Contact Us
home image

Current News
January 22, 2008 Compliance Spectrum Enhances Risk Managment and Reporting
More >>

April 7-11 2008
RSA Conference
San Francisco
More >>

Webinar Series

Speed & Streamline Compliance and Mitigate Risk
Webcast - February 20, 2008

Download Now
Monitoring Log Files for PCI Compliance Whitepaper

The Compliance Authority

Sign Up
Compliance Authority>>


Webinar Archive

Taking IT from the Backroom to the Boardroom!

January 23, 2008, (60 minutes)

Join Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Chrisan Herrod, Managing Director, IT Compliance Magazine

There is a need and recognition of the fact that IT is no longer just an afterthought (or a neverthought!) in business today. Businesses are highly dependent upon IT, and not just for reasons of efficiency and productivity but also for competitive and viability reasons as well. This presentation will focus on these aspects of IT in the context of Governance, Risk and Compliance (GRC). As IT makes its way into the Boardroom, however, it can serve a more valuable purpose within the organization. Specifically, IT can be used to better integrate the organization as a whole, can be used to align various parts of the organization, can be used to proactively compete in an ever-changing and more aggressive competitive landscape, and can even drive corporate strategy in technology-dependent companies and industries.

  • Historical view of IT
  • Current/changing view of IT
  • Traditional Role of IT in the Backroom
  • How IT is Making Its Way into the Boardroom
  • Roles and Responsibilities of board members for IT
  • Recommendations for How to Integrate IT in the Boardroom
  • General Definitions and concepts of IT Alignment and IT Strategy
  • IT Governance in the Context of IT Compliance and IT Risk Management

Top of Page

From IT Compliance to IT Governance: Managing Risk within the IT Organization / Assessing the ROI for IT Compliance: A Systems Approach (Part 1)

November 8th, 2007, (66 minutes)

Join Sanjay Anand, Chairperson, Sarbanes-Oxley Institute and Victor N. Berlin, Ph.D., President, University of Fairfax

  • What is the difference between IT Compliance and IT Governance
  • Learn how to move to an IT Governance Model for your Organization
  • Develop an integrated approach to IT Risk using a governance model
  • Learn how to assess ROI for IT compliance
  • Explore the data surrounding ROI for automating IT Compliance

Top of Page

IT Change and Configuration Management

October 4th, 2007, (48 minutes)

Join Rob Ayoub, Industry Manager, Network Security Technologies, Frost & Sullivan and Victor N. Berlin, Ph.D., President, University of Fairfax as they address:

  • Software Engineering Practices Relating to IT Governance and Compliance Today
  • Testing and Assessing Best Practices in IT Compliance Automation: An Action Research Program

Top of Page

Global Compliance Strategies

June 21, 2007

The Role of PCI DSS

Presented by: Dr. David Taylor, CISSP

One of the most costly errors that large enterprises make is to manage compliance on a "regulation-by-regulation" basis. Despite the emergence of compliance reporting tools that cross all major laws, regulations and standards, the majority of organizations we've consulted with do not have a funded "Compliance Officer" role or organization and manage by what can only be called the "checklist approach."

This Webinar will examine the commonalities among the major laws, regulations and standards and suggest some specific technologies, processes and management strategies that can save a large organization both money and time. Because we have found the comprehensiveness of the Payment Card Industry Data Security Standard (PCI DSS) to be an effective "best of breed" set of standards (as it's based on ISO 27001/27002 as well as OWASP), we will focus on how these standards may be generalized and applied beyond their payment card industry origins.

The Need for IT Compliance Research and Education

Presented by Victor N. Berlin, Ph.D.

The absence of empirical research in the IT compliance sector, especially as it relates to PCI, underscores a major vulnerability in the field. Organizations must conduct systematic PCI Compliance research and education in order to systematically test, review and disseminate results about PCI compliance practices. Such research and education will ensure a continuing aggregation of reliable knowledge about PCI Best Practices.. Without this knowledge, managers and executives will be forced to "fly by the seat of their pants" and PCI attaining compliance objectives will be "hit or miss."

Research based training and education ensures that methods and techniques provided to executives and managers will produce reliable results. Furthermore, such research ensures organizations understand the limitations of any recommendations.

Top of Page

IT Compliance Management: Comparing and Contrasting European and U.S. Approaches

March 21st, 2007, (60 minutes)

Chrisan Herrod, Vice President of Compliance Solutions at Scalable Software and former Chief Security Officer with the SEC, will team up with Paul Neale, Executive Vice President of DOAR Litigation Consulting, a litigation-consulting firm based in the U.S. with clients worldwide, and Quentin Archer, a Partner at the London-based law firm Lovells, to summarize and discuss key issues relating to Compliance Management in the U.S. and Europe.

During the last months of 2006, Scalable Software, Compliance Spectrum and IT Compliance Magazine conducted extensive research in both North America and Europe. This webinar will focus on sharing the findings that were garnered during this extensive research.

Top of Page

Presenter Biographies

Dr. David Taylor, CISSP Dr. David Taylor, CISSP

Dave Taylor created and is the VP of Protegrity's Data Security Strategies consulting group. In addition, Dave is VP of Corporate Development. Dave and his team work with F1000 and midsize enterprises to help them comply with the Payment Card Industry (PCI) Data Security Standards and the various state, federal and international regulations. Protegrity's data security strategies team uses a variety of software tools to help clients analyze their business processes, policies and technical protection of sensitive data assets. Dave's team works with many other security technology firms and certified assessors to help clients achieve PCI DSS compliance.

Dave created and is the President of the PCI Security Vendor Alliance. The PCI SVA is an outgrowth of his activity in building PCI-related partnerships among the vendors focused on PCI DSS compliance. Since the PCI SVA was launched, it has grown to include over 50 PCI DSS product and services firms.

Before joining Protegrity, Dave co-founded and was Chief Research Officer of TIP (, an analyst firm in New York City. Prior to TheInfoPro, Dave spent 14 years with Gartner, where he was Group VP. He created and managed Gartner's Applications Group and Electronic Commerce Strategies service. Prior to Gartner, Dave was a group product manager and software development manager of Unix applications for AT&T and Bell Labs. Among other accomplishments, his team created the email system used by the athletes at the 1984 Olympics.

Dave holds a CISSP credential and has a Ph.D. in organizational psychology from Purdue University. Dave co-authored the book Doing E-Business, published by John Wiley & Sons in December 2000.

Top of Page

Victor N. Berlin, Ph.D.

Victor N. Berlin, Ph.D.

Victor Berlin currently serves as the founding president of the University of Fairfax. At Anteon Corporation, Dr. Berlin launched and directed the Center for IT Education where he forged academic alliances with established graduate and undergraduate institutions. Dr. Berlin served as founding president of Potomac College, which became accredited under his guidance. He has held management positions at NIST and Anteon Corporation and served on the faculties at Boston College and Keller Graduate School of Management. Dr. Berlin earned his Ph.D. in Industrial Engineering and Management Science at Northwestern University and his B.A. from Cornell University.

Top of Page



  ©Compliance Spectrum 2007. All Rights Reserved.Privacy Policy