Presented by Bill Wildprett
This webinar will demonstrate how we use our Security Process Management Suite (SPM) to assemble and analyze information to conduct an IT General Controls risk assessment in general and specifically, in this case, a HIPAA/HITECH IT risk assessment. We’ll begin by exploring how to use Compliance Communicator (new to our SPM suite) to determine control gaps and then how to use these in Risk Communicator to build a risk profile and remediation projects.
There are no slides for this webinar.
How To Assess Risk: for Compliance or for Improving Business Decisions
PCI, GLBA, HIPAA, NERC, ISO, FISMA, NIST CSF, etc. Every security standard requires a process to assess risks. This session provides a how-to walkthrough applying case-study examples. We'll focus on building a risk assessment process that's simply optimized to comply with regulations versus a process to improve business decisions to operate within acceptable risk tolerance. Download the slides below.
Achievable Security: Building Security into Development
Join John as he shares his knowledge on the importance of building security into development. "You simply can't test security into a web application. My goal today is to share with the audience what 15 years of secure development experience has taught me about building security into application development. - Building secure code is almost as easy as building insecure code. It just takes tools, skills, and some light processes to make it happen." He will discuss SDL training, design, requirements, and much more. Learn more about John here. Download the slides below.
Building A Security Metrics Program
There is no recording from this session, however you can download the slides below.
"Our goal is to motivate teams to improve or begin a metrics program. The audience will come away with actionable tasks, specific metrics, and real-world stories of how to avoid some of the pitfalls we've encountered." Jared said when interviewed for the BSides presentation. Together Jared and John have over 40 years of experience in the information technology/security industry. Learn more about John and Jared here. Due to technical difficulties, there is not a recording of this presentation, but you can download the slides below.