Governance, Risk & Compliance (GRC)

Events

Views Navigation

Event Views Navigation

Today

    • Mapping What Matters: Risk Management That Drives Business Impact

    Despite growing investments in cybersecurity, many organizations still struggle to reduce real risk. Why? Because dashboards don’t reduce risk—action does. To reduce real risk, organizations must operationalize cyber risk strategies—prioritizing action over reporting, and aligning security efforts with measurable business outcomes. Topics include: • Making cyber risk visible, measurable, and relevant to business leaders • Linking asset visibility to business-critical risk decisions • Moving from reporting risk to actively reducing it—at scale Learn how to operationalize your risk strategy to prioritize action, align security with business outcomes, and turn visibility into measurable impact.
    Topics:
    , , ,

    Shadow Data, AI Pipelines, and the 802,000 Files You’re Oversharing Right Now

    The average organization has more than 800,000 data files at risk from oversharing, erroneous access permissions, and inappropriate classification. That number is climbing as AI pipelines generate and ingest data faster than any manual classification effort can keep up. Half of all enterprise workloads are now cloud-based, and the rise of AI is accelerating data creation without guardrails or oversight. The result is shadow data: sensitive information scattered across environments that security teams cannot see, classify, or protect.

    Traditional data security strategies assume that most data lives in known locations with defined access controls. That assumption broke years ago. Today, 90% of business-critical documents are shared outside the C-suite, AI models are training on datasets that may contain PII or intellectual property, and unstructured content is multiplying across SaaS, cloud storage, and collaboration platforms.

    Regaining control requires visibility and coordination across data discovery, classification, access governance, and data protection controls – from DSPM and DLP to SaaS security and AI data governance.

    Topics include:

    • Discovering and classifying sensitive data across cloud, SaaS, and AI environments
    • Addressing the shadow data problem created by AI-driven data proliferation
    • Reducing oversharing risk through automated access governance and posture management

    Join us to learn how organizations are regaining visibility and control over data they did not know they were exposing.

    Topics:
    , , , , ,

    Two People Managing 300 Vendors: Why Your TPRM Program Is Running on Willpower

    Nearly three-quarters of organizations have two or fewer full-time employees managing vendor risk, even though more than half oversee 300 or more third-party relationships. Close to half experienced a third-party cyber event in the past year. The math does not work, and most TPRM teams know it. They are running on spreadsheets, manually chasing questionnaire responses, and conducting annual assessments that produce a point-in-time snapshot of a continuously changing risk surface.

    Regulatory pressure is intensifying at the same time. Two-thirds of institutions face demands to enhance their TPRM programs, and frameworks like DORA and updated SEC disclosure requirements are raising the stakes for third-party oversight. The gap between what regulators expect and what lean TPRM teams can deliver is widening.

    Closing that gap requires coordination across assessment automation, continuous monitoring, risk intelligence, and third-party visibility platforms to scale coverage without scaling headcount.

    Topics include:

    • Automating vendor risk assessments to scale coverage without scaling headcount
    • Moving from annual questionnaires to continuous third-party monitoring
    • Prioritizing vendor oversight based on actual risk rather than treating all vendors equally

    Learn how resource-constrained TPRM teams are closing the gap between regulatory expectations and operational reality.

    Topics:
    , , ,

    • AI Regulations Are Moving Faster Than Your Compliance Framework. A Practical Catch-up Plan.

    The EU AI Act is in effect. NIST and ISO frameworks are expanding to cover machine identity hygiene and AI decision-making transparency. The SEC now requires public companies to disclose material cybersecurity incidents within four business days. And most GRC teams are still operating frameworks that were designed for a slower, more predictable regulatory cycle. The gap between what regulators expect and what compliance programs can deliver is growing with every new mandate, and AI adoption across the enterprise is accelerating the timeline.

    This is not just a documentation problem. AI introduces compliance challenges that existing GRC workflows were never designed to handle: models trained on data with unclear provenance, automated decisions that need audit trails, and AI deployments that span business units with no centralized oversight. Addressing this requires coordination across GRC platforms, data security tooling, AI governance solutions, and risk quantification approaches to build programs that keep pace with regulatory change. Organizations that treat AI governance as a future initiative rather than a current requirement are accumulating risk that becomes harder and more expensive to remediate with each quarter that passes.

    Topics include:

    • Mapping current GRC frameworks against emerging AI-specific regulatory requirements
    • Building audit trails and governance structures for AI-driven decisions and data usage
    • Moving from periodic compliance reviews to continuous assurance models

    Join us for a practical look at how GRC teams are updating their programs to keep pace with the regulatory demands of enterprise AI adoption.

    Topics:
    , , ,

    AI Models Are Trained on Your Sensitive Data. Who's Watching What Goes In and What Comes Out?

    Three-quarters of organizations now run AI in production environments. Ninety-nine percent reported at least one attack on their AI systems within the past year. The data flowing into and out of these models, training datasets, fine-tuning inputs, prompt histories, and generated outputs, represents a category of data exposure that most security programs were never built to monitor. When a large language model is fine-tuned on customer records, internal strategy documents, or proprietary code, the question of who can access what the model learned becomes urgent.

    AI pipelines create data exfiltration paths that blend into legitimate business operations. A model query that returns sensitive information is not a traditional data breach, but the impact can be identical. Addressing this requires coordination across DSPM, DLP, SaaS security, cloud security, and AI data governance platforms to build visibility into what data feeds AI systems, what those systems can reveal through inference, and whether access controls exist at each stage of the pipeline. The data security perimeter has expanded, and the tools designed to protect structured databases and file shares are not sufficient for the unstructured, dynamic data flows that AI depends on.

    Topics include:

    • Gaining visibility into what sensitive data enters AI training pipelines and inference endpoints
    • Extending data loss prevention and SaaS security strategies to cover AI-specific exfiltration vectors
    • Building governance frameworks for AI data flows across development, staging, and production

    Discover how organizations are closing the data security gap created by enterprise AI adoption before it becomes their next breach headline.

    Topics:
    , , , , , ,

    Supply Chain Attacks Are Getting Worse. Your Questionnaire-based TPRM Program Can't Keep Up.

    More than one-third of data breaches now involve a compromised vendor or third party. A single compromised supplier can expose customer data, halt operations, and trigger regulatory penalties. And most organizations are still managing this risk through annual questionnaires and static spreadsheets that produce a snapshot of a vendor's security posture at a single point in time. Between assessments, vendors change their infrastructure, suffer incidents, and introduce new risks that are invisible until the next review cycle.

    The questionnaire model is breaking down from both sides. Vendors are overwhelmed by repetitive, duplicative assessments from every customer, and the resulting delays mean risk teams are making decisions on incomplete data. Meanwhile, regulatory frameworks are raising expectations: continuous oversight, documented remediation, and faster disclosure timelines are becoming standard requirements. Addressing this requires coordination across assessment automation, continuous monitoring, external risk intelligence, and vendor risk platforms to build TPRM programs that match the speed and scale of today's supply chain threat landscape.

    Topics include:

    • Supplementing point-in-time questionnaires with continuous external monitoring and risk intelligence
    • Automating vendor risk assessment workflows to scale oversight without proportional headcount increases
    • Aligning TPRM programs with evolving regulatory expectations around continuous third-party oversight

    Explore how organizations are modernizing their TPRM programs to match the speed and scale of today's supply chain threat landscape.

    Topics:
    , , , ,