, Compliance and Policy Analyst will review the PCI v1.2 changes and Dan Hoffmann, Director of Product Management, give you a tour of Spectra PCI support and demonstrate the easiest way to get to IT compliance with PCI.

Key benefits:

Find out how PCI V1.2 may change your current compliance strategy
See how easily Spectra maps PCI DSS requirements to ISO 27002 standards
See how easy it is to combine your PCI DSS work with your work for SOX, HIPAA, and other regulations
Learn tips and tricks to get the most out of Spectra's PCI support

Speakers:
Steve Helwig—Compliance and Policy Analyst, Compliance Spectrum
Dan Hoffman—Director of Product Management, Compliance Spectrum

Listen Now

June 25, 2008, (62 minutes)

Dr. David Taylor, CISSP, Founder of the PCI Knowledge Base and Research Director of the PCI Security Alliance

In the case of Hannaford, a retailer which was PCI compliant and still got breached, demonstrates that much more is needed, beyond basic PCI compliance, in order to have a secure enterprise. This webinar draws on research from the PCI Knowledge Base, including over 100 hours of anonymous, personal interviews with merchants, PCI assessors, banks, card processors and technologists, to identify and quantify what leading companies are doing, beyond basic compliance. The goal is to provide a set of guidelines and best practices for how to bridge the gap between compliance and securing the ecosystem.

Topics covered in the webinar will include:

The top 5 vulnerabilities which remain, even after a company is PCI compliant
The 5 most important tools you can implement at a reasonable cost
The top 5 persistent procedural problems that permeate compliant companies

Speaker:
Dr. David Taylor, CISSP, Founder of the PCI Knowledge Base and Research Director of the PCI Security Alliance

Listen Now

January 23, 2008, (60 minutes)

Sanjay Anand, Chairperson of the SOX Institute and Chrisan Herrod, Executive Editor of The Compliance Authority

The Compliance Authority and SOX Institute issued a GRC benchmark survey in March 2008 to 1000's of compliance professionals and practitioners that resulted in more than 450 completed surveys. The survey objective is to establish an industry benchmark for compliance programs, priorities and spend. The benchmark results will be discussed in this free webinar sponsored by Compliance Spectrum.

The webinar will take the form of a panel discussion featuring Sanjay Anand, Chairperson of the SOX Institute, and Chrisan Herrod, Executive Editor of The Compliance Authority. Anand and Herrod will discuss the survey responses and implications for compliance professionals and their respective programs. Moderating the event will be John Engel, Director of Marketing at the SOX Institute.

The survey represents a strong cross section (industries, company size, roles) of the compliance market and presents a balanced picture of the current state of compliance programs. The results offer webinar participants peer-level insight into the current state of compliance programs, including:

Regulatory priorities
Compliance program costs and budget expectations
Barriers to implementing a successful compliance program
Approaches to reducing the cost of compliance
Tools utilized to automate the compliance process

Listen Now

January 23, 2008, (60 minutes)

Join Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Chrisan Herrod, Managing Director, IT Compliance Magazine

There is a need and recognition of the fact that IT is no longer just an afterthought (or a neverthought!) in business today. Businesses are highly dependent upon IT, and not just for reasons of efficiency and productivity but also for competitive and viability reasons as well. This presentation will focus on these aspects of IT in the context of Governance, Risk and Compliance (GRC). As IT makes its way into the Boardroom, however, it can serve a more valuable purpose within the organization. Specifically, IT can be used to better integrate the organization as a whole, can be used to align various parts of the organization, can be used to proactively compete in an ever-changing and more aggressive competitive landscape, and can even drive corporate strategy in technology-dependent companies and industries.

Historical view of IT
Current/changing view of IT
Traditional Role of IT in the Backroom
How IT is Making Its Way into the Boardroom
Roles and Responsibilities of board members for IT
Recommendations for How to Integrate IT in the Boardroom
General Definitions and concepts of IT Alignment and IT Strategy
IT Governance in the Context of IT Compliance and IT Risk Management

Listen Now

November 8th, 2007, (66 minutes)
Join Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Victor N. Berlin, Ph.D., President, University of Fairfax

What is the difference between IT Compliance and IT Governance
Learn how to move to an IT Governance Model for your Organization
Develop an integrated approach to IT Risk using a governance model
Learn how to assess ROI for IT compliance
Explore the data surrounding ROI for automating IT Compliance

Listen Now

October 4th, 2007, (48 minutes)
Join Rob Ayoub, Industry Manager, Network Security Technologies, Frost & Sullivan and Victor N. Berlin, Ph.D., President, University of Fairfax as they address:

Software Engineering Practices Relating to IT Governance and Compliance Today
Testing and Assessing Best Practices in IT Compliance Automation: An Action Research Program

Listen Now

June 21, 2007
The Role of PCI DSS
Presented by: Dr. David Taylor, CISSP
One of the most costly errors that large enterprises make is to manage compliance on a "regulation-by-regulation" basis. Despite the emergence of compliance reporting tools that cross all major laws, regulations and standards, the majority of organizations we've consulted with do not have a funded "Compliance Officer" role or organization and manage by what can only be called the "checklist approach."

This Webinar will examine the commonalities among the major laws, regulations and standards and suggest some specific technologies, processes and management strategies that can save a large organization both money and time. Because we have found the comprehensiveness of the Payment Card Industry Data Security Standard (PCI DSS) to be an effective "best of breed" set of standards (as it's based on ISO 27001/27002 as well as OWASP), we will focus on how these standards may be generalized and applied beyond their payment card industry origins.
Listen Now

March 21st, 2007, (60 minutes)

Chrisan Herrod, Vice President of Compliance Solutions at Scalable Software and former Chief Security Officer with the SEC, will team up with Paul Neale, Executive Vice President of DOAR Litigation Consulting, a litigation-consulting firm based in the U.S. with clients worldwide, and Quentin Archer, a Partner at the London-based law firm Lovells, to summarize and discuss key issues relating to Compliance Management in the U.S. and Europe.

During the last months of 2006, Scalable Software, Compliance Spectrum and IT Compliance Magazine conducted extensive research in both North America and Europe. This webinar will focus on sharing the findings that were garnered during this extensive research.
Listen Now