CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics.
Download this eBook on addressing the Board and learn about:
Common challenges security and risk teams face when reporting to the Board;
Key areas of...
What happens if organizations that must comply with GDPR have yet to achieve compliance, despite having had two years to do so before enforcement began? Don't panic, says cybersecurity expert Brian Honan, but do be pursuing a data privacy transparency and accountability action plan.
Leading the latest edition of the ISMG Security Report: Reports on the impact enforcement of the EU's General Data Protection Regulation, which began Friday, will have on the healthcare and banking sectors. Plus an assessment of GDPR compliance issues in Australia, which offer lessons to others worldwide.
There are massive amounts of vulnerabilities that companies deal with on an ongoing basis - not everything is lost though. Organizations that use unpatched software face a race against the clock, with attackers regularly beginning to hammer new vulnerabilities just hours after new fixes or security alerts get released...
Not long ago, Sam Kassoumeh of Security Scorecard has to explain the concept of cybersecurity ratings. Now he sees the practice being used throughout enterprises for other, evolving business cases.
Managing third-party risks is more critical than ever, says Tom Turner of BitSight Technologies, who discusses the urgency of communicating that to the board.
It's a complicated cybersecurity ecosystem for most organizations, which manage dozens of third-party relationships. Yet, they often rely on manual processes to manage their security risks. Sam Kassoumeh of SecurityScorecard discusses the value of automated security ratings.
The annual Vulnerability Review analyzes the evolution of software security from a vulnerability perspective. Secunia Research at Flexera monitors more than 55,000 applications, appliances and operating systems, and test and verify the vulnerabilities to provide global data on the prevalence of vulnerabilities, while...
CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.
Vendor risk management is becoming more critical as companies rely more on partners who have access to payment card data and other sensitive information, says Ramon Lipparoni, IT integration manager at ComAir, a South African airline. One critical step, he says, is conducting impromptu vendor audits.
Defending your organization from risk means confronting the potential security vulnerabilities that are present in your third party network. Deloitte reports that 83% of today's business leaders lack confidence in third party vendor risk management processes. Why? Because traditional VRM methods are no match for the...
Financial institutions have long been aware of the need to manage
risk in third- and fourth-party vendors, and most have a formal
program for managing that risk. Yet an existing third party risk
management (3PRM) program may not address today's increased
levels of outsourcing and new global regulatory...
While other corporate functions have embraced benchmarking, risk and security teams have been left in the dark. Existing tools for network security are unable to compare security performance against industry averages and peers. To effectively understand the impact of security programs and communicate changes to key...
A recent alert from the Department of Homeland Security warning of vulnerabilities in certain medical imaging products from GE Healthcare is a reminder to other medical device makers and healthcare entities about the risks posed by hardcoded and default credentials.
Vendors play a critical role in supporting key business functions. As a result, companies need to take responsibility for managing their security and risk with the partners they choose, but current methods for managing that risk are inefficient.
A March 2018 study conducted by Forrester Consulting on behalf of...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.