Online event Nov.12, 2024 @ 4pm Pacific

So many of our compliance programs are unnecessarily complicated, laden with spreadsheets that are many thousands of rows but not reflective of our actual operations. Despite our genuine desire to be compliant, our efforts are overshadowed with irrelevant busywork and the myriad of tools sold to us as silver bullets. Meanwhile the breaches, ransomware, and losses continue to mount.

Online event Nov.13, 2024 @ 10am pacific

GRC Pro? GRC Novice? Somewhere in-between GRC knowledgeable? Join us Nov.13 for a quick reminder checklist as you prep for 2025 - We'll explain why it's important do begin to build a GRC program with appropriated controls

In-Person: Oct.15-17, 2024 Boston, MA (Marriott Copley Place)

Our Founder is a speaker at The Best Data & AI Conference for CDAO’s in North America!

This is the annual meeting place for all senior data decision-makers from leading corporations across the country, facilitating connections for senior level Data & AI leaders across North America. Join the conversation #CDAOFall

In-Person Oct.9, 2024 Santa Monica, CA (Annenberg Beach House)

On the sand! LITERALLY on the sand! Enjoy Santa Monica's beautiful Annenberg Beach House, hosting ISSA-LA's Summit on Oct.9. Karina will be a panelist at one of the sessions. Join us in person for great networking. Opening reception is the prior evening on Oct.8 after the CISO Forum.

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original event October 1, 2024

Business risks are growing for collecting personal/consumer data. Whether your organization collects personal data of employees, consumers, or business contacts for its internal use or to share it or sell it with business partners or other businesses for profit (data brokering) there are legal, financial and reputational risks regardless of your industry.

In this webinar experts in Data Surveillance, Governance/Risk/Compliance, Operationalizing Privacy Compliance and Cybersecurity/Data Protection will translate the issues into business terms, discuss the and reputational business risks and practical approaches to mitigate the business risk

In-Person: Sept.19, 2024 El Segundo, CA

This cybersecurity conference is NOT your average one. It focuses on local community networking and learning with an enjoyable meeting experience. No vendor booths or sales pitches. Meet vendors and your peers in golf bays. Benefit from expert insights in the morning and enjoy golf, food, and networking in the afternoon. Gain valuable insights, networking opportunities, and tools to combat cyber threats. You also get to explore a selection of vendor solutions from our CISO-vetted and curated list of 250 shortlisted vendors. Yep! We do the evaluations so you can rest assured the solutions do exactly what they say they do!

Click on *READ MORE* in this section to watch recording of this session on LinkedIn

YouAttest for Identity Permission Checking: This recorded #AuditTuesday goes into the enterprise problem of aligning enterprise roles/privileges (usually held in the HR) system with the various identity stores (including the IAM).

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original webinar on Sept.10, 2024

So much content! We discussed the GRC Flow of Work, and how to appropriate all of those overwhelming controls using N(4) buckets. Don't overwhelm yourself with trying to implement the entirety of those regulations & frameworks because it's likely that not each control applies to you! We also discussed the exciting partnership with CloudPSO!

In-Person: Sept.5, 2024 Ogden, UT

Our founder is a speaker at an eventful day where cybersecurity meets the spirit of baseball.

Whether you're interested in industry insights, networking opportunities, or simply enjoying a game, this summit promises something for everyone.

Click on *READ MORE* this section to watch recording of this session on LinkedIn - Original webinar on July 26, 2024

Adhering to compliance have you spinning? Time to check how relevant controls are to your actual functions & appropriate their use within your company. Well-written controls will help your operations (not hinder them!) and will surface legitimate failures faster.

Join us as we discuss how to stop drowning in an ocean of vaguely written controls which may not even apply to you - then build passive evidence gathering practices which help you focus on true mitigations & maturity.

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original webinar on July 16, 2024

Our final session recapping critical governance, risk & compliance areas - establishing & prioritizing focal areas, appropriating controls, creating KPIs, measuring risk (that actually applies to you!), aligning resources: people, process & technology. We're cramming in as much as we can into an hour! All 5 sessions will be available for viewing at your leisure.

If you're working on getting your CGEIT cert, or curious about some GRC refreshers, this is where you want to be!

Click on *READ MORE* in this section to access podcast - Original availability date was July 13, 2024

DiscoPosse Ep 256 - Simplifying Compliance: Navigating GRC with Karina Klever

Karina Klever, founder of Klever Compliance, shares her extensive experience in governance, risk, and compliance (GRC). With a career spanning over three decades, Karina delves into the fundamentals of GRC, breaking down complex concepts and offering practical insights on streamlining compliance processes. She emphasizes the importance of creating tailored policies, managing vendor relationships, and the necessity of passive evidence collection. The conversation also touches on the impact of AI and data retention in modern compliance frameworks. Tune in to gain valuable knowledge on demystifying GRC and making it more manageable for your organization.

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original webinar on July 12, 2024

Compliance is not a checkbox exercise. This session discusses appropriating influences (regulations and frameworks), and understanding the differences. We also discuss vendor management risks and how data that may be relinquished downstream is at the biggest risk of breach due to the weak controls. Avoiding vague nebulous words in your published guidance allows for passive evidence gathering and eventually automation. Make auditors your friends!

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original webinar on July.2, 2024

CGEIT Domain 4 is all about Risk! Know your risk tolerance? Are you measuring risk associated to your failed controls, or measuring only ethereal risks? Make sure risk management efforts line up to your business & you're actively tracking mitigations. Risk management is not just an "IT thing" although risks may first rear their heads in the IT space. Join us on Tuesday as we study the 4th CGEIT domain. Broaden your horizons, never hurts to get another perspective to this often intimidating competency area. This domain is 19% of the test.

Recording available anytime / Published Jun.25, 2024

Interactive discussion with local ISC2’s President about compliance, how disciplines like project management can be an entry point into cybersecurity, the challenges of large organizations, and possibly launching a study group for ISC2's CGRC certification.

🔗 𝗔𝗽𝗽𝗹𝗲 - https://lnkd.in/g_Apxz7W

🔗 𝗦𝗽𝗼𝘁𝗶𝗳𝘆 - https://lnkd.in/g2T5fHeJ

🔗 𝗬𝗼𝘂𝗧𝘂𝗯𝗲 - https://lnkd.in/g968x5WX

Original Webinar June 25, 2024 - Recording available upon request

Continuing to help remove the intimidation and confusion involved with GRC.

So many of us are overwhelmed with this topic and have no idea how to approach, decipher, or execute governance principles.

The "checkbox exercise" approach to the endless irrelevant controls hadn't left us any more secure! We spin within each audit cycle and dedicate hundreds of thousands of hours *and dollars* on activities within our organizations that may not even be necessary.

We have unnecessarily overcomplicated this competency and it's time to untangle it.

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original webinar on June 18, 2024

CGEIT Domain 3 is all about proper money allocation, prioritizing initiatives, defining metrics to measure your successes and continuous improvement principles. This domain is 26% of the test.

Webinar Jun.7, 2024 @ 10:30am Pacific - Ask for your recording!

This is definitely a hot conversation topic - not only from the direction of the person that wants to get into the GRC space - but also that hiring manager that is having a hard time finding qualified folks!

Will be great to talk thru how to level up your skillset for this space!

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original webinar on June 4, 2024

CGEIT Domain 2 covers the planning and optimization of IT resources, including sourcing and acquisition strategies, capacity planning, asset management and human resource development. This domain is 15% of the test.

Original Webinar Jun.26, 2024 @ 11am Pacific - Ask for your recording!

The summer driving season is here and who doesn’t love a good road trip?? That said, spend too much time in the car and you’ll get asked ( repeatedly if you have kids ) ‘Are we there yet?’

For many organizations, that’s a perfect analogy for their data governance journey – you’ve been in the car for a while.

This webinar will examine the challenge of implementing an effective data governance program and reaching the elusive destination of regulatory compliance. The good news – it’s not as hard as it needs to be.

Join Karina Klever, CEO of Klever Compliance, and Sag Baruss, Director of Customer Enablement at Data & More as they unpack this topic and discuss the key elements of a successful data governance and compliance program. It’ll be like stopping for ice cream on the way.