|
ZERO TRUST – DEMYSTIFIED article Jul 29, 2020 1. Zero Trust – DemystifiedEveryone seems to be talking about Zero Trust in the security world at the moment. Unfortunately there seems to be multiple definitions of this depending on which vendor you ask. To help others understand what Zero Trust is, this white paper covers the key aspects of... Read More |
HOW ORGANIZATIONS CAN PREPARE FOR CYBERSECURITY article Apr 22, 2020 According to a Gartner study in 2018, the global Cybersecurity market is estimated to be as big as US$170.4 billion by 2022. The rapid growth in cybersecurity market is boosted by new technological initiatives like cloud-based applications and workloads that require security beyond the traditional d... Read More |
A 4 STEP GUIDE TO STRONGER OT CYBERSECURITY article Apr 14, 2020 Security and risk management leaders at organizations around the world are increasingly concerned about cybersecurity threats to their operational technology (OT) networks. A key driver behind this is that cyberthreats, like disruptionware, are increasing in quantity and sophistication all the time.... Read More |
COLLABORATION: THE MISSING PIECE IN ENTERPRISE RISK MANAGEMENT whitepaper Feb 02, 2020 Enterprise risk management programs are maturing, and the role of the chief risk officer is becoming more popular. However, risk management professionals rarely have a direct role in business decision making. In fact, only 29% of Board members substantively discuss top risk exposures in a formal man... Read More |
A FRAMEWORK FOR MEASURING INFOSEC AS A BUSINESS FUNCTION article Feb 02, 2020 In my December column, I ended with the observation that many CISOs struggle when it comes to first determining and then actually communicating the business value of the security options out there. Often, that failure stems from CISOs who lack a background in finance and economics, and their inabili... Read More |
GOING VIRAL: THE CHALLENGES & URGENCY OF MANAGING TPRM whitepaper Jan 24, 2020 Managing cyber risks has become more challenging and urgent as businesses expand their vendor ecosystems.It is difficult enough for organizations to manage their own internal vulnerabilities, but even more challenging to ensure that every vendor across their supply chain has strong security practice... Read More |
TOP CYBERSECURITY THREATS IN 2020 article Jan 08, 2020 A host of new and evolving cybersecurity threats has the information security industry on high alert. Ever-more sophisticated cyberattacks involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more have placed the data and assets of corporations, governments a... Read More |
AN EXPANDING ATTACK SURFACE: 5 TIPS TO MANAGE THIRD-PARTY RISK whitepaper Jan 02, 2020 As organizations become increasingly reliant on third-parties, they expand their attack surface & put themselves at risk.Today's digital environment offers unprecedented opportunities for organizations to improve the customer experience and efficiency of their operations. At the same time, e... Read More |
COLLABORATION: THE MISSING PIECE IN ENTERPRISE RISK MANAGEMENT whitepaper Dec 27, 2019 Enterprise risk management programs are maturing, and the role of the chief risk officer is becoming more popular. However, risk management professionals rarely have a direct role in business decision making. In fact, only 29% of Board members substantively discuss top risk exposures in a formal man... Read More |
RANSOMWARE RISK MANAGEMENT: 11 ESSENTIAL STEPS article Dec 18, 2019 There's been a lot of discussion within the InfoSec community about ransomware - why it has been increasing, whether ransoms should be paid and how to mitigate this rapidly growing threat. The culprit that opens the door to these attacks, apparently including last week's city of New Orleans ... Read More |
COLLABORATION: THE MISSING PIECE IN ENTERPRISE RISK MANAGEMENT whitepaper Dec 12, 2019 Enterprise risk management programs are maturing, and the role of the chief risk officer is becoming more popular. However, risk management professionals rarely have a direct role in business decision making. In fact, only 29% of Board members substantively discuss top risk exposures in a formal man... Read More |
|
HOW TO GET SPECIFIC SECURITY INFORMATION ABOUT AWS SERVICES article Jul 15, 2019 We are excited to announce the launch of dedicated security chapters in the AWS documentation for over 40 services. Security is a key component of your decision to use the cloud. These chapters can help your organization get in depth information about both the built in and the configurable security ... Read More |
SECURITY AND RISK MANAGEMENT COLLABORATION whitepaper Jul 14, 2019 CYBER ATTACK RISK IS BUSINESS RISK There’s more to responding than just stopping the attack. In this e-book, we’ll explore areas where security and risk management leaders can collaborate to mitigate cyber attack risk. Read More |
SECURITY THROUGH INNOVATION whitepaper Jul 07, 2019 Our Cyber Security Consultancy team has international experience at the world’s top consulting firms. Building on these foundations, they joined Secgate to design and deliver solutions that are proactive rather than reactive, flexible enough to be tailored to a client’s individual proble... Read More |
QATAR ISSUES AVIATION CYBERSECURITY GUIDELINES article Jul 01, 2019 To help avoid disruption of civil aviation operations, the Civil Aviation Authority of Qatar and the Ministry of Communications and Transport have issued cybersecurity guidelines. CAA's new guidelines suggest organizations develop effective risk management, build a structure to respond to breach... Read More |
HOW TO SURVIVE A CYBER INCIDENT | TIMOTHY WOOD | KPMG video Jun 23, 2019 In today’s digital world, decision-makers can’t afford to be held back by cyber risks. They need to make bold decisions and feel confident that their cyber strategy, defenses and recovery capabilities will protect their business and support their growth strategies. Timothy Wood, Associat... Read More |
|
SANS 2019 STATE OF OT/ICS CYBERSECURITY SURVEY whitepaper Jun 19, 2019 The 2019 SANS OT/ICS Cybersecurity Survey explores the challenges involved with design, operation and risk management of an industrial control system (ICS), its cyber assets and communication protocols, and supporting operations. This year, SANS focused more broadly on the operational technology (OT... Read More |
DATA SECURITY POLICY infographic May 17, 2019 DATA SECURITY POLICY. Risk Management Practice Guide of Lawyers Mutual. LAWYERS I LIABILITY INSURANCE COMPANY OF MUTUAL NORTH CAROLINA. INTERNAL THREAT 1. accidental deletion or dissemination of client's files 2. downloading malware or virus 3. exposing server and client files SECURITY AUDIT. In... Read More |
CYBER RISK CONSIDERATIONS DURING THE M&A PROCESS article Mar 05, 2019 Data breaches are a constant in today’s headlines, but in recent years the risk has been front and center of some of the most significant M&A deals. In 2017, Verizon discounted its acquisition price by $350 million when Yahoo belatedly disclosed that it experienced several massive breaches... Read More |
MITIGATE CYBER RISK BEFORE, DURING, AND AFTER INCIDENTS whitepaper Feb 02, 2019 TRANSFORM YOUR DISASTER RECOVERY SITE INTO A VIRTUAL CYBER RANGE. VM2020 brings cutting-edge technology and cyber resilience content to enterprise risk management to let you realistically simulate the impact, remediation, and recovery from cyber threats – all using existing business continuity... Read More |
6 KEY RISK MANAGEMENT METRICS FOR CONTROLLING CYBER SECURITY whitepaper Jan 24, 2019 The risk of high impact cyber-related breaches continues to be high on the agenda of organisations working across the financial services sector. The FCA’s recent publication of findings from a report on Cyber and Technology Resilience, has communicated a warning that there is “no immedia... Read More |
MAINTAINING REGULATORY COMPLIANCE AND CYBER SECURITY infographic Jan 23, 2019 As data is becoming the new health care currency, protecting it will be key. Clinical innovations, digital interconnectivity, and market complexity is heightening the need for new government policies, regulatory oversight, and risk management in health care Cybersecurity currently heads the list of ... Read More |
|
|
|
MANAGING CYBERSECURITY RISK AND A FRAMEWORK FOR MAKING INVESTMENTS article Jan 04, 2019 Everyone agrees that core protection tools are necessary from a risk management and compliance standpoint, but what about adding new programs to reduce your cyber risk? Quantifying your cyber risk is difficult but necessary to establish a prudent financial evaluation and planning process that provid... Read More |
WHITE HOUSE CYBERSECURITY STRATEGY: THE ESSENCE article Dec 28, 2018 The “National Cyber Strategy”, released recently by the White House, offers a broad blueprint for America’s approach to cybersecurity. Let’s look its four “pillars”, and their key elements. 1. Protecting the American People, Homeland, and the American Way of Life.... Read More |
INNOVATION KEY TO CYBERSECURITY video Nov 05, 2018 Pascal Dello Torre, Global head of technology – Veolia Group, talks on the sidelines of Gartner Security and Risk Management Summit 2018, about why it is important to discuss innovation when you are talking about cybersecurity. Read More |
DIGITAL TRUST IN NEW ZEALAND infographic Oct 31, 2018 Embrace cyber security from the start Many companies are pursuing digital transformation projects and growing connectivity is increasing the potential for cyber-attacks. Only 25% of NZ businesses are including proactive risk management 'fully from the start' of a digital transformation proje... Read More |
RSA QUARTERLY FRAUD REPORT whitepaper Sep 01, 2018 The RSA® Quarterly Fraud Report contains fraud attack and consumer fraud data and analysis from the RSA Fraud & Risk Intelligence team. It represents a snapshot of the cyber-fraud environment, providing actionable intelligence to consumerfacing organizations of all sizes and types to enable ... Read More |
HOW ARE THE C-SUITE FAILING CYBER SECURITY? infographic Jul 09, 2018 Organisations need to protect themselves from cyber-related failures and errors, and malicious cyber-attacks. Too often, cyber risk is being managed solely by IT. However, the risks need to be recognised and addressed by the wider governance and risk management processes that involve other managemen... Read More |
THE CONNECTION BETWEEN INSIDER THREATS AND DATA LOSS PREVENTION article Jun 26, 2018 Historically, when a cybersecurity team looks to decrease the risk of data loss at their organization, they look towards Data Loss Prevention (DLP) technology. These tools are often hyped for their ability to tag, categorize, and control data movement, but in many cases where an organization has a D... Read More |
|
NIST SEEKS FEEDBACK ON ITS UPDATED RISK MANAGEMENT FRAMEWORK article May 16, 2018 The National Institute of Standards and Technology (NIST) has released a draft of its update to the Risk Management Framework (RMF), designed to help federal agencies and companies safeguard their information systems from cyber threats. The update will help organizations respond appropriately to pri... Read More |
KICK-START YOUR CAREER IN INFORMATION SECURITY MANAGEMENT article Apr 12, 2018 Attendees will gain a solid understanding of risk management, technical controls, legal frameworks, physical security, international standards and business continuity, including. The concepts relating to information security management, including confidentiality, integrity and availability (CIA). vu... Read More |
SECURE COMMUNICATIONS whitepaper Apr 01, 2018 CallTrackingMetrics’ (CTM’s) Security and Privacy Program follows a streamlined framework based on NIST 800-30 Rev. 1 guidance. The program was initially developed to adhere to the the Meaningful Use criteria and the HIPAA HITECH Express regulations. In early 2018, in addition to our HIP... Read More |
A PREVIEW OF THE NEW NIST CYBERSECURITY FRAMEWORK article Mar 23, 2018 The NIST Cybersecurity Framework has become the de facto set of guidelines for critical infrastructure organizations to assess information security risk and implement adequate cybersecurity measures to manage risk, while protecting consumer privacy. Since being published in February 2014, the framew... Read More |
AN INTRODUCTION TO THE NIST RISK MANAGEMENT FRAMEWORK article Mar 16, 2018 The Risk Management Framework (RMF) is a set of information security policies and standards for federal government developed by The National Institute of Standards and Technology (NIST). The RMF is covered specifically in the following NIST publications: The Risk Management Framework (RMF) is a set ... Read More |
THE EVOLUTION OF CYBER THREATS whitepaper Mar 04, 2018 Embracing Cyber Risk Management. Across the globe, businesses have become more reliant than ever on technology. Yet with a growing digital footprint, the risk of a business incurring a cyber incident is no longer a question of if, but when. As the digital world evolves, New Zealand businesses must c... Read More |
FOCUS ON FUNDS: FUND CYBERSECURITY STRATEGIES ARE CHANGING video Jan 12, 2018 New technology is changing how funds approach cybersecurity—and overall risk management. In the January 15, 2018, edition of Focus on Funds, IBM cybersecurity expert Bob Kalka discusses what’s changing and how it’s strengthening fund defenses. What cybersecurity megatrend should ev... Read More |
AS RISK MANAGEMENT MATURES, CYBERSECURITY GAPS STILL LOOM infographic Dec 20, 2017 Healthcare’s approach to cybersecurity is maturing, but not quickly enough. The third annual HIMSS Analytics IT Security and Risk Management Study1 showed improvements in risk management. However, there are still gaps with addressing increasing security threats and evolving concerns around the... Read More |
|
NIST CYBERSECURITY FRAMEWORK (CSF) whitepaper May 17, 2017 The NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework, or CSF) was originally published in February 2014 in response to Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for the development o... Read More |
|
5 REASONS WHY TO JOIN CYBERSECURITY CONFERENCE QUBIT 2017 IN PRAGUE article Jan 27, 2017 Attending a conference is an effective way how to educate yourself, promote your company and meet new partners and fellows. The cybersecurity market offers plenty of opportunities to join various events, workshops, conferences and trade shows. Mark QuBit 2017 in your calendar! The 4th annual cyberse... Read More |
THE INTELLIGENT CHOICE FOR CYBERSECURITY article Jan 17, 2017 The cybersecurity market continues to experience explosive growth as companies seek better solutions to protect critical systems and data, struggle to fill nearly a million open job positions worldwide, and enhance their overall risk management posture. The continued growth stems from the reality th... Read More |
|
A HEALTHCARE PROVIDER’S CYBER ATTACK SURVIVAL PLAN article Jan 12, 2017 Healthcare providers average a paltry 6% of their information technology budget expenditures on security, according to “ 2016 HIMSS Analytics Healthcare IT Security and Risk Management Study,” from security firm Symantec and HIMSS Analytics, the research arm of the Healthcare Information... Read More |
FIVE CYBERSECURITY RESOLUTIONS EVERY CISO SHOULD HAVE ON THEIR LIST article Dec 28, 2016 As we bid farewell to the final days of 2016, it’s time to start looking ahead to the New Year and what we hope to accomplish within the next 365 days. Year after year, some Chief Information Security Officers (CISOs) set lofty goals of securing all data to fullest extent wherever it resides i... Read More |
CYBER-SECURITY IS MORE THAN JUST AN IT ISSUE article Dec 12, 2016 2016 has been a year defined by cyber-security. However, despite the manifold large scale cyber-attacks and the multibillion-pound strategy launched by the UK government, businesses are still failing to fully understand the risks that come with poor cyber security. As part of the UK government's... Read More |
4 STEPS FOR BUSINESSES TO ENHANCE CYBERSECURITY article Nov 29, 2016 Protecting Security and Privacy in an Interconnected World”, a new report from Arthur J. Gallagher & Co. (an international insurance brokerage and risk management services firm), examines common and emerging technological vulnerabilities and the steps that organizations can take to prepare... Read More |
CAQ: AUDIT’S ROLE IN CYBER-SECURITY EXAMS article Sep 15, 2016 Public company auditors are starting to suggest companies voluntarily submit to an independent cyber-security examination separate from the existing financial statement audit. In a chapter of a 236-page paper by the Internet Security Alliance prepared for its recent conference, the Center for Audit ... Read More |
CYBER SECURITY AND RISK STRATEGY FROM THE INSIDE-OUT video Sep 12, 2016 Bay Dynamics’ CMO, Gautam Aggarwal, sat down with ISMG to discuss effective cyber risk management and how it’s essential for CISOs to have the right visibility in order to understand what employees, strategic business partners, and third-party vendors are doing on the inside and how they... Read More |
THE DIFFERENCE BETWEEN IT CYBERSECURITY AND PRODUCT CYBERSECURITY article Aug 18, 2016 Manufacturers are at various levels of preparedness when it comes to cybersecurity for medical devices, but are sincerely trying to get up to speed. The latest thinking in this space—by regulators, manufacturers, and solution providers—revolves around the difference between IT cybersecur... Read More |
IBM QRADAR SECURITY INTELLIGENCE SOLUTIONS GROW AS YOUR NEEDS GROW video Jan 07, 2016 Organizations today need integrated security intelligence solutions that can grow as their business grows, both in terms of size and capabilities. The IBM QRadar Security Intelligence Platform meets these requirements by providing an integrated security solution that is highly scalable, and can expa... Read More |
HOW TO BE PREPARED FOR CYBER ATTACKS whitepaper Everyone who has been following the news knows how organizations are struggling with their cyber security. Files in organizations and institutions all around the world have been encrypted until ransomware demands are paid. If you are an IT Security Manager, HSSE Manager, or play any role in security... Read More |
|
|
THE INFORMATION SECURITY PRACTICE PRINCIPLES whitepaper We believe high-level principles underlie a great deal of existing information security 1 thinking and practice, but that they have remained generally under-researched and unarticulated in favor of technical documents that are highly detailed and highly prescriptive, such as the NIST Risk Management... Read More |
40 QUESTIONS YOU SHOULD HAVE IN YOUR VENDOR SECURITY ASSESSMENT whitepaper Understanding the cybersecurity disposition of your vendors is vital in your relationship with third-party businesses. It's important to include a security assessment with high-level security questions in your vendor risk management (VRM) program. In this white paper, you will learn how to get s... Read More |
MAKING RISK MANAGEMENT MORE EFFECTIVE WITH SECURITY RATINGS whitepaper With the growth of cyber threats and the daily reports of security breaches, cyber risk has to be high on your list of priorities for your enterprise. According to Lloyds Risk Index 20131 cyber risk is now the third biggest concern of CEOs and their senior executives, following high taxation and los... Read More |
0 QUESTIONS YOU SHOULD HAVE IN YOUR VENDOR SECURITY ASSESSMENT whitepaper Understanding the cybersecurity disposition of your vendors is vital in your relationship with third-party businesses. It's important to include a security assessment with high-level security questions in your vendor risk management (VRM) program. In this white paper, you will learn how to get s... Read More |
MICROSTRATEGY USHER: A MATURITY MODEL FOR ENTERPRISE SECURITY. whitepaper Today, organizations are facing a challenging and constantly evolving landscape of security threats. Supercharged connectivity, unending streams of information and instantaneous transactions have created unprecedented opportunities for business—but they also create vulnerabilities. Cyber threa... Read More |
DEMYSTIFYING CYBERSECURITY: GOING BACK TO BASICS whitepaper Executives, board members and security professionals who are tasked with enterprise risk management are constantly bombarded nowadays with cybersecurity news concerning new forms of attack perpetrated by both novice and sophisticated assailants, from state sponsored cyber criminals to malcontent emp... Read More |
CYBER ATTACKS IN 2015: A RISING THREAT [INFOGRAPHIC] infographic Later this week, CEO Arnette Heintze will begin posting a short 6-part series of blogs on what the Hillard Heintze team views as the Top Trends in 2015 in three areas: security risk management, investigations and law enforcement program improvement. Our comparable series in early January last year g... Read More |
ENTERPRISE SOCIAL CYBER ATTACK infographic By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks,... Read More |
DO YOUR EMPLOYEES HAVE AN APPETITE FOR CYBERSECURITY? article It’s never been more important for organisations to adopt a culture of cybersecurity. People across the entire business are now targets for cyber criminals, indicating that everyone from the top down should have an appetite for information security and risk management. Read More |
DANIEL REARDON ON CYBERSECURITY AND HEALTH CARE INDUSTRY article Prior to joining Delta Risk(https://delta-risk.net/), Dan worked at Protiviti, where he performed a wide variety of security and privacy assessments, architecture, transformation and management services to help organizations identify and address security and privacy exposures before they become prob... Read More |
IS YOUR WEB APPLICATION SECURE infographic Want to keep your Web application from getting hacked? Then it’s time to get serious about building secure Web applications. But web application security is a path, not a destination. It’s about risk management and implementing effective countermeasures. Read More |
IDC & BLUE COAT SECURITY INFOGRAPHIC | VOYAGER NETWORKS infographic An IDC Infographic, sponsored by Blue Coat Identity and access management; Advanced authentication; Web single sign-on; Enterprise single sign-on; Legacy authorization; User provisioning; Personal portable security devices; Software licensing authentication token; Unified threat management; Intrusio... Read More |
GOVERNANCE OF CYBERSECURITY REPORT infographic Palo Alto Networks joined Georgia Tech, the Financial Services Roundtable and Forbes, to produce the 2015 Governance of Cybersecurity Report in order to increase the awareness among senior leaders on the importance of cybersecurity risk management and proper investments in the right people, process ... Read More |
FUJITSU GROUP INFORMATION SECURITY REPORT 2012 whitepaper Fujitsu Group Information Security under the corporate governce system, the Fujitsu Group promotes appropriate information management and information usage while observing internal company rules regarding information security for complete system of risk management. Read More |
2015 HEALTHCARE INFORMATION SECURITY TODAY SURVEY whitepaper The ever-changing threat landscape requires more robust security risk management programs that can defend against the unknown. This survey assesses how healthcare entities are doing with regulatory compliance. But beyond that, it assesses progress toward taking other steps to strengthen overall secu... Read More |
THE EVOLVING ERA OF BIG DATA whitepaper This e-Book is produced by Compliance Week in cooperation with ACL and HPE Security - Data Security. Download this e-Book to learn: CCOs Play a Stronger Role in Data Privacy Facebook's Big Data Fail Calls for More Ethics From ACL: The Big Data Opportunity for Audit, Risk Management. Read More |
|
2015 NETWORK SECURITY & CYBER RISK MANAGEMENT whitepaper If risk managers, senior executives and board members of European organisations had any doubt as to the existence of a data security epidemic, the past year likely changed that. With massive data breaches affecting some of the world’s biggest companies, nation-states using the cyber realm as a... Read More |
|
"REAL-TIME CYBER SECURITY RISK MANAGEMENT" whitepaper Recent cyber security breaches, such as those at Ashley Madison, the US Office of Personnel Management and JP Morgan Chase have demonstrated the real and present threat from cyber breaches. Director of the National Security Agency and head of the United States Cyber Command, Admiral Mike Rodgers has... Read More |
TOOLS TO QUICKLY REMEDIATE AND VERIFY VENDOR RISKS whitepaper One of the first steps to creating a vendor risk management program includes identifying what kind of access your vendors have to your network and where your greatest risks lie. Unfortunately some organizations dwell on identifying those risks rather than remedying them. Read More |
AVOIDING BLIND SPOTS IN VENDOR SELF-REPORTS ASSESSMENTS whitepaper The whole idea behind vendor risk management is that you want to be able to verify the effectiveness of your vendors' security practices. But with current solutions that rely on self-reporting questionnaires, how do you actually go about doing that? Read More |
|
NEW FORRESTER REPORT ON VULNERABILITY RISK MANAGEMENT whitepaper Exploiting vulnerabilities in applications, browsers, and operating systems is often the first step in compromising a target. But despite increased investment, security and risk professionals continue to struggle with remediation. A new analyst report takes a look at the current state of vulnerabili... Read More |
2015 STATE OF VULNERABILITY RISK MANAGEMENT whitepaper Security vulnerabilities that go unaddressed remain one of the most common root causes of data breaches. Despite the best detection technology and improved intelligence sharing among industries, hackers continue to take advantage of weaknesses across the IT environment. Read More |
|
3 STRATEGIES FOR CONTINUOUS RISK MANAGEMENT whitepaper "With the growth in the number and sophistication of cyber threats and daily reports of security breaches, cyber risk is high on the list of the most significant risks that organizations face. Many businesses spend millions of dollars annually on people, processes, and technologies to protect themse... Read More |
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT whitepaper The vast majority of risk professionals, senior executives and board members in the Asia-Pacific region acknowledge that network and information security risks are a threat to their organisations. Most consider the exposures as serious enough to be made the focus of specific risk management activiti... Read More |
|
SECUROSIS REPORT: THREAT INTELLIGENCE FOR ECOSYSTEM RISK MANAGEMENT whitepaper Very few businesses operate today without sharing sensitive data with business partners, suppliers, and service providers. This presents new challenges to security teams as they face the issue of keeping this data secure as it enters the extended enterprise. Without visibility into and control over ... Read More |
INFORMATION SECURITY POLICY whitepaper "Information security and management is an integral part of IT governance, which in turn is a keystone of corporate governance. Information is an asset, and like other important business assets, it has a value and consequently needs to be suitably protected. A comprehensive information security... Read More |
RAISING THE BAR FOR CYBERSECURITY whitepaper Extracting value from the computers or networks of unsuspecting companies and government agencies has become a big business. No company or agency can ignore network security; it is the source of systemic risk that threatens long-term health and profitability. Companies must secure their networks if ... Read More |
|
CONTINUOUS MONITORING OF INFORMATION SECURITY whitepaper Information security centers around risk management — estimating and measuring risks, defining risk avoidance strategies, controlling and mitigating risks, and reporting on risks. At the end of the risk management cycle is one critical step: monitoring security (hence, monitoring risk). Securi... Read More |
INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT whitepaper Historians may look at the year 2013 as a sort of cyber tipping-point – the point at which businesses and governments finally realized the severity of the threats they were facing. Revelations about the NSA’s cyber espionage program, evidence of theft of business intellectual property by... Read More |
THE CASE FOR GRC: ADDRESSING THE TOP 10 GRC CHALLENGES whitepaper Businesses today operate in complex and highly dynamic global environments. Successful execution of business strategies requires an ability to effectively balance revenue generation and operational efficiency objectives with risk management and compliance obligations. Read More |
ENABLING LARGE-SCALE MOBILITY WITH SECURITY FROM THE GROUND UP whitepaper The adoption of so-called "bring your own device" (BYOD) programs has raised new tensions between IT departments and workers over employer access to personally owned mobile devices. BYOD programs have opened the gates to a range of consumer devices in the workplace, raising concerns over d... Read More |
OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK whitepaper Every organizational unit has some level of risk it must address. Yet, most internal teams lack the ability to identify priorities and accountability to stay ahead of new threats to the business thus leaving the process of managing risk to be more reactive. While many risks exist within each functio... Read More |
|
THREAT AGENT LIBRARY HELPS IDENTIFY INFORMATION SECURITY RISKS whitepaper Our Intel IT Threat Assessment Group developed a unique, standardized threat agent library (TAL) that provides a consistent, up-to-date reference describing the human agents that pose threats to IT systems and other information assets. The TAL quickly helps risk management professionals (called risk... Read More |
TOP TEN TRENDS FOR 2015 IN INFORMATION SECURITY RISK MANAGEMENT video ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery ti... Read More |
THE SIGNIFICANCE OF INFORMATION SECURITY AND PRIVACY CONTROLS ON LAW whitepaper As regulators increase pressure on financial institutions to ensure their third party risk management programs meet new regulations and guidelines, including those for cybersecurity, many banks are more closely scrutinizing third party provider handling of sensitive information to ensure objective a... Read More |
|
CYBER THREAT INTELLIGENCE YOU CAN IMMEDIATELY UNDERSTAND AND USE whitepaper The common approach to threat intelligence is to turn on a fire hose of low-level machine-driven data, but this often creates more confusion and more data that is useless for your business. How can you better manage and leverage this cyber data so that you can better equip your business against cybe... Read More |
DATA RISK MANAGEMENT: RETHINKING DATA DISCOVERY AND CLASSIFICATION whitepaper Defining data via data discovery and classification is an often overlooked, yet critical, component of data security and control. Security and risk (S&R) pros can't expect to adequately protect data if they don't have knowledge about what data exists, where it resides, its value to the o... Read More |
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT whitepaper As awareness grows due to media coverage of high profile data breaches, pending cyber legislation and continued advisories from cyber security professionals, information security and other cyber risks continue to represent at least a moderate threat to a majority of risk professionals. Board Members... Read More |
THE MOST ADVANCED CYBERSECURITY video With the growth of targeted attacks, data exfiltration and threat management raise many concerns among security and data center professionals. Responsible for operations, risk management and compliance with an increased probability of a breach they need a partner as innovative as them. Bitdefender&r... Read More |
|
EFFECTIVE OPERATIONAL RISK MANAGEMENT FOR FINANCIAL INSTITUTIONS whitepaper The growing complexity of activities, a changing workforce, regulatory requirements, and dependencies on third parties has dramatically impacted the operational risk profile for many organizations. This white paper offers practical guidance to achieve an effective operational risk management strateg... Read More |
SECUROSIS THREAT INTELLIGENCE FOR ECOSYSTEM RISK MANAGEMENT whitepaper Very few businesses operate today without sharing sensitive data with business partners, suppliers, and service providers. This presents new challenges to vendor risk management teams as they face the issue of keeping this data secure as it enters the extended enterprise. Without visibility into and... Read More |
ALIGNING IT, SECURITY AND RISK MANAGEMENT PROGRAMS video Information Security Policies (ISO 27002:2013 Section 5) and Organization of Information Security (ISO 27002:2013 Section 6) are closely related, so we address both domains in this chapter. The Information Security Policies domain focuses on information security policy requirements and the need to a... Read More |
TOTAL INFORMATION RISK MANAGEMENT WEBINAR video Data is key to the daily operations of all organisations and we are increasingly dependent on -- and trusting of -- that data. The information we get from databases and information feeds is used at all levels of business to make decisions. But what happens when we base those decisions on poor qualit... Read More |
INFORMATION SECURITY - ASSESSING STRATEGY, COST AND VULNERABILITY video ITSAF Breakout Session 14: Assessing Strategy, Cost and Vulnerability Speaker: Jaymes Davis, Entisys. How does virtualization impact security? See Details belowThe emergence of virtualization and the consumerization of IT as primary drivers of technology innovation and growth is a major industry shi... Read More |
|
INFORMATION SECURITY RISK MANAGEMENT video Risk Management and Risk Assessment are major components of Information Security Management (ISM). Although they are widely known, a wide range of definitions of Risk Management and Risk Assessment are found in the relevant literature [ISO13335-2], [NIST], [ENISA Regulation]. Here a consolidated vie... Read More |
INFORMATION SECURITY AWARENESS TRAINING VIDEO: "Z-BAY" video They are essential to an effective and appropriate risk management program and provide the basis for your security, audit, vendor management, and identity theft red flag programs, as well as for your business continuity plan. Once thought to be an IT risk assessment only, the current risk assessment... Read More |
ENTERPRISE-WIDE INFORMATION SECURITY RISK ASSESSMENTS 101ENT video They are essential to an effective and appropriate risk management program and provide the basis for your security, audit, vendor management, and identity theft red flag programs, as well as for your business continuity plan. Once thought to be an IT risk assessment only, the current risk assessment... Read More |
|
|
|
NOVEMBER 2013 NY INFO SECURITY MEETUP - NOPSEC video NopSec was founded to pursue a vision: IT security and effective vulnerability risk management can be a business advantage. NopSec is a technology company focused on helping businesses to proactively manage security vulnerability risks and protect their IT environment from security breaches.Our flag... Read More |
INFORMATION SECURITY HOME SYSTEM SECURITY RISK MANAGEMENT video Risk Management and Risk Assessment are major components of Information Security Management (ISM). Although they are widely known, a wide range of definitions of Risk Management and Risk Assessment are found in the relevant literature [ISO13335-2], [NIST], [ENISA Regulation]. Here a consolidated vie... Read More |
ZEN AND THE ART OF INFORMATION SECURITY video People perceive information security to be a complicated and expensive process. Likewise, they believe that the evil doers are technological geniuses or trained intelligence operatives, who can get through even the most sophisticated security measures.The reality is that security is much easier to a... Read More |
|
BLOOMBERG – 5 INFORMATION SECURITY TRENDS THAT WILL DOMINATE 2016 article Every year, it seems, the threats posed by cybercriminals evolve into new and more dangerous forms while security organizations struggle to keep up.As 2015 draws to a close, we can expect the size, severity and complexity of cyber threats to continue increasing in 2016, says Steve Durbin, managing d... Read More |
HOW MATURE IS YOUR CYBER-SECURITY RISK MANAGEMENT whitepaper The importance of implementing a security program based on a security framework. It presents five types of security frameworks, explains how periodic framework reviews can help strengthen security, and describes how IBM can help ensure that your framework-based risk-management strategy remains succe... Read More |
WHAT IS AN ISMS INFORMATION SECURITY MANAGEMENT SYSTEM? video David Dwyer Cyber Compliance Adviser with CRI Cyber Risk International outlines what exactly an ISMS is. An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can he... Read More |
BANKS TO FFIEC: CYBER TOOL IS FLAWED article Banking institutions and associations that have demanded the Federal Financial Institutions Examination Council make significant changes to the Cybersecurity Assessment Tool are now anxiously waiting for the council to take action.Among the most pressing concerns expressed during the second comment ... Read More |
INFORMATION SECURITY RISK ASSESSMENT whitepaper TraceSecurity advances the risk assessment process to its most comprehensive and effective form, with a methodology that exceeds best practices and regulatory standards for compliance. Leveraging the company’s cloud-based software, TraceCSO, information security experts closely scrutinize your... Read More |
|
SECUROSIS REPORT THREAT INTELLIGENCE FOR ECOSYSTEM RISK MANAGEMENT whitepaper Very few businesses operate today without sharing sensitive data with business partners, suppliers, and service providers. This presents new challenges to security teams as they face the issue of keeping this data secure as it enters the extended enterprise. Without visibility into and control over ... Read More |
DDOS AND DOWNTIME: CONSIDERATIONS FOR RISK MANAGEMENT whitepaper Proactive DDoS threat mitigation may be one of the easiest and most cost-effective tactics for minimizing financial risk associated with IT-related downtime. This paper draws on Verisign's DDoS mitigation expertise to examine the threat of DDoS in the context of IT availability and enterprise ri... Read More |
PROACTIVELY MANAGE THE CYBER SECURITY LANDSCAPE video In today's technology-driven environment, your organisation faces complex challenges. Leadership needs a new perspective to help take control of cyber security, focusing on the areas that matter most. At KPMG, we believe in proactively incorporating cyber risk management into all activities. Cyb... Read More |
SECURITY MANAGEMENT AND OPERATIONS REPORT whitepaper "The prevalent approach to security management and operations is to implement on an ad hoc and technology-focused basis. This haphazard approach is no longer adequate.This report details:The current state of the market and what to expect moving forward;Research implications for technology vendo... Read More |
CEO OF BECRYPT TO SPEAK AT CYBER-SECURITY SUMMIT IN NYC article The CEO of Becrypt, Dr Bernard Parsons, has been invited to the New York City Cyber-Security Summit to speak on 18 September. The Summit is aimed at C-level executives who are accountable for protecting the critical infrastructures of their companies from cyber-attack.At the conference, Dr Parsons w... Read More |
2015 CISO INSIGHTS STUDY MANAGING YOUR CYBERSECURITY INVESTMENT whitepaper A few years ago most firms would manage cybersecurity and make investment decisions based mainly on industry best practices, resulting in their adopting certain technologies, policies and practices, without a detailed understanding of their specific overall cyber risk situation. As a result, very fe... Read More |
BEST PRACTICE SECURITY IN A CLOUD-ENABLED WORLD whitepaper The cloud will be a growing part of your IT environment. This is inevitable, particularly in consideration of economics of the cloud and the opportunities in the Internet of Things. While information technology does move rapidly and with a degree of unpredictability, a comprehensive risk management ... Read More |
|
CALIFORNIA, VIRGINIA TAKE STEPS TO BOLSTER CYBERSECURITY STANCE article Governors announce new action to improve cybersecurity and risk management plans.Two governors, on opposite sides of the country, took executive action to beef up cybersecurity in their respective states on Monday, Aug. 31. California Gov. Jerry Brown and Virginia Gov. Terry McAuliffe both institute... Read More |
WOMEN COULD BE THE SOLUTION TO FIGHTING CYBERSECURITY THREATS article Cybersecurity professionals are more in demand than ever before, but a new report finds the number of women in the field hasn’t grown.Women represent just 10 percent of the cybersecurity workforce, according to a report released today by (ISC)², a nonprofit specializing in information tec... Read More |
IMPROVING RISK MANAGEMENT STRATEGIES USING IDENTITY ATTRIBUTES whitepaper "Striking a balance between identity risk management and an excellent consumer experience is an ongoing challenge. Leading organizations are turning to sophisticated data resources to effectively combat fraud, assess compliance, and verify identities.This whitepaper is a practical guide to leve... Read More |
HOW TO DEVELOP AN ADAPTIVE SECURITY AWARENESS PROGRAM whitepaper Most people working in or near cybersecurity have felt the influence of the NIST Cybersecurity Framework (CSF). The Framework provides organizations guidance for insuring they are protected from ongoing information security threats, and sets an "Adaptive" approach as the top tier of cybers... Read More |
5 INFORMATION SECURITY TRENDS THAT WILL DOMINATE 2016 article Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2016, information security professionals must understand these five trends.Every year, it seems, the threats posed by cybercriminals evolve into new and more dangerous forms while securit... Read More |
|
|
|
2015 CISO INSIGHTS STUDY: MANAGING YOUR CYBERSECURITY INVESTMENT whitepaper A few years ago most firms would manage cybersecurity and make investment decisions based mainly on industry best practices, resulting in their adopting certain technologies, policies and practices, without a detailed understanding of their specific overall cyber risk situation. As a result, very fe... Read More |
|
INTEGRATING RISK ASSESSMENT INTO LIFECYCLE MANAGEMENT whitepaper "The most successful enterprises integrate risk assessment, and more broadly, risk management, into their lifecycle processes.This white paper shares how to integrate risk assessment into each stage of lifecycle management, resolves common misconceptions about the role of a risk assessment, and... Read More |
|
|
RISK MODELING & ATTACK SIMULATION FOR PROACTIVE CYBER SECURITY whitepaper "In this whitepaper, Skybox examines how IT organizations can benefit from the use of risk modeling and simulation technologies to gain a complete understanding of network security risks and solve network security problems.Risk modeling and simulation can be incorporated into day-to-day IT oper... Read More |
|
|
|
PAYMENTS SECURITY: ASSESSING THE CHALLENGES article Over the past two years, the Indian financial sector has witnessed the dawn of a new age of payments, with many changes in the mobile realm. The industry and customers were accustomed to traditional forms of payment (credit and debit cards, checks and cash) with little to no changes for how transact... Read More |
INFORMATION SECURITY AND CYBERLIABILITY RISK MANAGEMENT whitepaper Advisen Ltd and Zurich have partnered for a fourth consecutive year on a survey designed to gain insight intothe current state and ongoing trends in information security and cyber liability risk management. Conducted fortwo weeks, the survey began on August 5, 2014 and concluded on August 19, 2014. Read More |
STREAMLINE RISK MANAGEMENT SANS WHITEPAPER whitepaper "The 20 Critical Security Controls, a consensus project involving numerous U.S. government, private-sector and international groups, has received a great deal of attention recently as a framework of controls for defending organizations against cyber attacks.Today's cyber attacks are increas... Read More |
INFORMATION SECURITY & RISK MANAGEMENT video The Principal Information Technology Policy sets out Leeds Beckett University’s definition of, commitment to, and requirements for Information Technology and Security. It specifies regulations to be implemented to secure information and technology that the University manages and to protect aga... Read More |
|
EMBRACING BYOD WITHOUT COMPROMISING SECURITY OR COMPLIANCE whitepaper Trying to embrace BYOD while ensuring your employees can access all of the business apps and content they NEED on the mobile devices they WANT - without compromising security, integrity or compliance? This whitepaper explores the impact of consumerization and BYOD on modern IT departments, and the e... Read More |
A FEW CYBERSECURITY PREDICTIONS FOR 2016 article I’m a bit reluctant to blog about 2016 cybersecurity predictions, as it seems like everyone is getting into this act. Alas, this end-of-year tradition used to be the exclusive domain of the analyst community and a few industry beacons, but now it seems like every security tools vendor in the w... Read More |
|
|
THE EVOLUTION OF VENDOR RISK MANAGEMENT IN FINANCIAL INSTITUTIONS whitepaper The Financial Services industry has long been a pioneer in developing risk management practices. As third party data breaches have increased in recent years, regulators and organizations have moved from relying solely on static questionnaires and assessments, to continuously monitoring the security ... Read More |
|
|
|
RWE SUPPLY & TRADING SECURES AGAINST USER AND ASSET-BASED RISKS whitepaper RWE Supply & Trading is a leading energy trading house and a key player in the European energy sector. The European energy sector is undergoing fundamental changes, with subsidized expansion of renewables causing margins and utilization of conventional power stations to decline, thereby requirin... Read More |
|
|
VENDOR RISK AND BUSINESS IMPACT INFOGRAPHIC whitepaper The vendor community is critical to business operations and success. Organizations issue vendors with legitimate user accounts and access to key resources. Cybercriminals have started leveraging the trusted vendor network and access these vendors have into organizations, as a threat vector to carry ... Read More |
|
AVOIDING BYO POLICY AND SECURITY PITFALLS whitepaper BYOD and mobile security are undoubtedly top of mind for many IT professionals today. This whitepaper, written in collaboration with TAL Global (a leading security consulting and risk management firm), highlights five case studies to illustrate common legal and security issues associated with BYO. I... Read More |
VENDOR RISK ASSURANCE BRIEF whitepaper Bay Dynamics' Vendor Risk Assurance provides organizations with a holistic defense against targeted attacks that involve third-party vendors as a threat vector. This innovative, robust and scalable solution provides a single-pane-of-glass for vendor risk management. Vendor Risk Assurance enhance... Read More |
|
REAL TIME RISK MANAGEMENT whitepaper Operational security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the o... Read More |
|
THE EVOLUTION OF CYBER RISK infographic Cyber attacks or data breach incidents seem to make headlines daily. Although these events may feel commonplace, their triggers are changing, as are the risk management strategies to address them. ACE has handled data breach incidents and underwritten exposures for policyholders for more than 15 yea... Read More |