RESOURCES


home.aspx
   
Zero Trust – Demystified ZERO TRUST – DEMYSTIFIED

article

Jul 29, 2020

1. Zero Trust – DemystifiedEveryone seems to be talking about Zero Trust in the security world at the moment. Unfortunately there seems to be multiple definitions of this depending on which vendor you ask. To help others understand what Zero Trust is, this white paper covers the key aspects of...

Read More

How Organizations can prepare for Cybersecurity HOW ORGANIZATIONS CAN PREPARE FOR CYBERSECURITY

article

Apr 22, 2020

According to a Gartner study in 2018, the global Cybersecurity market is estimated to be as big as US$170.4 billion by 2022. The rapid growth in cybersecurity market is boosted by new technological initiatives like cloud-based applications and workloads that require security beyond the traditional d...

Read More

A 4 Step Guide to Stronger OT Cybersecurity A 4 STEP GUIDE TO STRONGER OT CYBERSECURITY

article

Apr 14, 2020

Security and risk management leaders at organizations around the world are increasingly concerned about cybersecurity threats to their operational technology (OT) networks. A key driver behind this is that cyberthreats, like disruptionware, are increasing in quantity and sophistication all the time....

Read More

Collaboration: The Missing Piece in Enterprise Risk Management COLLABORATION: THE MISSING PIECE IN ENTERPRISE RISK MANAGEMENT

whitepaper

Feb 02, 2020

Enterprise risk management programs are maturing, and the role of the chief risk officer is becoming more popular. However, risk management professionals rarely have a direct role in business decision making. In fact, only 29% of Board members substantively discuss top risk exposures in a formal man...

Read More

A Framework for Measuring InfoSec as a Business Function A FRAMEWORK FOR MEASURING INFOSEC AS A BUSINESS FUNCTION

article

Feb 02, 2020

In my December column, I ended with the observation that many CISOs struggle when it comes to first determining and then actually communicating the business value of the security options out there. Often, that failure stems from CISOs who lack a background in finance and economics, and their inabili...

Read More

Going Viral: The Challenges & Urgency of Managing TPRM GOING VIRAL: THE CHALLENGES & URGENCY OF MANAGING TPRM

whitepaper

Jan 24, 2020

Managing cyber risks has become more challenging and urgent as businesses expand their vendor ecosystems.It is difficult enough for organizations to manage their own internal vulnerabilities, but even more challenging to ensure that every vendor across their supply chain has strong security practice...

Read More

Top Cybersecurity Threats in 2020 TOP CYBERSECURITY THREATS IN 2020

article

Jan 08, 2020

A host of new and evolving cybersecurity threats has the information security industry on high alert. Ever-more sophisticated cyberattacks involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more have placed the data and assets of corporations, governments a...

Read More

An Expanding Attack Surface: 5 Tips to Manage Third-Party Risk AN EXPANDING ATTACK SURFACE: 5 TIPS TO MANAGE THIRD-PARTY RISK

whitepaper

Jan 02, 2020

As organizations become increasingly reliant on third-parties, they expand their attack surface & put themselves at risk.Today's digital environment offers unprecedented opportunities for organizations to improve the customer experience and efficiency of their operations. At the same time, e...

Read More

Collaboration: The Missing Piece in Enterprise Risk Management COLLABORATION: THE MISSING PIECE IN ENTERPRISE RISK MANAGEMENT

whitepaper

Dec 27, 2019

Enterprise risk management programs are maturing, and the role of the chief risk officer is becoming more popular. However, risk management professionals rarely have a direct role in business decision making. In fact, only 29% of Board members substantively discuss top risk exposures in a formal man...

Read More

Ransomware Risk Management: 11 Essential Steps RANSOMWARE RISK MANAGEMENT: 11 ESSENTIAL STEPS

article

Dec 18, 2019

There's been a lot of discussion within the InfoSec community about ransomware - why it has been increasing, whether ransoms should be paid and how to mitigate this rapidly growing threat. The culprit that opens the door to these attacks, apparently including last week's city of New Orleans ...

Read More

Collaboration: The Missing Piece in Enterprise Risk Management COLLABORATION: THE MISSING PIECE IN ENTERPRISE RISK MANAGEMENT

whitepaper

Dec 12, 2019

Enterprise risk management programs are maturing, and the role of the chief risk officer is becoming more popular. However, risk management professionals rarely have a direct role in business decision making. In fact, only 29% of Board members substantively discuss top risk exposures in a formal man...

Read More

What’s the answer to the vulnerability overload problem? Key findings from ESG’s Cyber Risk Management survey WHAT’S THE ANSWER TO THE VULNERABILITY OVERLOAD PROBLEM? KEY FINDINGS FROM ESG’S CYBER RISK MANAGEMENT SURVEY

whitepaper

Oct 16, 2019

Cyber risk management is demanding work. Vulnerabilities are growing, threat actors are smarter and pressure from the executive team is intensifying. What used to be a side IT conversation is now a top business priority. You finally have the full attention of the C-suite and board – but, do you know...

Read More

How to get specific security information about AWS services HOW TO GET SPECIFIC SECURITY INFORMATION ABOUT AWS SERVICES

article

Jul 15, 2019

We are excited to announce the launch of dedicated security chapters in the AWS documentation for over 40 services. Security is a key component of your decision to use the cloud. These chapters can help your organization get in depth information about both the built in and the configurable security ...

Read More

SECURITY AND RISK MANAGEMENT COLLABORATION SECURITY AND RISK MANAGEMENT COLLABORATION

whitepaper

Jul 14, 2019

CYBER ATTACK RISK IS BUSINESS RISK There’s more to responding than just stopping the attack. In this e-book, we’ll explore areas where security and risk management leaders can collaborate to mitigate cyber attack risk.

Read More

SECURITY THROUGH INNOVATION SECURITY THROUGH INNOVATION

whitepaper

Jul 07, 2019

Our Cyber Security Consultancy team has international experience at the world’s top consulting firms. Building on these foundations, they joined Secgate to design and deliver solutions that are proactive rather than reactive, flexible enough to be tailored to a client’s individual proble...

Read More

Qatar Issues Aviation Cybersecurity Guidelines QATAR ISSUES AVIATION CYBERSECURITY GUIDELINES

article

Jul 01, 2019

To help avoid disruption of civil aviation operations, the Civil Aviation Authority of Qatar and the Ministry of Communications and Transport have issued cybersecurity guidelines. CAA's new guidelines suggest organizations develop effective risk management, build a structure to respond to breach...

Read More

How to Survive a Cyber Incident | Timothy Wood | KPMG HOW TO SURVIVE A CYBER INCIDENT | TIMOTHY WOOD | KPMG

video

Jun 23, 2019

In today’s digital world, decision-makers can’t afford to be held back by cyber risks. They need to make bold decisions and feel confident that their cyber strategy, defenses and recovery capabilities will protect their business and support their growth strategies. Timothy Wood, Associat...

Read More

Empowering Women in Cyber Risk Management EMPOWERING WOMEN IN CYBER RISK MANAGEMENT

video

Jun 20, 2019

We are collaborating with government ministries and agencies to introduce a reskilling cyber security programmed called ‘Empowering Women in Cyber Risk Management’.

Read More

SANS 2019 State of OT/ICS Cybersecurity Survey SANS 2019 STATE OF OT/ICS CYBERSECURITY SURVEY

whitepaper

Jun 19, 2019

The 2019 SANS OT/ICS Cybersecurity Survey explores the challenges involved with design, operation and risk management of an industrial control system (ICS), its cyber assets and communication protocols, and supporting operations. This year, SANS focused more broadly on the operational technology (OT...

Read More

Data Security Policy DATA SECURITY POLICY

infographic

May 17, 2019

DATA SECURITY POLICY. Risk Management Practice Guide of Lawyers Mutual. LAWYERS I LIABILITY INSURANCE COMPANY OF MUTUAL NORTH CAROLINA. INTERNAL THREAT 1. accidental deletion or dissemination of client's files 2. downloading malware or virus 3. exposing server and client files SECURITY AUDIT. In...

Read More

Cyber Risk Considerations During the M&A Process CYBER RISK CONSIDERATIONS DURING THE M&A PROCESS

article

Mar 05, 2019

Data breaches are a constant in today’s headlines, but in recent years the risk has been front and center of some of the most significant M&A deals. In 2017, Verizon discounted its acquisition price by $350 million when Yahoo belatedly disclosed that it experienced several massive breaches...

Read More

MITIGATE CYBER RISK BEFORE, DURING, AND AFTER INCIDENTS MITIGATE CYBER RISK BEFORE, DURING, AND AFTER INCIDENTS

whitepaper

Feb 02, 2019

TRANSFORM YOUR DISASTER RECOVERY SITE INTO A VIRTUAL CYBER RANGE. VM2020 brings cutting-edge technology and cyber resilience content to enterprise risk management to let you realistically simulate the impact, remediation, and recovery from cyber threats – all using existing business continuity...

Read More

6 KEY RISK MANAGEMENT METRICS FOR CONTROLLING CYBER SECURITY 6 KEY RISK MANAGEMENT METRICS FOR CONTROLLING CYBER SECURITY

whitepaper

Jan 24, 2019

The risk of high impact cyber-related breaches continues to be high on the agenda of organisations working across the financial services sector. The FCA’s recent publication of findings from a report on Cyber and Technology Resilience, has communicated a warning that there is “no immedia...

Read More

Maintaining regulatory compliance and cyber security MAINTAINING REGULATORY COMPLIANCE AND CYBER SECURITY

infographic

Jan 23, 2019

As data is becoming the new health care currency, protecting it will be key. Clinical innovations, digital interconnectivity, and market complexity is heightening the need for new government policies, regulatory oversight, and risk management in health care Cybersecurity currently heads the list of ...

Read More

AI Seen as Taking Increasingly Lead Role in Fight against Cyber Threats AI SEEN AS TAKING INCREASINGLY LEAD ROLE IN FIGHT AGAINST CYBER THREATS

article

Jan 13, 2019

The business world has been slow to incorporate AI as a security measure but that’s going to change in 2019. More than 25 years ago, the worldwide web was likened to the wild west – a virtual frontier lined with black hats gunning to spread viruses that latched onto computers, erase thei...

Read More

What’s the Answer to the Vulnerability Overload Problem? Key Findings from ESG’s Cyber Risk Management Survey WHAT’S THE ANSWER TO THE VULNERABILITY OVERLOAD PROBLEM? KEY FINDINGS FROM ESG’S CYBER RISK MANAGEMENT SURVEY

whitepaper

Jan 11, 2019

Cyber risk management is demanding work. Vulnerabilities are growing, threat actors are smarter and pressure from the executive team is intensifying. What used to be a side IT conversation is now a top business priority. You finally have the full attention of the C-suite and board – but, do yo...

Read More

Tips on Cybersecurity Vendor Risk Management for the Board of Directors TIPS ON CYBERSECURITY VENDOR RISK MANAGEMENT FOR THE BOARD OF DIRECTORS

article

Jan 08, 2019

Think about your vendors. Each one presents a unique risk to you. Whether it’s a risk to information security or the availability of your company’s product or service, all vendor services come with a specific level of risk. In the current technological environment, vendors are not only h...

Read More

Managing Cybersecurity Risk and a Framework for Making Investments MANAGING CYBERSECURITY RISK AND A FRAMEWORK FOR MAKING INVESTMENTS

article

Jan 04, 2019

Everyone agrees that core protection tools are necessary from a risk management and compliance standpoint, but what about adding new programs to reduce your cyber risk? Quantifying your cyber risk is difficult but necessary to establish a prudent financial evaluation and planning process that provid...

Read More

White House Cybersecurity Strategy: The Essence WHITE HOUSE CYBERSECURITY STRATEGY: THE ESSENCE

article

Dec 28, 2018

The “National Cyber Strategy”, released recently by the White House, offers a broad blueprint for America’s approach to cybersecurity. Let’s look its four “pillars”, and their key elements. 1. Protecting the American People, Homeland, and the American Way of Life....

Read More

Innovation key to cybersecurity INNOVATION KEY TO CYBERSECURITY

video

Nov 05, 2018

Pascal Dello Torre, Global head of technology – Veolia Group, talks on the sidelines of Gartner Security and Risk Management Summit 2018, about why it is important to discuss innovation when you are talking about cybersecurity.

Read More

Digital Trust in New Zealand DIGITAL TRUST IN NEW ZEALAND

infographic

Oct 31, 2018

Embrace cyber security from the start Many companies are pursuing digital transformation projects and growing connectivity is increasing the potential for cyber-attacks. Only 25% of NZ businesses are including proactive risk management 'fully from the start' of a digital transformation proje...

Read More

RSA QUARTERLY FRAUD REPORT RSA QUARTERLY FRAUD REPORT

whitepaper

Sep 01, 2018

The RSA® Quarterly Fraud Report contains fraud attack and consumer fraud data and analysis from the RSA Fraud & Risk Intelligence team. It represents a snapshot of the cyber-fraud environment, providing actionable intelligence to consumerfacing organizations of all sizes and types to enable ...

Read More

HOW ARE THE C-SUITE FAILING CYBER SECURITY? HOW ARE THE C-SUITE FAILING CYBER SECURITY?

infographic

Jul 09, 2018

Organisations need to protect themselves from cyber-related failures and errors, and malicious cyber-attacks. Too often, cyber risk is being managed solely by IT. However, the risks need to be recognised and addressed by the wider governance and risk management processes that involve other managemen...

Read More

The Connection Between Insider Threats and Data Loss Prevention THE CONNECTION BETWEEN INSIDER THREATS AND DATA LOSS PREVENTION

article

Jun 26, 2018

Historically, when a cybersecurity team looks to decrease the risk of data loss at their organization, they look towards Data Loss Prevention (DLP) technology. These tools are often hyped for their ability to tag, categorize, and control data movement, but in many cases where an organization has a D...

Read More

DoD predicts cost of fixing cyber vulnerabilities will surpass $250 million DOD PREDICTS COST OF FIXING CYBER VULNERABILITIES WILL SURPASS $250 MILLION

article

Jun 15, 2018

The rise of the Internet of Things (IoT) has increased the need for the Department of Defense (DoD) to strengthen its cybersecurity defenses – something already long overdue. The DoD estimates that it may have to spend more than $250 million over the next four years to mitigate existing vulner...

Read More

NIST seeks feedback on its updated Risk Management Framework NIST SEEKS FEEDBACK ON ITS UPDATED RISK MANAGEMENT FRAMEWORK

article

May 16, 2018

The National Institute of Standards and Technology (NIST) has released a draft of its update to the Risk Management Framework (RMF), designed to help federal agencies and companies safeguard their information systems from cyber threats. The update will help organizations respond appropriately to pri...

Read More

Kick-start your career in information security management KICK-START YOUR CAREER IN INFORMATION SECURITY MANAGEMENT

article

Apr 12, 2018

Attendees will gain a solid understanding of risk management, technical controls, legal frameworks, physical security, international standards and business continuity, including. The concepts relating to information security management, including confidentiality, integrity and availability (CIA). vu...

Read More

SECURE Communications SECURE COMMUNICATIONS

whitepaper

Apr 01, 2018

CallTrackingMetrics’ (CTM’s) Security and Privacy Program follows a streamlined framework based on NIST 800-30 Rev. 1 guidance. The program was initially developed to adhere to the the Meaningful Use criteria and the HIPAA HITECH Express regulations. In early 2018, in addition to our HIP...

Read More

A preview of the new NIST Cybersecurity Framework A PREVIEW OF THE NEW NIST CYBERSECURITY FRAMEWORK

article

Mar 23, 2018

The NIST Cybersecurity Framework has become the de facto set of guidelines for critical infrastructure organizations to assess information security risk and implement adequate cybersecurity measures to manage risk, while protecting consumer privacy. Since being published in February 2014, the framew...

Read More

An introduction to the NIST Risk Management Framework AN INTRODUCTION TO THE NIST RISK MANAGEMENT FRAMEWORK

article

Mar 16, 2018

The Risk Management Framework (RMF) is a set of information security policies and standards for federal government developed by The National Institute of Standards and Technology (NIST). The RMF is covered specifically in the following NIST publications: The Risk Management Framework (RMF) is a set ...

Read More

The evolution of cyber threats THE EVOLUTION OF CYBER THREATS

whitepaper

Mar 04, 2018

Embracing Cyber Risk Management. Across the globe, businesses have become more reliant than ever on technology. Yet with a growing digital footprint, the risk of a business incurring a cyber incident is no longer a question of if, but when. As the digital world evolves, New Zealand businesses must c...

Read More

Focus on Funds: Fund Cybersecurity Strategies Are Changing FOCUS ON FUNDS: FUND CYBERSECURITY STRATEGIES ARE CHANGING

video

Jan 12, 2018

New technology is changing how funds approach cybersecurity—and overall risk management. In the January 15, 2018, edition of Focus on Funds, IBM cybersecurity expert Bob Kalka discusses what’s changing and how it’s strengthening fund defenses. What cybersecurity megatrend should ev...

Read More

As risk management matures, cybersecurity gaps still loom AS RISK MANAGEMENT MATURES, CYBERSECURITY GAPS STILL LOOM

infographic

Dec 20, 2017

Healthcare’s approach to cybersecurity is maturing, but not quickly enough. The third annual HIMSS Analytics IT Security and Risk Management Study1 showed improvements in risk management. However, there are still gaps with addressing increasing security threats and evolving concerns around the...

Read More

The cybersecurity examination Raising the bar for cyber risk management oversight and reporting THE CYBERSECURITY EXAMINATION RAISING THE BAR FOR CYBER RISK MANAGEMENT OVERSIGHT AND REPORTING

infographic

Jul 04, 2017

The cybersecurity examination Raising the bar for cyber risk management oversight and reporting. With the proliferation of cybercrime and recently proposed legislations related to cyber risk reporting and disclosures, organizations are under intense pressure from stakeholders to respond to inquiries...

Read More

NIST Cybersecurity Framework (CSF) NIST CYBERSECURITY FRAMEWORK (CSF)

whitepaper

May 17, 2017

The NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework, or CSF) was originally published in February 2014 in response to Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for the development o...

Read More

Adaptive Security: Changing Threats Require a New Paradigm for Protecting Cyber Assets ADAPTIVE SECURITY: CHANGING THREATS REQUIRE A NEW PARADIGM FOR PROTECTING CYBER ASSETS

article

Feb 21, 2017

The following is an excerpt from our 2016-2017 Global Application & Network Security Report, contributed by the Enterprise Security and Risk Management Team at Tech Mahindra. As organizations continue to embrace the digital evolution, a growing number of assets are being connected to the Interne...

Read More

5 Reasons Why to Join Cybersecurity Conference QuBit 2017 in Prague 5 REASONS WHY TO JOIN CYBERSECURITY CONFERENCE QUBIT 2017 IN PRAGUE

article

Jan 27, 2017

Attending a conference is an effective way how to educate yourself, promote your company and meet new partners and fellows. The cybersecurity market offers plenty of opportunities to join various events, workshops, conferences and trade shows. Mark QuBit 2017 in your calendar! The 4th annual cyberse...

Read More

The Intelligent Choice for Cybersecurity THE INTELLIGENT CHOICE FOR CYBERSECURITY

article

Jan 17, 2017

The cybersecurity market continues to experience explosive growth as companies seek better solutions to protect critical systems and data, struggle to fill nearly a million open job positions worldwide, and enhance their overall risk management posture. The continued growth stems from the reality th...

Read More

Joyce Brocaglia on The Cyber Security School Challenge and Cyber Bullying JOYCE BROCAGLIA ON THE CYBER SECURITY SCHOOL CHALLENGE AND CYBER BULLYING

article

Jan 13, 2017

Joyce Brocaglia is the founder and CEO of Alta Associates. Founded in 1986 Alta Associates has become the most prominent boutique executive search firm specializing in Information Security, IT Risk Management and Privacy. Joyce is a strategic advisor to her clients who has gained the trust and respe...

Read More

A Healthcare Provider’s Cyber Attack Survival Plan A HEALTHCARE PROVIDER’S CYBER ATTACK SURVIVAL PLAN

article

Jan 12, 2017

Healthcare providers average a paltry 6% of their information technology budget expenditures on security, according to “ 2016 HIMSS Analytics Healthcare IT Security and Risk Management Study,” from security firm Symantec and HIMSS Analytics, the research arm of the Healthcare Information...

Read More

Five Cybersecurity Resolutions Every CISO Should Have On Their List FIVE CYBERSECURITY RESOLUTIONS EVERY CISO SHOULD HAVE ON THEIR LIST

article

Dec 28, 2016

As we bid farewell to the final days of 2016, it’s time to start looking ahead to the New Year and what we hope to accomplish within the next 365 days. Year after year, some Chief Information Security Officers (CISOs) set lofty goals of securing all data to fullest extent wherever it resides i...

Read More

Cyber-security is more than just an IT issue CYBER-SECURITY IS MORE THAN JUST AN IT ISSUE

article

Dec 12, 2016

2016 has been a year defined by cyber-security. However, despite the manifold large scale cyber-attacks and the multibillion-pound strategy launched by the UK government, businesses are still failing to fully understand the risks that come with poor cyber security. As part of the UK government's...

Read More

4 Steps for Businesses to Enhance Cybersecurity 4 STEPS FOR BUSINESSES TO ENHANCE CYBERSECURITY

article

Nov 29, 2016

Protecting Security and Privacy in an Interconnected World”, a new report from Arthur J. Gallagher & Co. (an international insurance brokerage and risk management services firm), examines common and emerging technological vulnerabilities and the steps that organizations can take to prepare...

Read More

CAQ: Audit’s role in cyber-security exams CAQ: AUDIT’S ROLE IN CYBER-SECURITY EXAMS

article

Sep 15, 2016

Public company auditors are starting to suggest companies voluntarily submit to an independent cyber-security examination separate from the existing financial statement audit. In a chapter of a 236-page paper by the Internet Security Alliance prepared for its recent conference, the Center for Audit ...

Read More

Cyber Security and Risk Strategy from the Inside-Out CYBER SECURITY AND RISK STRATEGY FROM THE INSIDE-OUT

video

Sep 12, 2016

Bay Dynamics’ CMO, Gautam Aggarwal, sat down with ISMG to discuss effective cyber risk management and how it’s essential for CISOs to have the right visibility in order to understand what employees, strategic business partners, and third-party vendors are doing on the inside and how they...

Read More

The Difference Between IT Cybersecurity and Product Cybersecurity THE DIFFERENCE BETWEEN IT CYBERSECURITY AND PRODUCT CYBERSECURITY

article

Aug 18, 2016

Manufacturers are at various levels of preparedness when it comes to cybersecurity for medical devices, but are sincerely trying to get up to speed. The latest thinking in this space—by regulators, manufacturers, and solution providers—revolves around the difference between IT cybersecur...

Read More

IBM QRadar Security Intelligence Solutions Grow As Your Needs Grow IBM QRADAR SECURITY INTELLIGENCE SOLUTIONS GROW AS YOUR NEEDS GROW

video

Jan 07, 2016

Organizations today need integrated security intelligence solutions that can grow as their business grows, both in terms of size and capabilities. The IBM QRadar Security Intelligence Platform meets these requirements by providing an integrated security solution that is highly scalable, and can expa...

Read More

How to be prepared for cyber attacks HOW TO BE PREPARED FOR CYBER ATTACKS

whitepaper

Everyone who has been following the news knows how organizations are struggling with their cyber security. Files in organizations and institutions all around the world have been encrypted until ransomware demands are paid. If you are an IT Security Manager, HSSE Manager, or play any role in security...

Read More

Impact of NIST Cybersecurity Framework on Service Providers, Enterprises and NEMs IMPACT OF NIST CYBERSECURITY FRAMEWORK ON SERVICE PROVIDERS, ENTERPRISES AND NEMS

whitepaper

The National Institute of Standards and Technology (NIST) Cybersecurity Framework impacts all public and private organizations that manage critical infrastructures in the United States. The Framework encourages network equipment manufacturers, enterprises, service providers, government agencies and ...

Read More

Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations CHOOSING AN INFORMATION RISK MANAGEMENT FRAMEWORK: THE CASE FOR THE NIST CYBERSECURITY FRAMEWORK (CSF) IN HEALTHCARE ORGANIZATIONS

whitepaper

The healthcare industry is quickly becoming the number one target of cyberattackers. The value of protected health information (PHI), combined with the industry’s struggle to afford and implement cybersecurity best practices, makes the healthcare industry an irresistible target.

Read More

The Information Security Practice Principles THE INFORMATION SECURITY PRACTICE PRINCIPLES

whitepaper

We believe high-level principles underlie a great deal of existing information security 1 thinking and practice, but that they have remained generally under-researched and unarticulated in favor of technical documents that are highly detailed and highly prescriptive, such as the NIST Risk Management...

Read More

40 Questions You Should Have in Your Vendor Security Assessment 40 QUESTIONS YOU SHOULD HAVE IN YOUR VENDOR SECURITY ASSESSMENT

whitepaper

Understanding the cybersecurity disposition of your vendors is vital in your relationship with third-party businesses. It's important to include a security assessment with high-level security questions in your vendor risk management (VRM) program. In this white paper, you will learn how to get s...

Read More

Making Risk Management More Effective with Security Ratings MAKING RISK MANAGEMENT MORE EFFECTIVE WITH SECURITY RATINGS

whitepaper

With the growth of cyber threats and the daily reports of security breaches, cyber risk has to be high on your list of priorities for your enterprise. According to Lloyds Risk Index 20131 cyber risk is now the third biggest concern of CEOs and their senior executives, following high taxation and los...

Read More

0 Questions You Should Have in Your Vendor Security Assessment 0 QUESTIONS YOU SHOULD HAVE IN YOUR VENDOR SECURITY ASSESSMENT

whitepaper

Understanding the cybersecurity disposition of your vendors is vital in your relationship with third-party businesses. It's important to include a security assessment with high-level security questions in your vendor risk management (VRM) program. In this white paper, you will learn how to get s...

Read More

MicroStrategy Usher: A maturity model for enterprise security. MICROSTRATEGY USHER: A MATURITY MODEL FOR ENTERPRISE SECURITY.

whitepaper

Today, organizations are facing a challenging and constantly evolving landscape of security threats. Supercharged connectivity, unending streams of information and instantaneous transactions have created unprecedented opportunities for business—but they also create vulnerabilities. Cyber threa...

Read More

Demystifying Cybersecurity: going back to basics DEMYSTIFYING CYBERSECURITY: GOING BACK TO BASICS

whitepaper

Executives, board members and security professionals who are tasked with enterprise risk management are constantly bombarded nowadays with cybersecurity news concerning new forms of attack perpetrated by both novice and sophisticated assailants, from state sponsored cyber criminals to malcontent emp...

Read More

Cyber Attacks in 2015: A Rising Threat [INFOGRAPHIC] CYBER ATTACKS IN 2015: A RISING THREAT [INFOGRAPHIC]

infographic

Later this week, CEO Arnette Heintze will begin posting a short 6-part series of blogs on what the Hillard Heintze team views as the Top Trends in 2015 in three areas: security risk management, investigations and law enforcement program improvement. Our comparable series in early January last year g...

Read More

Enterprise Social Cyber Attack ENTERPRISE SOCIAL CYBER ATTACK

infographic

By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks,...

Read More

Do your employees have an appetite for cybersecurity? DO YOUR EMPLOYEES HAVE AN APPETITE FOR CYBERSECURITY?

article

It’s never been more important for organisations to adopt a culture of cybersecurity. People across the entire business are now targets for cyber criminals, indicating that everyone from the top down should have an appetite for information security and risk management.

Read More

Daniel Reardon on Cybersecurity and Health Care Industry DANIEL REARDON ON CYBERSECURITY AND HEALTH CARE INDUSTRY

article

Prior to joining Delta Risk(https://delta-risk.net/), Dan worked at Protiviti, where he performed a wide variety of security and privacy assessments, architecture, transformation and management services to help organizations identify and address security and privacy exposures before they become prob...

Read More

Is Your Web Application Secure IS YOUR WEB APPLICATION SECURE

infographic

Want to keep your Web application from getting hacked? Then it’s time to get serious about building secure Web applications. But web application security is a path, not a destination. It’s about risk management and implementing effective countermeasures.

Read More

IDC & Blue Coat Security Infographic | Voyager Networks IDC & BLUE COAT SECURITY INFOGRAPHIC | VOYAGER NETWORKS

infographic

An IDC Infographic, sponsored by Blue Coat Identity and access management; Advanced authentication; Web single sign-on; Enterprise single sign-on; Legacy authorization; User provisioning; Personal portable security devices; Software licensing authentication token; Unified threat management; Intrusio...

Read More

Governance of Cybersecurity Report GOVERNANCE OF CYBERSECURITY REPORT

infographic

Palo Alto Networks joined Georgia Tech, the Financial Services Roundtable and Forbes, to produce the 2015 Governance of Cybersecurity Report in order to increase the awareness among senior leaders on the importance of cybersecurity risk management and proper investments in the right people, process ...

Read More

Fujitsu Group Information Security Report 2012 FUJITSU GROUP INFORMATION SECURITY REPORT 2012

whitepaper

Fujitsu Group Information Security under the corporate governce system, the Fujitsu Group promotes appropriate information management and information usage while observing internal company rules regarding information security for complete system of risk management.

Read More

2015 Healthcare Information Security Today Survey 2015 HEALTHCARE INFORMATION SECURITY TODAY SURVEY

whitepaper

The ever-changing threat landscape requires more robust security risk management programs that can defend against the unknown. This survey assesses how healthcare entities are doing with regulatory compliance. But beyond that, it assesses progress toward taking other steps to strengthen overall secu...

Read More

The Evolving Era of Big Data THE EVOLVING ERA OF BIG DATA

whitepaper

This e-Book is produced by Compliance Week in cooperation with ACL and HPE Security - Data Security. Download this e-Book to learn: CCOs Play a Stronger Role in Data Privacy Facebook's Big Data Fail Calls for More Ethics From ACL: The Big Data Opportunity for Audit, Risk Management.

Read More

Security and Compliance Risk Management: Eliminating the Unknown Risk SECURITY AND COMPLIANCE RISK MANAGEMENT: ELIMINATING THE UNKNOWN RISK

whitepaper

An organization’s ability to deliver value to its stakeholders directly correlates to its ability to manage risk. Simply stated, risk is any event that could positively or negatively affect the organization’s ability to meet their business objectives. Risk management, a key responsibilit...

Read More

2015 Network Security & Cyber Risk Management 2015 NETWORK SECURITY & CYBER RISK MANAGEMENT

whitepaper

If risk managers, senior executives and board members of European organisations had any doubt as to the existence of a data security epidemic, the past year likely changed that. With massive data breaches affecting some of the world’s biggest companies, nation-states using the cyber realm as a...

Read More

Getting Upper Management to Buy in to a VRM Program GETTING UPPER MANAGEMENT TO BUY IN TO A VRM PROGRAM

whitepaper

Upper management doesn't always buy in to or fully understand the importance of a vendor risk management program.

Read More

"Real-time cyber security risk management" "REAL-TIME CYBER SECURITY RISK MANAGEMENT"

whitepaper

Recent cyber security breaches, such as those at Ashley Madison, the US Office of Personnel Management and JP Morgan Chase have demonstrated the real and present threat from cyber breaches. Director of the National Security Agency and head of the United States Cyber Command, Admiral Mike Rodgers has...

Read More

Tools to Quickly Remediate and Verify Vendor Risks TOOLS TO QUICKLY REMEDIATE AND VERIFY VENDOR RISKS

whitepaper

One of the first steps to creating a vendor risk management program includes identifying what kind of access your vendors have to your network and where your greatest risks lie. Unfortunately some organizations dwell on identifying those risks rather than remedying them.

Read More

Avoiding Blind Spots in Vendor Self-Reports Assessments AVOIDING BLIND SPOTS IN VENDOR SELF-REPORTS ASSESSMENTS

whitepaper

The whole idea behind vendor risk management is that you want to be able to verify the effectiveness of your vendors' security practices. But with current solutions that rely on self-reporting questionnaires, how do you actually go about doing that?

Read More

Cybersecurity and the C-Suite: How Executives Can Understand Cyber Risks and Ensure Governance CYBERSECURITY AND THE C-SUITE: HOW EXECUTIVES CAN UNDERSTAND CYBER RISKS AND ENSURE GOVERNANCE

whitepaper

As cybercrime events have increasingly impacted organizations, cybersecurity has transformed from just an IT problem into a strategic issue where the C-Suite must take ownership. However, many executives and board members lack key knowledge about the cyber risks their organizations face and how to i...

Read More

New Forrester Report on Vulnerability Risk Management NEW FORRESTER REPORT ON VULNERABILITY RISK MANAGEMENT

whitepaper

Exploiting vulnerabilities in applications, browsers, and operating systems is often the first step in compromising a target. But despite increased investment, security and risk professionals continue to struggle with remediation. A new analyst report takes a look at the current state of vulnerabili...

Read More

2015 State of Vulnerability Risk Management 2015 STATE OF VULNERABILITY RISK MANAGEMENT

whitepaper

Security vulnerabilities that go unaddressed remain one of the most common root causes of data breaches. Despite the best detection technology and improved intelligence sharing among industries, hackers continue to take advantage of weaknesses across the IT environment.

Read More

Operational Risk Management: A Guide to Harness Risk with Enterprise GRC OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

whitepaper

Today's business environment is fraught with risk. Economic, technology and market conditions affect organizations on a daily basis.

Read More

3 Strategies for Continuous Risk Management 3 STRATEGIES FOR CONTINUOUS RISK MANAGEMENT

whitepaper

"With the growth in the number and sophistication of cyber threats and daily reports of security breaches, cyber risk is high on the list of the most significant risks that organizations face. Many businesses spend millions of dollars annually on people, processes, and technologies to protect themse...

Read More

2014 Network Security & Cyber Risk Management 2014 NETWORK SECURITY & CYBER RISK MANAGEMENT

whitepaper

The vast majority of risk professionals, senior executives and board members in the Asia-Pacific region acknowledge that network and information security risks are a threat to their organisations. Most consider the exposures as serious enough to be made the focus of specific risk management activiti...

Read More

Ensuring Progress Toward Risk Management and Continuous Configuration Compliance ENSURING PROGRESS TOWARD RISK MANAGEMENT AND CONTINUOUS CONFIGURATION COMPLIANCE

whitepaper

Soon after putting monitoring, configuration and remediation capabilities into place to help ensure compliance with IT security objectives, an organization will have questions. Are we secure? Where are we exposed? Are our initiatives working? Have we met our targets? What progress are we making towa...

Read More

Securosis Report: Threat Intelligence for Ecosystem Risk Management SECUROSIS REPORT: THREAT INTELLIGENCE FOR ECOSYSTEM RISK MANAGEMENT

whitepaper

Very few businesses operate today without sharing sensitive data with business partners, suppliers, and service providers. This presents new challenges to security teams as they face the issue of keeping this data secure as it enters the extended enterprise. Without visibility into and control over ...

Read More

Information Security Policy INFORMATION SECURITY POLICY

whitepaper

"Information security and management is an integral part of IT governance, which in turn is a keystone of corporate governance. Information is an asset, and like other important business assets, it has a value and consequently needs to be suitably protected. A comprehensive information security...

Read More

Raising the Bar for Cybersecurity RAISING THE BAR FOR CYBERSECURITY

whitepaper

Extracting value from the computers or networks of unsuspecting companies and government agencies has become a big business. No company or agency can ignore network security; it is the source of systemic risk that threatens long-term health and profitability. Companies must secure their networks if ...

Read More

Information Security Risk and Compliance Series – Risking Your Business INFORMATION SECURITY RISK AND COMPLIANCE SERIES – RISKING YOUR BUSINESS

whitepaper

As the DoD Information Assurance Certification and Accreditation Process (DIACAP) begins to make its curtain call from a defense compliance standpoint, a new process emerges and takes its place, the Risk Management Framework (RMF). How will this new process work? And more importantly, what does this...

Read More

Continuous Monitoring of Information Security CONTINUOUS MONITORING OF INFORMATION SECURITY

whitepaper

Information security centers around risk management — estimating and measuring risks, defining risk avoidance strategies, controlling and mitigating risks, and reporting on risks. At the end of the risk management cycle is one critical step: monitoring security (hence, monitoring risk). Securi...

Read More

Information Security Cyber Liability Risk Management INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT

whitepaper

Historians may look at the year 2013 as a sort of cyber tipping-point – the point at which businesses and governments finally realized the severity of the threats they were facing. Revelations about the NSA’s cyber espionage program, evidence of theft of business intellectual property by...

Read More

The Case for GRC: Addressing the Top 10 GRC Challenges THE CASE FOR GRC: ADDRESSING THE TOP 10 GRC CHALLENGES

whitepaper

Businesses today operate in complex and highly dynamic global environments. Successful execution of business strategies requires an ability to effectively balance revenue generation and operational efficiency objectives with risk management and compliance obligations.

Read More

Enabling Large-Scale Mobility with Security from the Ground Up ENABLING LARGE-SCALE MOBILITY WITH SECURITY FROM THE GROUND UP

whitepaper

The adoption of so-called "bring your own device" (BYOD) programs has raised new tensions between IT departments and workers over employer access to personally owned mobile devices. BYOD programs have opened the gates to a range of consumer devices in the workplace, raising concerns over d...

Read More

Operational Risk Management: A Guide to Harness Risk OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK

whitepaper

Every organizational unit has some level of risk it must address. Yet, most internal teams lack the ability to identify priorities and accountability to stay ahead of new threats to the business thus leaving the process of managing risk to be more reactive. While many risks exist within each functio...

Read More

Christopher Campbell- Practical information security and risk management for ePatients CHRISTOPHER CAMPBELL- PRACTICAL INFORMATION SECURITY AND RISK MANAGEMENT FOR EPATIENTS

video

Christopher Campbell gives a talk about how the role of ePatients has evolved to incorporate both data generation and ownership, functions that have historically only been held by healthcare organizations. How does the sheer volume of patient-generated data from consumer devices, wearables and mobil...

Read More

Threat Agent Library Helps Identify Information Security Risks THREAT AGENT LIBRARY HELPS IDENTIFY INFORMATION SECURITY RISKS

whitepaper

Our Intel IT Threat Assessment Group developed a unique, standardized threat agent library (TAL) that provides a consistent, up-to-date reference describing the human agents that pose threats to IT systems and other information assets. The TAL quickly helps risk management professionals (called risk...

Read More

Top Ten Trends for 2015 in Information Security Risk Management TOP TEN TRENDS FOR 2015 IN INFORMATION SECURITY RISK MANAGEMENT

video

ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery ti...

Read More

The Significance of Information Security and Privacy Controls on Law THE SIGNIFICANCE OF INFORMATION SECURITY AND PRIVACY CONTROLS ON LAW

whitepaper

As regulators increase pressure on financial institutions to ensure their third party risk management programs meet new regulations and guidelines, including those for cybersecurity, many banks are more closely scrutinizing third party provider handling of sensitive information to ensure objective a...

Read More

The NIST Cybersecurity Framework: What You Need to Know THE NIST CYBERSECURITY FRAMEWORK: WHAT YOU NEED TO KNOW

video

The NIST Cybersecurity Framework, released on February 12th, is the culmination of a year-long collaboration between owners and operators of critical infrastructure and the federal government to standardize cyber risk management

Read More

Cyber Threat Intelligence You Can Immediately Understand and Use CYBER THREAT INTELLIGENCE YOU CAN IMMEDIATELY UNDERSTAND AND USE

whitepaper

The common approach to threat intelligence is to turn on a fire hose of low-level machine-driven data, but this often creates more confusion and more data that is useless for your business. How can you better manage and leverage this cyber data so that you can better equip your business against cybe...

Read More

Data Risk Management: Rethinking Data Discovery and Classification DATA RISK MANAGEMENT: RETHINKING DATA DISCOVERY AND CLASSIFICATION

whitepaper

Defining data via data discovery and classification is an often overlooked, yet critical, component of data security and control. Security and risk (S&R) pros can't expect to adequately protect data if they don't have knowledge about what data exists, where it resides, its value to the o...

Read More

Information Security and Cyber Liability Risk Management INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT

whitepaper

As awareness grows due to media coverage of high profile data breaches, pending cyber legislation and continued advisories from cyber security professionals, information security and other cyber risks continue to represent at least a moderate threat to a majority of risk professionals. Board Members...

Read More

the most advanced cybersecurity THE MOST ADVANCED CYBERSECURITY

video

With the growth of targeted attacks, data exfiltration and threat management raise many concerns among security and data center professionals. Responsible for operations, risk management and compliance with an increased probability of a breach they need a partner as innovative as them. Bitdefender&r...

Read More

Positive steps on the road towards harmonization of global cybersecurity risk management frameworks POSITIVE STEPS ON THE ROAD TOWARDS HARMONIZATION OF GLOBAL CYBERSECURITY RISK MANAGEMENT FRAMEWORKS

article

Around the world, governments are pursuing initiatives to protect their cyberspace, developing national cybersecurity strategies, considering information sharing incentives, and assessing baseline security protections. Two important initiatives with the potential to be impactful far beyond national ...

Read More

Effective Operational Risk Management for Financial Institutions EFFECTIVE OPERATIONAL RISK MANAGEMENT FOR FINANCIAL INSTITUTIONS

whitepaper

The growing complexity of activities, a changing workforce, regulatory requirements, and dependencies on third parties has dramatically impacted the operational risk profile for many organizations. This white paper offers practical guidance to achieve an effective operational risk management strateg...

Read More

Securosis Threat Intelligence for Ecosystem Risk Management SECUROSIS THREAT INTELLIGENCE FOR ECOSYSTEM RISK MANAGEMENT

whitepaper

Very few businesses operate today without sharing sensitive data with business partners, suppliers, and service providers. This presents new challenges to vendor risk management teams as they face the issue of keeping this data secure as it enters the extended enterprise. Without visibility into and...

Read More

Aligning IT, Security and Risk Management Programs ALIGNING IT, SECURITY AND RISK MANAGEMENT PROGRAMS

video

Information Security Policies (ISO 27002:2013 Section 5) and Organization of Information Security (ISO 27002:2013 Section 6) are closely related, so we address both domains in this chapter. The Information Security Policies domain focuses on information security policy requirements and the need to a...

Read More

Total information risk management webinar TOTAL INFORMATION RISK MANAGEMENT WEBINAR

video

Data is key to the daily operations of all organisations and we are increasingly dependent on -- and trusting of -- that data. The information we get from databases and information feeds is used at all levels of business to make decisions. But what happens when we base those decisions on poor qualit...

Read More

Information Security - Assessing Strategy, Cost and Vulnerability INFORMATION SECURITY - ASSESSING STRATEGY, COST AND VULNERABILITY

video

ITSAF Breakout Session 14: Assessing Strategy, Cost and Vulnerability Speaker: Jaymes Davis, Entisys. How does virtualization impact security? See Details belowThe emergence of virtualization and the consumerization of IT as primary drivers of technology innovation and growth is a major industry shi...

Read More

Information Security Programs Refocused, Cybersecurity Assessment Tool, and Additional Resources INFORMATION SECURITY PROGRAMS REFOCUSED, CYBERSECURITY ASSESSMENT TOOL, AND ADDITIONAL RESOURCES

video

In this series reviews the components of traditional Information Security Programs (ISPs), and discusses how elements of the ISP should be refocused in the current cybersecurity threat environment. The video includes coverage of threat intelligence, third-party management, cyber resilience, and inci...

Read More

Information Security Risk Management INFORMATION SECURITY RISK MANAGEMENT

video

Risk Management and Risk Assessment are major components of Information Security Management (ISM). Although they are widely known, a wide range of definitions of Risk Management and Risk Assessment are found in the relevant literature [ISO13335-2], [NIST], [ENISA Regulation]. Here a consolidated vie...

Read More

Information Security Awareness Training Video: "Z-Bay" INFORMATION SECURITY AWARENESS TRAINING VIDEO: "Z-BAY"

video

They are essential to an effective and appropriate risk management program and provide the basis for your security, audit, vendor management, and identity theft red flag programs, as well as for your business continuity plan. Once thought to be an IT risk assessment only, the current risk assessment...

Read More

Enterprise-wide Information Security Risk Assessments 101Ent ENTERPRISE-WIDE INFORMATION SECURITY RISK ASSESSMENTS 101ENT

video

They are essential to an effective and appropriate risk management program and provide the basis for your security, audit, vendor management, and identity theft red flag programs, as well as for your business continuity plan. Once thought to be an IT risk assessment only, the current risk assessment...

Read More

Kaseya: Ensuring IT Security: Best practices for performing proactive security audits KASEYA: ENSURING IT SECURITY: BEST PRACTICES FOR PERFORMING PROACTIVE SECURITY AUDITS

video

The increased use of electronic medical records, mobile devices and cloud computing in the healthcare environment is also increasing the risk of data security breaches. CMS has put HIPAA compliance in its cross-hairs and is already conducting rigorous security compliance reviews to address the serio...

Read More

Information security audit High impact Strategies What You Need to Know Definitions Adoptions INFORMATION SECURITY AUDIT HIGH IMPACT STRATEGIES WHAT YOU NEED TO KNOW DEFINITIONS ADOPTIONS

video

In easy to read chapters, with extensive references and links to get you to know all there is to know about Information security audit right away, covering: se drag & drop to reorder wiki pages and chapters, Information security audit, ACL (software company), COBIT, Code audit, David Coderre, Co...

Read More

Information Security and Risk Management in Context with Dr. Barbara Endicott-Popovsky INFORMATION SECURITY AND RISK MANAGEMENT IN CONTEXT WITH DR. BARBARA ENDICOTT-POPOVSKY

video

For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correc...

Read More

November 2013 NY Info Security Meetup - NopSec NOVEMBER 2013 NY INFO SECURITY MEETUP - NOPSEC

video

NopSec was founded to pursue a vision: IT security and effective vulnerability risk management can be a business advantage. NopSec is a technology company focused on helping businesses to proactively manage security vulnerability risks and protect their IT environment from security breaches.Our flag...

Read More

Information Security Home System Security Risk Management INFORMATION SECURITY HOME SYSTEM SECURITY RISK MANAGEMENT

video

Risk Management and Risk Assessment are major components of Information Security Management (ISM). Although they are widely known, a wide range of definitions of Risk Management and Risk Assessment are found in the relevant literature [ISO13335-2], [NIST], [ENISA Regulation]. Here a consolidated vie...

Read More

Zen and the Art of Information Security ZEN AND THE ART OF INFORMATION SECURITY

video

People perceive information security to be a complicated and expensive process. Likewise, they believe that the evil doers are technological geniuses or trained intelligence operatives, who can get through even the most sophisticated security measures.The reality is that security is much easier to a...

Read More

Appropriate Software Security Control Types for Third Party Service and Product Providers APPROPRIATE SOFTWARE SECURITY CONTROL TYPES FOR THIRD PARTY SERVICE AND PRODUCT PROVIDERS

whitepaper

Third party software is the new perimeter for every financial institution.According to Gartner, “since enterprises are getting better at defending perimeters, attackers are targeting IT supply chains.”3 Further, recent breach reports such as Verizon’s Data Breach Investigations Rep...

Read More

Bloomberg – 5 information security trends that will dominate 2016 BLOOMBERG – 5 INFORMATION SECURITY TRENDS THAT WILL DOMINATE 2016

article

Every year, it seems, the threats posed by cybercriminals evolve into new and more dangerous forms while security organizations struggle to keep up.As 2015 draws to a close, we can expect the size, severity and complexity of cyber threats to continue increasing in 2016, says Steve Durbin, managing d...

Read More

How mature is your cyber-security risk management HOW MATURE IS YOUR CYBER-SECURITY RISK MANAGEMENT

whitepaper

The importance of implementing a security program based on a security framework. It presents five types of security frameworks, explains how periodic framework reviews can help strengthen security, and describes how IBM can help ensure that your framework-based risk-management strategy remains succe...

Read More

What is an ISMS Information Security Management System? WHAT IS AN ISMS INFORMATION SECURITY MANAGEMENT SYSTEM?

video

David Dwyer Cyber Compliance Adviser with CRI Cyber Risk International outlines what exactly an ISMS is. An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can he...

Read More

Banks to FFIEC: Cyber Tool is Flawed BANKS TO FFIEC: CYBER TOOL IS FLAWED

article

Banking institutions and associations that have demanded the Federal Financial Institutions Examination Council make significant changes to the Cybersecurity Assessment Tool are now anxiously waiting for the council to take action.Among the most pressing concerns expressed during the second comment ...

Read More

Information Security Risk Assessment INFORMATION SECURITY RISK ASSESSMENT

whitepaper

TraceSecurity advances the risk assessment process to its most comprehensive and effective form, with a methodology that exceeds best practices and regulatory standards for compliance. Leveraging the company’s cloud-based software, TraceCSO, information security experts closely scrutinize your...

Read More

Best Practices to Simplify Your Information Security and Compliance Program BEST PRACTICES TO SIMPLIFY YOUR INFORMATION SECURITY AND COMPLIANCE PROGRAM

whitepaper

-Regulations and customer expectations have increased the focus on compliance and risk management within organizations.-Companies are expected to commit to risk management solutions and to create an ethical culture of compliance and risk management.-What role a continuous internal risk management pr...

Read More

Securosis Report Threat Intelligence for Ecosystem Risk Management SECUROSIS REPORT THREAT INTELLIGENCE FOR ECOSYSTEM RISK MANAGEMENT

whitepaper

Very few businesses operate today without sharing sensitive data with business partners, suppliers, and service providers. This presents new challenges to security teams as they face the issue of keeping this data secure as it enters the extended enterprise. Without visibility into and control over ...

Read More

DDoS and Downtime: Considerations for Risk Management DDOS AND DOWNTIME: CONSIDERATIONS FOR RISK MANAGEMENT

whitepaper

Proactive DDoS threat mitigation may be one of the easiest and most cost-effective tactics for minimizing financial risk associated with IT-related downtime. This paper draws on Verisign's DDoS mitigation expertise to examine the threat of DDoS in the context of IT availability and enterprise ri...

Read More

Proactively manage the cyber security landscape PROACTIVELY MANAGE THE CYBER SECURITY LANDSCAPE

video

In today's technology-driven environment, your organisation faces complex challenges. Leadership needs a new perspective to help take control of cyber security, focusing on the areas that matter most. At KPMG, we believe in proactively incorporating cyber risk management into all activities. Cyb...

Read More

Security Management and Operations Report SECURITY MANAGEMENT AND OPERATIONS REPORT

whitepaper

"The prevalent approach to security management and operations is to implement on an ad hoc and technology-focused basis. This haphazard approach is no longer adequate.This report details:The current state of the market and what to expect moving forward;Research implications for technology vendo...

Read More

CEO of Becrypt to speak at cyber-security summit in NYC CEO OF BECRYPT TO SPEAK AT CYBER-SECURITY SUMMIT IN NYC

article

The CEO of Becrypt, Dr Bernard Parsons, has been invited to the New York City Cyber-Security Summit to speak on 18 September. The Summit is aimed at C-level executives who are accountable for protecting the critical infrastructures of their companies from cyber-attack.At the conference, Dr Parsons w...

Read More

2015 CISO Insights Study Managing Your Cybersecurity Investment 2015 CISO INSIGHTS STUDY MANAGING YOUR CYBERSECURITY INVESTMENT

whitepaper

A few years ago most firms would manage cybersecurity and make investment decisions based mainly on industry best practices, resulting in their adopting certain technologies, policies and practices, without a detailed understanding of their specific overall cyber risk situation. As a result, very fe...

Read More

Best Practice Security in a Cloud-Enabled World BEST PRACTICE SECURITY IN A CLOUD-ENABLED WORLD

whitepaper

The cloud will be a growing part of your IT environment. This is inevitable, particularly in consideration of economics of the cloud and the opportunities in the Internet of Things. While information technology does move rapidly and with a degree of unpredictability, a comprehensive risk management ...

Read More

Software Security Myth #7: Only High-Risk Applications Need To Be Secured SOFTWARE SECURITY MYTH #7: ONLY HIGH-RISK APPLICATIONS NEED TO BE SECURED

article

Our seventh and last myth of software security is about scale. Today’s application portfolios are often quite large—thousands of apps. Getting started back in the day meant identifying those apps that carried the most risk and focusing all of the attention on them. However, those days ar...

Read More

California, Virginia Take Steps to Bolster Cybersecurity Stance CALIFORNIA, VIRGINIA TAKE STEPS TO BOLSTER CYBERSECURITY STANCE

article

Governors announce new action to improve cybersecurity and risk management plans.Two governors, on opposite sides of the country, took executive action to beef up cybersecurity in their respective states on Monday, Aug. 31. California Gov. Jerry Brown and Virginia Gov. Terry McAuliffe both institute...

Read More

Women Could Be The Solution To Fighting Cybersecurity Threats WOMEN COULD BE THE SOLUTION TO FIGHTING CYBERSECURITY THREATS

article

Cybersecurity professionals are more in demand than ever before, but a new report finds the number of women in the field hasn’t grown.Women represent just 10 percent of the cybersecurity workforce, according to a report released today by (ISC)², a nonprofit specializing in information tec...

Read More

Improving Risk Management Strategies using Identity Attributes IMPROVING RISK MANAGEMENT STRATEGIES USING IDENTITY ATTRIBUTES

whitepaper

"Striking a balance between identity risk management and an excellent consumer experience is an ongoing challenge. Leading organizations are turning to sophisticated data resources to effectively combat fraud, assess compliance, and verify identities.This whitepaper is a practical guide to leve...

Read More

How to Develop an Adaptive Security Awareness Program HOW TO DEVELOP AN ADAPTIVE SECURITY AWARENESS PROGRAM

whitepaper

Most people working in or near cybersecurity have felt the influence of the NIST Cybersecurity Framework (CSF). The Framework provides organizations guidance for insuring they are protected from ongoing information security threats, and sets an "Adaptive" approach as the top tier of cybers...

Read More

5 information security trends that will dominate 2016 5 INFORMATION SECURITY TRENDS THAT WILL DOMINATE 2016

article

Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2016, information security professionals must understand these five trends.Every year, it seems, the threats posed by cybercriminals evolve into new and more dangerous forms while securit...

Read More

Cybersecurity Startup QuadMetrics Calculates Odds a Company Will be Breached CYBERSECURITY STARTUP QUADMETRICS CALCULATES ODDS A COMPANY WILL BE BREACHED

article

QuadMetrics Inc. says it can predict with greater than 90% accuracy the likelihood that a company will be breached within the next year.While one customer says the young company’s technology is still maturing, its prediction efforts represent an emerging capability in the fight against cybercr...

Read More

5 Ways Your Vendor Risk Management Leaves You In The Dark 5 WAYS YOUR VENDOR RISK MANAGEMENT LEAVES YOU IN THE DARK

whitepaper

Relationships with vendors are vital for many organizations, but the more data you share, the more risk you acquire. And mitigating this risk requires a degree of visibility into vendor systems that most organizations are hard-pressed to achieve.

Read More

The real and present threat of a cyber breach demands real-time risk management THE REAL AND PRESENT THREAT OF A CYBER BREACH DEMANDS REAL-TIME RISK MANAGEMENT

whitepaper

Recent cyber security breaches, such as those at Ashley Madison, the US Office of Personnel Management and JP Morgan Chase have demonstrated the real and present threat from cyber breaches. Director of the National Security Agency and head of the United States Cyber Command, Admiral Mike Rodgers has...

Read More

2015 CISO Insights Study: Managing Your Cybersecurity Investment 2015 CISO INSIGHTS STUDY: MANAGING YOUR CYBERSECURITY INVESTMENT

whitepaper

A few years ago most firms would manage cybersecurity and make investment decisions based mainly on industry best practices, resulting in their adopting certain technologies, policies and practices, without a detailed understanding of their specific overall cyber risk situation. As a result, very fe...

Read More

Cybersecurity and the C-Suite How Executives Can Understand Cyber Risks and Ensure Governance CYBERSECURITY AND THE C-SUITE HOW EXECUTIVES CAN UNDERSTAND CYBER RISKS AND ENSURE GOVERNANCE

whitepaper

As cybercrime events have increasingly impacted organizations, cybersecurity has transformed from just an IT problem into a strategic issue where the C-Suite must take ownership. However, many executives and board members lack key knowledge about the cyber risks their organizations face and how to i...

Read More

Integrating Risk Assessment into Lifecycle Management INTEGRATING RISK ASSESSMENT INTO LIFECYCLE MANAGEMENT

whitepaper

"The most successful enterprises integrate risk assessment, and more broadly, risk management, into their lifecycle processes.This white paper shares how to integrate risk assessment into each stage of lifecycle management, resolves common misconceptions about the role of a risk assessment, and...

Read More

FFIEC Guidance - Best Practices for Protecting Online Transactions FFIEC GUIDANCE - BEST PRACTICES FOR PROTECTING ONLINE TRANSACTIONS

whitepaper

The FFIEC's recent supplemental guidance establishes a new ""best practice"" standard for mitigating risks to online banking systems by calling for a much more comprehensive risk management approach than ever before. This paper breaks down the specifics of the 3 key component...

Read More

Aligning IT with Strategic Business Goals- A Proactive Approach to Managing IT Risk to Your Business ALIGNING IT WITH STRATEGIC BUSINESS GOALS- A PROACTIVE APPROACH TO MANAGING IT RISK TO YOUR BUSINESS

whitepaper

This white paper examines the business challenges and risks that IT dependence can present and why traditional approaches to IT risk management have become inadequate.

Read More

Risk Modeling & Attack Simulation for Proactive Cyber Security RISK MODELING & ATTACK SIMULATION FOR PROACTIVE CYBER SECURITY

whitepaper

"In this whitepaper, Skybox examines how IT organizations can benefit from the use of risk modeling and simulation technologies to gain a complete understanding of network security risks and solve network security problems.Risk modeling and simulation can be incorporated into day-to-day IT oper...

Read More

Fortifying for the Future Insights from the 2014 Chief Information Security Officer Assessment FORTIFYING FOR THE FUTURE INSIGHTS FROM THE 2014 CHIEF INFORMATION SECURITY OFFICER ASSESSMENT

whitepaper

The 2014 CISO Assessment evaluates the current state of security leadership and what leaders expect to face in the next three to five years. Security leaders are in the midst of an evolution. Driven by the specter of external attacks and the needs of their own organizations, they are continuing the ...

Read More

Security Agenda: Re-Assessing Risk - Evolving Threats Require a New Approach to Risk Management SECURITY AGENDA: RE-ASSESSING RISK - EVOLVING THREATS REQUIRE A NEW APPROACH TO RISK MANAGEMENT

whitepaper

"To mitigate the top threats for 2013, organizations need to understand the motivations of potential attackers so they can adequately defend their networks and systems.What are the top security threats, and how are organizations responding to them?""Reassessing Risk"" is the...

Read More

Risk Management: Cyber Insurance & Your Data Breach Response Plan RISK MANAGEMENT: CYBER INSURANCE & YOUR DATA BREACH RESPONSE PLAN

whitepaper

Almost daily, online accounts are hacked, external hard drives are stolen, thumb drivers are lost and backup tapes are trashed. In all these instances, personal information is at risk of being accessed and misused.

Read More

Payments Security: Assessing the Challenges PAYMENTS SECURITY: ASSESSING THE CHALLENGES

article

Over the past two years, the Indian financial sector has witnessed the dawn of a new age of payments, with many changes in the mobile realm. The industry and customers were accustomed to traditional forms of payment (credit and debit cards, checks and cash) with little to no changes for how transact...

Read More

Information Security and Cyber
Liability Risk Management INFORMATION SECURITY AND CYBERLIABILITY RISK MANAGEMENT

whitepaper

Advisen Ltd and Zurich have partnered for a fourth consecutive year on a survey designed to gain insight intothe current state and ongoing trends in information security and cyber liability risk management. Conducted fortwo weeks, the survey began on August 5, 2014 and concluded on August 19, 2014.

Read More

Streamline Risk Management SANS Whitepaper STREAMLINE RISK MANAGEMENT SANS WHITEPAPER

whitepaper

"The 20 Critical Security Controls, a consensus project involving numerous U.S. government, private-sector and international groups, has received a great deal of attention recently as a framework of controls for defending organizations against cyber attacks.Today's cyber attacks are increas...

Read More

Information Security & Risk Management INFORMATION SECURITY & RISK MANAGEMENT

video

The Principal Information Technology Policy sets out Leeds Beckett University’s definition of, commitment to, and requirements for Information Technology and Security. It specifies regulations to be implemented to secure information and technology that the University manages and to protect aga...

Read More

Security Agenda Re-Assessing Risk - Evolving Threats Require a New Approach to Risk Management SECURITY AGENDA RE-ASSESSING RISK - EVOLVING THREATS REQUIRE A NEW APPROACH TO RISK MANAGEMENT

whitepaper

To mitigate the top threats for 2013, organizations need to understand the motivations of potential attackers so they can adequately defend their networks and systems.

Read More

Embracing BYOD Without Compromising Security or Compliance EMBRACING BYOD WITHOUT COMPROMISING SECURITY OR COMPLIANCE

whitepaper

Trying to embrace BYOD while ensuring your employees can access all of the business apps and content they NEED on the mobile devices they WANT - without compromising security, integrity or compliance? This whitepaper explores the impact of consumerization and BYOD on modern IT departments, and the e...

Read More

A Few Cybersecurity Predictions for 2016 A FEW CYBERSECURITY PREDICTIONS FOR 2016

article

I’m a bit reluctant to blog about 2016 cybersecurity predictions, as it seems like everyone is getting into this act. Alas, this end-of-year tradition used to be the exclusive domain of the analyst community and a few industry beacons, but now it seems like every security tools vendor in the w...

Read More

Survey: 65% of Businesses Expect to Suffer an Information Security Breach SURVEY: 65% OF BUSINESSES EXPECT TO SUFFER AN INFORMATION SECURITY BREACH

article

NTT Com Security, a global information security and risk management organization, has issued a new value-at-risk research report highlighting the critical need for organizations to protect their data.The report shows that 65% of business decision makers surveyed expect to suffer an information secur...

Read More

The Cyberresilient Enterprise: What the Board of Directors Needs to Ask THE CYBERRESILIENT ENTERPRISE: WHAT THE BOARD OF DIRECTORS NEEDS TO ASK

whitepaper

"Advances in the digital marketplace are creating more opportunities for value—and risk. As organizations leverage cloud computing, the Internet of Things, mobile computing and social media, digital risk management takes on greater importance. Theft of personal information and private bus...

Read More

The Evolution of Vendor Risk Management in Financial Institutions THE EVOLUTION OF VENDOR RISK MANAGEMENT IN FINANCIAL INSTITUTIONS

whitepaper

The Financial Services industry has long been a pioneer in developing risk management practices. As third party data breaches have increased in recent years, regulators and organizations have moved from relying solely on static questionnaires and assessments, to continuously monitoring the security ...

Read More

National cyber security awareness month: An overview of Cyber Security with Kroll NATIONAL CYBER SECURITY AWARENESS MONTH: AN OVERVIEW OF CYBER SECURITY WITH KROLL

article

Kroll’s deep investigative experience, grounded in complex risk management challenges, has been an advantage to Kroll clients since 1972. You can rely on us to bring the same tenacity, foremost specialists, uncommon resources and multidisciplinary team approach to complex cyber problems.Our ho...

Read More

In 2015, we will be talking about cyber security a lot more IN 2015, WE WILL BE TALKING ABOUT CYBER SECURITY A LOT MORE': CYBER RISK MOVING UP THE IN-HOUSE AGENDA

article

General counsel (GC) are increasingly involved in handling cyber security issues at board level, reflecting a more comprehensive shift towards effective risk management, research from Legal Business and PwC has revealed.In a survey of corporate attitudes to cyber security risk this autumn, which gar...

Read More

Hedge Fund Standards Board Publishes Findings From First Cyber-Attack Simulation HEDGE FUND STANDARDS BOARD PUBLISHES FINDINGS FROM FIRST CYBER-ATTACK SIMULATION

article

The HFSB is responsible for the Hedge Fund Standards, which set out standards of transparency, integrity and good governance for the hedge fund industry. The HFSB engages with EU and UK regulators on a number of areas, including the EU Alternative Investment Fund Managers Directive, financial stabil...

Read More

RWE Supply & Trading Secures Against User and Asset-Based Risks RWE SUPPLY & TRADING SECURES AGAINST USER AND ASSET-BASED RISKS

whitepaper

RWE Supply & Trading is a leading energy trading house and a key player in the European energy sector. The European energy sector is undergoing fundamental changes, with subsidized expansion of renewables causing margins and utilization of conventional power stations to decline, thereby requirin...

Read More

Find the True Risks - Building An Advanced Security Risk Management Program FIND THE TRUE RISKS - BUILDING AN ADVANCED SECURITY RISK MANAGEMENT PROGRAM

whitepaper

Building a better risk management program takes less time than you might think. All you need to do is establish an effective process for identifying, remediating, and tracking risks to assets. With those basic elements place, you can adopt increasingly advanced techniques at a pace that makes sense ...

Read More

Leveraging Security Risk Intelligence - The strategic value of measuring Real Risk LEVERAGING SECURITY RISK INTELLIGENCE - THE STRATEGIC VALUE OF MEASURING REAL RISK

whitepaper

The ongoing struggle to prevent hackers from breaching assets and malware from gaining a foothold requires a vulnerability management strategy that begins with a comprehensive measurement of security risk. Starting with an understanding of the need for effective risk management followed by a definit...

Read More

Vendor Risk and Business Impact Infographic VENDOR RISK AND BUSINESS IMPACT INFOGRAPHIC

whitepaper

The vendor community is critical to business operations and success. Organizations issue vendors with legitimate user accounts and access to key resources. Cybercriminals have started leveraging the trusted vendor network and access these vendors have into organizations, as a threat vector to carry ...

Read More

Predictive Threat and Risk Management: Meeting the Challenges of a Smarter Planet PREDICTIVE THREAT AND RISK MANAGEMENT: MEETING THE CHALLENGES OF A SMARTER PLANET

whitepaper

With organizations facing a multitude of threats - from the economy and financial risk to data security and insider fraud - it's no surprise threat and fraud mitigation is a top priority for business. This paper describes how predictive analytics can play a critical role in your threat and risk ...

Read More

Avoiding BYO Policy and Security Pitfalls AVOIDING BYO POLICY AND SECURITY PITFALLS

whitepaper

BYOD and mobile security are undoubtedly top of mind for many IT professionals today. This whitepaper, written in collaboration with TAL Global (a leading security consulting and risk management firm), highlights five case studies to illustrate common legal and security issues associated with BYO. I...

Read More

Vendor Risk Assurance Brief VENDOR RISK ASSURANCE BRIEF

whitepaper

Bay Dynamics' Vendor Risk Assurance provides organizations with a holistic defense against targeted attacks that involve third-party vendors as a threat vector. This innovative, robust and scalable solution provides a single-pane-of-glass for vendor risk management. Vendor Risk Assurance enhance...

Read More

Converge or Collide? Time for Legal and Compliance Staff to Tune into Cyber Risk Management CONVERGE OR COLLIDE? TIME FOR LEGAL AND COMPLIANCE STAFF TO TUNE INTO CYBER RISK MANAGEMENT

whitepaper

As data breaches dominate newsrooms and board rooms pressure on attorneys and compliance staff to develop information security management programs has reached unprecedented levels. Yet, traditional siloed infrastructures can inhibit collaboration between information security and legal, which is crit...

Read More

Real Time Risk Management REAL TIME RISK MANAGEMENT

whitepaper

Operational security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the o...

Read More

Present These 10 Key Application Security Risk Management Findings to Your Executive Team PRESENT THESE 10 KEY APPLICATION SECURITY RISK MANAGEMENT FINDINGS TO YOUR EXECUTIVE TEAM

article

By all accounts, it appears to be a typical Friday afternoon for the application security team. Your plans include clearing out pressing projects to end the week, returning critical emails and calls and leaving the office at a reasonable hour for the first time in forever.Then you’re greeted b...

Read More

The Evolution Of Cyber Risk THE EVOLUTION OF CYBER RISK

infographic

Cyber attacks or data breach incidents seem to make headlines daily. Although these events may feel commonplace, their triggers are changing, as are the risk management strategies to address them. ACE has handled data breach incidents and underwritten exposures for policyholders for more than 15 yea...

Read More



SPOTLIGHT

Rear Adm. Danelle Barrett, USN, the US Navy’s director of cyber security, discusses improving cyber security, changing culture, training better cyber leaders, information warfare and more with Defense & Aerospace Report Editor Vago Muradian. The interview was conducted at the Navy League&r

RESOURCES