This webinar on information security compliance will help you understand and adhere to PCI DSS, HIPAA, GLBA and other key regulations. It will show how you can reduce costs associated in implementing information security compliance.

Description
Why Should You Attend:

Many business leaders and IT managers believe they are in compliance with all the information security regulations affecting them. That may be true but at what cost to the organization? Being compliant in a defensive context and proactively managing compliance as an ongoing business process are very different from one another.

Unfortunately, more organizations do more of the former and aren't sure how to do the latter. Reducing the costs of ongoing information security compliance requires everyone speaking a common language within the organization, utilizing the proper tools and managing information security at a high enough level to reasonably satisfy all the regulations at once.

This webinar will focus on proven strategies and practical steps that can be implemented to manage and reduce costs associated with information security compliance

Areas Covered in the Seminar:

Defining compliance in your business.
Getting the right people involved and accountable.
Reigning in all your requirements.
Looking at the issue from an information risk perspective.
Focusing on visibility and control.
Using tools to automated and help relieve the pain.
Who Will Benefit:

Anyone responsible for the ongoing information security, compliance and IT governance needs within their organizations including:

IT managers and directors
Information security managers and directors
Compliance officers/managers
Internal auditors
Business executives ultimately responsible for compliance
Instructor Profile:

Kevin Beaver, CISSP, is an independent information security consultant, author, professional speaker and expert witness with over 22 years of experience in IT. He focuses his work on performing information security assessments related to compliance and minimizing business risks. Kevin has authored or co-authored nine books on information security including the highly successful ethical hacking book Hacking For Dummies as well as The Practical Guide to HIPAA Privacy and Security Compliance.

In addition to his books, Kevin writes and produces the Security on Wheels audio programs providing security learning for IT professionals on the go. He is also a regular columnist and information security advisor for various TechTarget websites including SearchCompliance.com, SearchWinIT.com, and SearchWindowsServer.com as well as Security Technology Executive magazine. Kevin earned his bachelor's degree in Computer Engineering Technology from Southern College of Technology and his master's degree in Management of Technology from Georgia Tech.

Encryption of data-at-rest is no longer an optional exercise. Increasingly mobile enterprise data combined with accelerating privacy & data breach legislation is driving significant risks and costs into the loss or theft of sensitive data and personally identifiable information (PII) on laptops and devices attached to those laptops.

What are the standards for protecting data-at-rest and how do they apply? What are the available options for encryption and how do they rank? Where does the legislation intersect with the technology? What are the risks and challenges in deploying encryption across an enterprise? What else should you encrypt besides your laptops?

This interactive presentation will answer these questions and more from the viewpoint of industry analyst and security guru Rich Mogull. Rich will share his unbiased viewpoints and opinions about the endpoint encryption market, drivers and key requirements. Following Rich’s session, Joseph Belsanti of WinMagic will offer real-world insights, customer deployment scenarios and product information from an encryption software vendor that offers highly-certified government-grade encryption solutions.

Key takeaways:
- Why you really, really should encrypt your laptops (and what else you should encrypt).
- What to consider in choosing an encryption solution that is right for you.
- Which regulations are relevant and how they apply to encryption technology.
- How to approach enterprise deployment to ensure success and compliance.
- Where human error can put you at risk with encryption and how to avoid it.

Part 1 of this presentation will provide you with fundamental knowledge required to create an internal penetration testing program for your organization.

It will answer questions such as

* Why do I need to perform internal penetration testing?
* What systems and applications should I be testing?

We will cover getting permission, how to best work with your system and network administrators, goals of testing, and defining rules of engagement and scope. Tips and tricks will be offered, including using Nmap for host identification and enumeration, scripting Nmap using the Nmap Scripting Engine for more advanced testing, and using ndiff to compare Nmap scan results.

Employee loss, belt tightening,and budget cuts, are all part of surviving an economic downturn. Attend this seminar on avoiding data loss during these times of increased focus on competitiveness and efficiency.

Richard Stiennon will deliver an explicit discussion of the devastating data loss incidents that could have been prevented with good device controls.