Webcast presented by: Randy Franklin Smith and Jason Remillard
Feb. 18th, 11:00 am EST
Data and access governance is wide-reaching but too often I see companies giving their governance efforts to narrow of a scope, which results in new gaps and risk findings showing up in audits and assessments as regulators and auditors make successive passes. Many organizations feel like auditors just make up new requirements each time they come through. I think the reality is more a product of 3 dynamics:
- IT Management tends to define requirements and scope reactive to auditor risk findings.
- Auditors have limited hours for each audit and can only look at so much. When they do repeat audits they can quickly recover the ground covered last time – leaving time to look deeper/wider this time around.
- Auditors tend to get training each year for new areas/technologies of your network to look at.
In this webinar we are going to take a look at Data and Access Governance from the top level and attempt to identity all the bases you need to cover and several different dimensions, including:
- Technology components
- End-user access
- Privileged access
- External user access
- Identity management
- Audit trails
- Security of data at rest and in motion
- Configuration control
This webinar isn’t intended to be a complete guide for a Corporate Information Security department because there are still plenty of infosec areas outside the scope or at least peripheral to Governance like anti-malware, APTs and intrusion prevention systems.
