DATA SECURITY

CFGI and SecurityScorecard Collaborate to Provide Security Rating Monitoring as a Service

CFGI | May 26, 2021

CFGI and SecurityScorecard Collaborate to Provide Security Rating Monitoring as a Service
CFGI, a leading provider of Accounting Advisory, Cybersecurity and IT Risk Advisory solutions, and SecurityScorecard, the worldwide leader in cybersecurity ratings, today announced a new partnership to streamline and strengthen how organizations manage their cybersecurity and third-party risk through the use of Security Ratings.

CFGI has partnered with SecurityScorecard to non-intrusively evaluate an organizations' cybersecurity using an 'outside-in methodology. This approach enables CFGI to monitor and update the cybersecurity ratings of our clients in a very continuous manner. With these cybersecurity ratings and the extensive information on which they are based, organizations are presented with valuable information for assessing compliance with industry-leading cybersecurity risk standards.

As a SecurityScorecard managed security services provider (MSSP), CFGI will be delivering industry-leading cybersecurity ratings to clients to enhance their security posture, ensure adherence to regulatory requirements, and continuously monitor third-party risk. This partnership comes at a time when risk and compliance teams are experiencing unprecedented pressure to successfully manage their own and third-party risk, due to changing regulatory requirements, higher numbers of vendors, and more pressure from the board of directors. Heightened regulatory scrutiny has created the necessity for next-generation solutions to assist organizations in better manage the risk posed by their business partners. With the partnership between CFGI and SecurityScorecard, organizations can now be aware of cybersecurity gaps and advised on what is needed to fill them.

What value do CFGI clients receive?

• Technical dashboards and detailed reports with your most critical risk factors.

• Easy-to-read board-level reports and workflow tools for cybersecurity assessments.

• Risk remediation advisory services by CFGI, whose experts work closely with your technology teams or third parties.

• Ability to view your historical vulnerabilities and threats for continued improvement.

• Ability to quantify and demonstrate your return on security investments.

• Ability to benchmark your cybersecurity current state against industry peers and competitors.

About CFGI

CFGI, a portfolio company of The Carlyle Group, is a highly specialized financial consulting company that supports the office of the CFO with all its accounting, finance, risk management, and digital transformation needs. As an extension of your SOX, internal audit, corporate finance, or cybersecurity team, CFGI can serve in a variety of capacities – from technical accounting or finance transformation advisor to IPO and M&A support to controller or CFO.

Spotlight

Bloomberg's Allan Holmes moderates a conversation with former CIA Director Gen. Michael V. Hayden, Dell SecureWorks' Jon Ramsey, and AGT International's Mati Kochavi.

Related News

DATA SECURITY

CyberSN acquires Leader Matt Donato of cybersecurity staff to expand reach into the Southeast & Mid-Atlantic region

prnewswire | November 17, 2020

CyberSN, an innovation engaged ability securing firm in the U.S. zeroed in only on cybersecurity experts has reported its extension in the Southeast and Mid-Atlantic areas with the employing of Matt Donato and Drew Crisan in Charlotte, NC. Matt Donato joins CyberSN as its Managing Director South Region liable for all action from Washington DC to Florida. Preceding CyberSN Matt was one of the Founders of a Charlotte, NC based cybersecurity staffing firm. "I am so eager to join the CyberSN family and consolidate my affection for cybersecurity with the staggering assets at CyberSN. I am anticipating extending the CyberSN brand in this locale," said Donato. Drew Crisan additionally joins CyberSN as its Cybersecurity Recruiting Manager for the East and South Regions. CyberSN Founder and CEO Deidre Diamond said of the extension, "we are seeing an expanded interest for our administrations, particularly our Resume Service, called Talent Scout, where we accomplish a large portion of the work and our customers do half, for a large portion of the cost. This development with solid pioneers like Matt and Drew implies we can more readily support this area." North Carolina is a developing business sector with a 128% development in tech work postings in 2019 and an extended requirement for 3,960 extra data security examiners by 2024. These positions are progressively open to out-of-territory up-and-comers, which will permit neighborhood organizations to use the CyberSN public organization of employment searchers. As indicated by NCTECH's positions rundown, "the Charlotte locale added 39,413 tech occupations a year ago," which was instrumental in CyberSNs' choice to add assets to this district, said Diamond. "We are multiplying down broadly in all business sectors. Our resume administration, dispatched recently, has demonstrated to be truly attractive. With more administration hands on the wheel, we can support substantially more of the network we love," said Diamond. About CyberSN Founded in 2014, CyberSN is solely focused on the cybersecurity talent industry serving as a trusted brand across the U.S. Recognized by their unique care and dedication to the cyber community, diversity and inclusion initiatives, and KnowMoreTM, their cybersecurity job posting and talent matching platform.

Read More

SOFTWARE SECURITY

Green Hills Software Expands Leadership in Automotive Cybersecurity

prnewswire | October 28, 2020

Green Hills Software, the worldwide leader in embedded safety and security, announced today it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29 for the INTEGRITY real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been an industry-recognized leader helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Utilizing these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few. As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected1 to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation. As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle's lifecycle. Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following: The draft ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" Standard was recently published by SAE International and ISO (Organization for Standardization). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organizational perspective spanning concept, development, production, operation, maintenance, and decommissioning. The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalized in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China. WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262 is today. "Connected cars bring significant risks and rewards to OEMs and their suppliers," said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. "Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy." "ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities," said Dan Mender, VP of Business Development at Green Hills Software. "Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry's leading secure software run-time environment to next-generation connected vehicle electronics." Reference (1) Source: VDC Research Group, Inc.: Automotive Cybersecurity Software & Services Market report, 2019 Strategic Insights Security & The Internet of Things Research Program. About Green Hills Software Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom. Green Hills, the Green Hills logo and INTEGRITY are trademarks or registered trademarks of Green Hills Software in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

Read More

DATA SECURITY

Cynet CISO Challenge for Cybersecurity Leaders Measure Expertise Against their Peers

Cynet | May 11, 2021

Cynet, supplier of the world's first self-ruling XDR stage, today declared the 2021 CISO Challenge for network safety group pioneers to approve their insight and comprehension of genuine security subjects going from essential to cutting edge - including more unstable situations defying associations today. For the 2021 CISO Challenge, Cynet has gathered a gathering of senior CISOs, specialists, and analysts to build up this all-new trial of cutting-edge network safety abilities. The opposition on the site will stay open for about fourteen days, during which time anybody can join and endeavor to address the inquiries, which change from fundamental to progressively refined. There will be a sum of 25 inquiries, with everyone dependent on genuine situations, as opposed to straightforward random data. Questions will cover consistency and guideline, hazard evaluation and the executives' estimations and measurements, danger and weakness the board, just as situations and moral contemplations that most InfoSec pioneers face in the field. The test begins on May fifth at 8 am Eastern Daylight Time (EDT) and closes on May 21st at 11:59 pm (EDT). The site will stay open after the challenge for anybody to test their insight, however not for a prize. It is intended to be a great route for security pioneers to all the more likely comprehend their degree of information and find what holes, assuming any, they have in their order of network safety administration. Since this is a serious occasion, it will permit competitors to perceive how they perform comparative with other people who have acknowledged the demand. The $5,000 thousand prizes will be introduced toward the finish of the challenge. "The CISO Challenge will be a fiery occasion in a cutthroat air, where InfoSec pioneers have the chance to gauge facing the best in the business," said Eyal Gruner, Cynet CEO and Co-Founder. "The challenge goes past the reading material and permits CISOs to do what they specialize in when the pressing factor is on." Cynet is reacting to the business' requirement for more noteworthy cooperation and backing for CISOs at sub-Fortune 2000 associations. The CISO Challenge is intended for Infosecurity pioneers at associations where the dangers are critical, however, assets are restricted and require more elevated levels of mechanization to guarantee fruitful and productive activities. About Cynet Cynet empowers any association to put its network safety on autopilot, smoothing out and mechanizing their whole security tasks while giving upgraded levels of perceivability and assurance, paying little heed to the security group's size, ability or assets and without the requirement for a multi-item security stack. It does as such by locally merging the fundamental security advances expected to give associations exhaustive danger assurance into a solitary, simple to-utilize XDR stage; robotizing the manual cycle of examination and remediation across the climate; and giving a day in and day out proactive MDR administration - checking, examination, on-request investigation, episode reaction and danger chasing - at no extra expense.

Read More

Spotlight

Bloomberg's Allan Holmes moderates a conversation with former CIA Director Gen. Michael V. Hayden, Dell SecureWorks' Jon Ramsey, and AGT International's Mati Kochavi.