Webinar Archive

Virtualization: Security and Compliance Considerations

Dave Shackleford
Director, CP&C, Configuresoft

Virtualization has become a widely adopted technology that allows you to save money, increase operational efficiency and reduce energy consumption. However, these important benefits also come with a management cost. As you virtualize the environment, the rate of change and complexity increases dramatically due to the many interdependencies between guests and hosts and then exponentially as VMotion and DRS dynamically optimize the virtual landscape. This increased complexity introduces security and compliance considerations that must be addressed to fully realize the potential of virtualization.

Join Dave Shackleford, Director of Configuresoft's Center for Policy and Compliance (CP&C), former CTO at the Center for Internet Security (CIS) and co-author of the CIS Benchmarks for VMware ESX, as he discusses the security and compliance challenges introduced by virtualization.

• Learn about the security and compliance challenges posed by virtualization
• Gain increased knowledge of hardening guidance available
• Learn the impact of VMotion and how this affects compliance in your environment
• Identify steps you can take to ensure success with your virtualization project

PCI Essentials - What You Need to Know

Dave Taylor
Founder, PCI Knowledgebase
Chris Rallo
PCI Product Manager, Configuresoft

Learn from industry leading PCI analyst Dave Taylor, as he discusses the current state of PCI compliance. Dave reveals what separates the leaders from the laggards when it comes to PCI compliance and best practices to achieve continuous compliance.

Dave is followed by Chris Rallo, PCI Product Manager at Configuresoft. Chris discusses achieving continuous compliance in a dynamic environment and how mere checklist-based approaches have resulted in security breaches. Chris and Dave also discuss what to expect from the PCI 1.2 release from the PCI Security Standards Council in September/October of 2008.

Listen to this educational webinar to learn:

• Best Practices from leading merchants, service providers and PCI assessors based on 100+ hours of interviews.
• Differences between compliance and security and how to manage the PCI compliance of your service providers.
• Lessons learned from merchants. Don't repeat these mistakes!
• How to integrate PCI programs with broader security and compliance efforts.
• What's coming in the PCI 1.2 release.

Successfully Maintain PCI IT Audit Readiness

Dave Shackleford
Director, CP&C, Configuresoft

With the increased dynamic nature of your IT organization due to virtualization, are you confident that you are PCI DSS compliant?

Even if you are PCI DSS compliant, are you confident your organization wouldn't suffer a data breach?

Dave Shackleford, Director, Center for Policy & Compliance (CP&C) for Configuresoft and PCI Security Vendor Alliance Board Member shares his insights on:

• Best practices for succeeding in your PCI DSS Compliance program
• Impact of Virtualization on PCI DSS compliance
• Advice for migrating from a paper/checklist approach to continuously monitoring for system changes
• Leveraging CP&C Compliance Toolkits to automatically translate regulations and standards and map to security controls
• Ensuring continuous compliance for both physical and virtual environments

Achieve IT Effectiveness Through Analytics

Dennis Drogseth
Vice President - Enterprise Management Associates
Sateesh Narahari
Director - Configuresoft

Manually analyzing the IT configuration data, change logs, patch levels across servers is nearly impossible for IT staff who are supporting more servers per staff than ever before. However, there is a greater need to understand which configurations are at risk for vulnerabilities, what changes are causing most problems, and which IT assets are most expensive to support. The result is that IT staff is often overworked and makes decisions based on gut feel than on real data.

Enterprise Management Associates (EMA) Vice President Dennis Drogseth, a leading analyst in IT service management shares his insights on how IT can address these challenges.

Dennis is followed by Sateesh Narahari, Director with Configuresoft, who discusses Configuration Intelligence Analytics from Configuresoft and how it can help organizations master the challenge of analyzing massive amounts of IT configuration, change and patch data.

Learn how to:

• Produce IT scorecards that drive business decisions
• Measure Key Performance Indicators
• Make your change management more effective
• Increase operational effectiveness
• Measure your current security, audit and compliance levels

Securing and Managing Virtual Environments

Andi Mann
Research Director - Enterprise Management Associates
Andrew Bird
Vice President - Configuresoft

Andi Mann, Research Director with Enterprise Management Associates (EMA) reviews:

• Current state of virtualization
• Problems that enterprises face while deploying and managing virtualization
• Tips for succeeding in your virtualization projects

Andrew Bird, Vice President with Configuresoft discusses how customers use Configuresoft Enterprise Configuration Manager (ECM) to solve the control, compliance and security problems in virtualized environments.

How Companies Are Achieving PCI Compliance

David Taylor
President - PCI Alliance
Chris Rallo
PCI Product Manager - Configuresoft

David Taylor shares his insights on:

• Latest research from the 2008 PCI Knowledge Base interviews with Level 1 and 2 merchants on the success of PCI compliance across the industry
• The inconsistency between "initial PCI compliance" and ongoing "operational compliance"
• Best practices for succeeding in your PCI Compliance Program

Dave is followed by Chris Rallo, PCI Product Manager with Configuresoft, who shares how merchants are using automation to achieve a sustainable PCI compliance by:

• Implementing a continuous process of discovery, analysis and remediation of non PCI-compliant devices
• Leveraging out-of-the box, proven Compliance Toolkits with actionable content

PLAN-DO-CHECK-ACT: Closing the Loop on Change

Audrey Rasmussen
Analyst - Ptak, Noel & Associates
George Gerchow
Technology Strategist - Configuresoft

Today's IT change management tools and processes focus primarily on the change approval and implementation processes. However, these solutions fail to close the loop and reconcile the physical changes with the change management process and evaluate the effects of the implemented change.

The challenge for IT is visibility into and control of "invisible", ad-hoc or unplanned changes that bypass the approval process.

• Understand how linking Configuration and Change Management processes improves overall enterprise and component systems availability, security and policy compliance
• Be able to verify the four organizational benefits of closing the loop on change
• Be able to apply reconciliation and audit verification to measure the effectiveness of your change management process

The Webinar provides real-world examples of improved availability, security, and policy compliance achieved by closing the change loop. It features effective approaches and proven best practices to improve the overall change management process.

ITIL V3: Creating a Pragmatic Implementation Plan

Rick Giesinger
ITIL Service Manager/EDS Process Consultan, EDS
George Gerchow
Technology Strategist, Configuresoft

The verdict is in. With a focus toward continuous improvement, acceptance of a federated CMDB model and an integrated service lifecycle approach to IT Service Management, the move to Version 3 is essential to a successful, practical ITIL adoption in today's world.

BUT...How will changes in V3 affect your current ITIL program or plans for implementation over the next year and beyond?

In this, the second of a two part series, webinar attendees will learn how to define a pragmatic, actionable plan for implementing V3. Please join us for the following:

• Recap the first webinar and highlight the key differences between Versions 2 and 3
• Identify changes, tasks and other organizational considerations required to update your V2 plan to V3
• Understand how to leverage existing IT investments to accelerate ITIL V3 implementation
• Learn about the latest educational programs available for V3 certification

Guidance and Strategies for Adopting ITIL V3

Rick Giesinger
ITIL Master, Service Manager, EDS
George Gerchow
Technology Strategist, Configuresoft

On May 30th of this year, the Office of Government Commerce (OGC) released V3 of ITIL. Eight years after the V2 process-based practices were released, there is now a greater focus on the strategic importance of IT within an organization and on continual improvement. One key difference is the acknowledgment that processes alone are not enough to guarantee service management enhancement. How will ITIL affect your current program or plans for implementation over the next year and beyond?

In this webinar, you will:

• Learn the key differences between V2 and V3
• Understand how linking ITIL best practice recommendations with operational configuration management is the key to making ITIL processes more effective and efficient
• Gain insight into how continual service improvement is made possible through ITIL V3 and Configuration Intelligence™
• Understand how to continue upon an effective certification path to execute upon V2 AND V3 initiatives

Securing Complex Virtualization Environments

Andi Mann
Senior Analyst, EMA
Dennis Moreau Ph.D.
CTO, Configuresoft

Virtualization technologies hold the promise of reduced cost and increased agility; however Virtualization also introduces new complexities and security risks that must be addressed to bulletproof the corporate IT infrastructure.

In this Webinar, you will:

• Hear why virtualization has moved to the top of 2007 IT priorities for achieving business alignment
• Understand the barriers that are slowing adoption and increasing organizational security compliance risk
• Learn best practices for overcoming the two major barriers, security and complexity, to achieve a secure, manageable virtualization fabric

The Webinar also provides real-world examples of security, compliance and management complexity introduced by the deployment of virtualization. It features effective approaches and proven best practices to manage virtualised environments.

Accelerating ITIL Delivery Times

Jean-Pierre Garbani
Senior Analyst, Forrester
George Gerchow
CP&C Technology Strategist, Configuresoft

Organizations face enormous challenges in rapidly and effectively deploying ITIL processes and ensuring security policy compliance across complex and dynamic IT infrastructures.

Linking ITIL best practice recommendations with operational configuration management is the key to making ITIL processes more efficient and effective.

The discussion provides real-world examples of how organizations can harness operational configuration information to improve the OVERALL efficiency and effectiveness of ITIL IMPLEMENTED processes.

Complying with OMB M-07-11 – An Approach for Continuously Assuring Security Configurations

Time is running out for submitting your plan to comply with the OMB Directive M-07-11. Planning and implementation of the standard is the easy part, maintaining it over time is the real challenge.

Join Configuresoft as we help you understand the impact of the directive on your organization and how to develop a continuous, enforceable approach for complying with NIST, DoD and DHS Security Configurations over time.

Assuring PCI DSS Compliance

Duane Thayer
Infrastructure Manager, TSYS iSolutions
Chris Farrow
Director, Center for Policy & Compliance, Configuresoft

This webinar offers practical advice for successfully achieving ongoing PCI compliance. Implementing a continuous, automated approach to compliance has proven to be the secure method for minimizing exposure to data breaches and lowering onsite security and audit costs.

The webcast will help you:

• Understand the Gap: Quickly identify and document today's areas of PCI 1.1 non-compliance
• Implement the Solution: Employ continuous assessment and automated remediation to remove the gap
• Automate the Audit: Provide immediate audit reports and access to internal IT auditors and external Security Assessors
• Justify the Expense: Measure the secondary security and IT efficiency effects across your organization

What's New in PCI 1.1 - No "Easy Out" for Merchants

Chris Farrow
Director, Center for Policy & Compliance, Configuresoft

Amid all of the buzz surrounding the new PCI restrictions, the risk of fines and losing card privileges, it's easy to confuse details about who must comply, by when and how the requirements are structured. Add to that, loss of customer and public trust due to data breaches is the biggest risk of all.

		Download a complimentary copy of the PCI 1.1/1.0 Comparison for your reference.

What's New in PCI 1.1 - No "Easy Out" for Merchants

Chris Farrow
Director, Center for Policy & Compliance, Configuresoft
Dr. David Taylor
VP, Data Security Strategies, Protegrity

A one hour webcast on the PCI 1.1 standards highlights and explores:

• Changes between PCI 1.0 and 1.1
• Operational and security implications of the PCI 1.1 changes
• Detailed technical, business and project management implications to implement PCI 1.1

IE is required to view the recording. No key is required.

Emerging Data Privacy & Security Laws

Chris Farrow
Director, Center for Policy & Compliance, Configuresoft
Dr. David Taylor
VP, Data Security Strategies, Protegrity

New laws regarding data security come with greater penalties if you or your organization is found negligent.

• Listen to real world customer examples that apply to your business
• Obtain metrics to build a case for a continuous program to measure and manage data asset value
• Understand the impact of regulatory compliance on data asset value and enterprise risk management

IE is required to view the recording. No key is required.

Making the Leap from Policy to Compliance in Four Steps

Khalid Kark
Senior Analyst, Forrester
Dennis Moreau
CTO, Configuresoft

Join Forrester Research Security Analyst Khalid Kark and Configuresoft CTO Dennis Moreau to learn how organizations have harnessed operational configuration information to improve security policy compliance alignment and enforcement. Hear about real-world examples that will help your organization:

• Define effective organizational policies
• Enforce policies across complex, heterogeneous IT infrastructures
• Ensure ongoing compliance in dynamic enterprises

RSA Conference 2006

Configuresoft's Dr. Dennis Moreau discusses why Configuresoft joined the SecureIT Alliance.

"The SecureIT Alliance represents an opportunity to be able to open up communications, not just with Microsoft, but among the participants in the alliance to be able to look at fundamental issues in achieving better IT security on the Microsoft platform."

Microsoft Webinar Series

Making Sense of Compliance

Becoming compliant with such programs as Sarbanes-Oxley or HIPAA involves gathering, transferring, housing, and delivering digital assets to authorized users. Does your process account for the need to help keep documents and critical information private and secure? Please join Configuresoft's Center for Policy & Compliance Director, Chris Farrow as he joins fellow industry experts in discussing " Making Sense of Compliance."

To learn more about how you can help safeguard your data at every stage of your compliance process, view the recorded webinar (requires registration).