As organizations continue to move to the cloud, security concerns are playing an important role in selecting a cloud service provider. Achieving compliance in the cloud can be a daunting experience, especially as it pertains to determining whose responsibility it is to address cloud computing regulations and requirements, and to ensure security.

In this webinar, A-LIGN’s Director of Cyber Risk and Privacy, Petar Besalev, will discuss the evolving cloud computing environment, outline the top cloud compliance challenges, and guide organizations through the appropriate compliance audits and requirements.

In this webinar Petar will uncover:

• The cloud computing environment, highlighting security and compliance challenges
• The compliance risks between the cloud provider and customer
• Review the advantages and disadvantages of different audit options

With the effective date of February 1, 2018, service providers must now adhere to the new PCI DSS Version 3.2 requirements.

To help prepare for these new service provider requirements, A-LIGN’s Senior Manager, Dustin Rich, will review the new PCI DSS 3.2 requirements including the segmentation testing requirements, outline how these changes might affect your organization, and provide actionable steps to ensure your PCI DSS compliance in 2018.

In this webinar, Dustin will examine industry trends, updated requirements, and best practices, as well as:

  • Review the recent changes and applicability of new requirements for Service Providers
  • Discuss the key differences between penetration testing and segmentation testing and applicable scenarios
  • Provide guidance on how to prepare for validation this coming year and meet the new requirements

As the cybersecurity landscape evolves and data breaches become more frequent, it’s imperative organizations demonstrate and maintain the security of their information. To accommodate these emerging challenges, the AICPA developed SOC for Cybersecurity, an examination designed to help organizations manage cybersecurity threats through effective processes and stringent controls to identify, respond, and recover from security breaches.

In this SOC for Cybersecurity webinar, A-LIGN’s Managing Consultant, Leigh Allen will examine industry trends citing emerging risks, outline potential pitfalls and provide steps for compliance, as well as:

  • Review the history of cybersecurity attacks
  • Analyze the consequences of noncompliance
  • Outline steps to mitigate the emerging cyber risks
  • Demonstrate controls using SOC for Cybersecurity

pci-compliance-for-higher-education

As Universities gear up their compliance initiatives for 2018, A-LIGN’s Senior Manager, Dustin Rich, will discuss PCI compliance for higher education, addressing the key compliance challenges and changes within institutions for 2018.

In this webinar, Dustin and Greg will examine industry trends as they apply to education institutions, citing emerging risks, new technologies and updated industry requirements that make PCI DSS compliance necessary, as well as:

  • Review the changes, deadlines, and applicability of new requirements such as SSL and multi-factor authentication
  • Discuss the key differences between SAQ’s A vs. A-EP and applicable scenarios
  • Provide best practices for annual reporting to the acquirer in the multi-mid environment

The deadline for organizations to comply with the General Data Protection Regulation (GDPR) is May 25, 2018. Are you prepared?

Aimed at enacting strong consumer protection laws, the GDPR affects any organization that processes or handles the information of European Union citizens.

A-LIGN Director of Security Services, Petar Besalev, and SpringCM VP of Operations Chris King will discuss the data privacy and security environment, review the requirements set within the GDPR, and discuss compliance options for your organization.

In this webinar, Petar and Chris will cover the following:

  • What is GDPR and how it impacts your organization
  • Discuss ways to achieve GDPR compliance
  • Review benefits of GDPR compliance to building global relationships
  • Detail the effects of noncompliance

hitrust-csf-v9-webinar

With the release of HITRUST CSF v9 expected in late August/early September, A-LIGN Managing Consultant and HITRUST CCSFP, Blaise Wabo, will discuss the latest evolution of the HITRUST CSF. This update will feature a number of changes including the expansion of the framework and the ability to comply with NIST Cybersecurity Framework with this version.

In this webinar, Blaise will address the healthcare risk environment, citing the emerging trends and technologies that make standards like HITRUST necessary, review the incorporation with guidance such as the FFIEC Information Security Examination Handbook, and observe how HITRUST can be used to support regulatory need.

In this webinar, Blaise will:

  • Address the changes in HITRUST CSF v9 and how to prepare for those changes
  • Review the standards incorporated into v9 and discuss their value for organizations
  • Analyze the anticipated changes in HITRUST CSF v9.1 and how it will affect your business

Financial institutions (FIs) continue to rely on technology service providers (TSPs) to provide or enable banking functions. In response to this move, the FDIC has created guidance to more-clearly supervise FI contracts with TSPs as they relate to business continuity planning, as well as responding to and reporting on cybersecurity incidents. In response to the guidance released in Technology Service Provider Contracts with FDIC-Supervised Institutions, A-LIGN President, Gene Geiger, is conducting an informative webinar that covers business continuity and disaster recovery. He will discuss how to develop a business continuity plan, the guidelines established for incident response programs, and the risk management responsibilities that FIs must assume.

Join Gene as he covers the following topics:

  • Results of the FDIC’s evaluation of the relationship between FIs and TSPs
  • Guidance requirements set by the FDIC regarding FIs and TSPs
  • Overview of how to implement these changes

The deadline for organizations to comply with the General Data Protection Regulation (GDPR) is May 25, 2018. Are you prepared for GDPR compliance? Aimed at enacting strong consumer protection laws, the GDPR affects any organization that processes or handles the information of European Union citizens. A-LIGN Director of Security Services, Petar Besalev, will discuss the data privacy and security environment, review the requirements set within the GDPR, and discuss compliance options for your organization.

In this webinar, Petar will cover the following:

  • Define GDPR
  • Discuss the ways to achieve GDPR compliance
  • Review the benefits of GDPR compliance to build global relationships
  • Detail the effects of noncompliance

Any SSAE 16 report with an opinion dated on or after May 1, 2017, will be issued under the new SSAE 18 standard. But what does it mean for SSAE 16 engagements that your organization has previously conducted? SOC Manager, Stephanie Oyler, discusses how the upcoming change will affect your organization, address how to gain efficiencies through your audit, and observe the differences between SSAE 16 and SOC 1/SSAE 18.

Join Stephanie as she covers the following topics:

  • How to prepare for your upcoming SSAE 18 assessment
  • What are the differences between SOC 1, SSAE 16 and SSAE 18
  • How to use SSAE 18 to improve your risk posture

Do you and your employees know how to defend against social engineering? As hackers become increasingly savvy at breaking into accounts through social engineering, organizations need to better understand how to avoid becoming another target. A-LIGN President, Gene Geiger, provides examples of recent social engineering attacks, identifies the types of social engineering attacks that your organization could face, and discusses the different security assessments that your organization can conduct to protect your business.

Join Gene as he covers the following topics:

  • Examples of social engineering
  • Real-world case studies of successful social engineering attacks conducted by A-LIGN’s penetration testers
  • How to prevent social engineering attacks from being successful