Information Management Today

Free Expert Insights

IT Governance

MARCH 29, 2024

Here are all our Q&As to date, grouped by broad topic: AI Cyber attacks and data breaches Cyber Essentials Cyber resilience Cyber security Data privacy DORA Incident response ISO 27001 PCI DSS PECR Security testing Training Miscellaneous To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight.

Data Privacy

Data Privacy Compliance GDPR Privacy

Best Third-Party Risk Management (TPRM) Tools of 2021

eSecurity Planet

AUGUST 27, 2021

Cyberattacks caused by supply chain vulnerabilities mean organizations need a renewed perspective on how to address third-party security. In a developing market, third-party risk management (TPRM) software and tools could be the answer to helping organizations fill the gap. Best Third-Party Risk Management (TPRM) Tools.

Risk

Risk Compliance Marketing Cybersecurity

The 14 Cloud Security Principles explained

IT Governance

DECEMBER 9, 2021

Cloud security is an essential part of today’s cyber security landscape. But whenever organisations adopt technological solutions such as this, they must acknowledge the risks that come with it. This might include spotting misconfigured firewalls or physical security threats.

Cloud

Cloud Security Authentication Risk

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Application Security: Complete Definition, Types & Solutions

eSecurity Planet

FEBRUARY 13, 2023

Application security is the practice of securing software and data from hackers, whether that application comes from a third party or was developed in house, regardless of where it resides or how it’s accessed. How Does Application Security Work? What Are the Types of Application Security?

Security

Security Cloud Risk Computer and Electronics

NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management

Hunton Privacy

JANUARY 24, 2017

On January 19, 2017, the North American Electric Reliability Corporation (“NERC”) released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management (the “Proposed Standard”). A formal comment period for the Proposed Standard is now open and will remain open through 8 p.m.

Risk

Risk Cybersecurity Authentication Access

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

Data Matters

FEBRUARY 10, 2022

On Monday, January 24, 2022, in a speech at the Northwestern University Pritzker School of Law annual Securities Regulation Institute conference, Gary Gensler, Chair of the U.S. These SEC rules could broadly affect cybersecurity requirements across the U.S. Public Companies and Service Providers.

Cybersecurity

Cybersecurity Marketing Risk Compliance

How Cyber Essentials can help secure your patch management

IT Governance

OCTOBER 19, 2018

In this blog series, we will discuss each of the Cyber Essentials scheme’s five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”. Our third blog covers patch management and addresses the need for organisations to keep software up to date with security patches.

Security

Security Risk Government Data breaches

Smart review of WannaCry suggests 22 recommendations for improved cyber security across health and social care.

IT Governance

FEBRUARY 9, 2018

The latest review into the WannaCry ransomware attack and cyber security standards has concluded that “all health and social care organisations can, and should, have strong cyber security measures in place” as the protection of patient data is “fundamental to delivering high quality and safe services”.

Security

Security Compliance GDPR Phishing

How to Implement a Penetration Testing Program in 10 Steps

eSecurity Planet

FEBRUARY 20, 2023

Penetration tests find security vulnerabilities before hackers do and are critical for keeping organizations safe from cyber threats. Penetration test services have become common, with many security companies offering them. You can either create your own pentesting program or hire an outside firm to do it for you.

Sales

Sales Security Communications Cloud

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

For example, in March of 2016, two researchers, Mike Ahmadi and Billy Rios independently reported an astounding fourteen hundred vulnerabilities to CareFusion's Pyxis SupplyStation, an automated, networked, supply cabinet used to store and dispense supplies. First, this is a supply chain issue. He’s well known.

IT

IT Manufacturing Government Paper

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

For example, in March of 2016, two researchers, Mike Ahmadi and Billy Rios independently reported an astounding fourteen hundred vulnerabilities to CareFusion's Pyxis SupplyStation, an automated, networked, supply cabinet used to store and dispense supplies. First, this is a supply chain issue. He’s well known.

IT

IT Manufacturing Government Paper

34 Most Common Types of Network Security Protections

eSecurity Planet

MARCH 17, 2023

Whether you’re operating a global enterprise network or a small family business, your network’s security needs to be optimized with tools, teams, and processes to protect customer data and valuable business assets. Also read: What is Network Security?

Security

Security Encryption Analytics Cloud

President Biden’s Executive Order on improving the nation’s cybersecurity

Data Protection Report

MAY 19, 2021

The 18-page Executive Order does not set forth specific requirements, but rather sets deadlines for named agencies to develop requirements, standards, or guidelines on specific cybersecurity areas. Cyber Incident Reporting. Some of the areas covered by the Executive Order include: Sharing Threat Information.

Cybersecurity

Cybersecurity Government Privacy Risk

Top Threat Intelligence Platforms for 2021

eSecurity Planet

SEPTEMBER 13, 2021

Key features in a top threat intelligence platform include the consolidation of threat intelligence feeds from multiple sources, automated identification and containment of new attacks, security analytics, and integration with other security tools like SIEM , next-gen firewalls (NGFW) and EDR. Top Threat Intelligence Platforms.

Analytics

Analytics Cybersecurity Risk Cloud

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

IT Governance

APRIL 22, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Compromised data includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers. Only 5 definitely haven’t had data breached.

Data Privacy

Data Privacy Privacy Manufacturing Security

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: full list This week, we’ve found 130,036,285 records known to be compromised, and 116 organisations suffering a newly disclosed incident.

Data Privacy

Data Privacy Privacy Manufacturing Retail

Part 3: OMG! Not another digital transformation article! Is it about effecting risk management and change management?

ARMA International

SEPTEMBER 27, 2021

Here, Part 3 discusses how to manage the various DT risks. This discussion includes methods, tools, and techniques such as using personae and identifying use cases that have high business value, while minimizing project risks. This part also discusses managing CS risks such as ransomware, privacy, change management, and user adoption.

Digital transformation

Digital transformation Risk IT Computer and Electronics

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

It used to be that data breaches were all about cyber-crooks hacking computer systems to steal personal information, followed by an affected company sending regretful notification letters offering a year or two of complimentary credit monitoring. Response to state-sponsored hacking routinely requires close coordination with multiple U.S.

Cybersecurity

Cybersecurity Government Authentication Ransomware

Best Zero Trust Security Solutions for 2021

eSecurity Planet

JULY 5, 2021

Zero trust security is a concept that’s been around for several years, but it may finally be starting to gain traction as a technology product. But buyers are beginning to express interest, and a number of security vendors have assembled some interesting approaches to zero trust security. What is zero trust security?

Security

Security Access Cloud Authentication

9 cyber security predictions for 2022

IT Governance

FEBRUARY 15, 2022

This is as true in the cyber security landscape as it is in any other. To help you understand what might be in store in 2022, we’ve collected nine forecasts from cyber security experts. Cyber insurance will become more popular and more comprehensive. Cyber insurance premiums will increase.

Security

Security Insurance Authentication Passwords

CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe?

KnowBe4

FEBRUARY 28, 2023

CONTINUED] at the KnowBe4 blog: [link] [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET) , for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Security awareness

Security awareness Phishing Cybersecurity Security

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

Security Affairs

JANUARY 25, 2024

The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. reads a Form 8-K filing with the SEC. “On

Passwords

Passwords Cybersecurity Access Marketing

Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails

Security Affairs

JANUARY 20, 2024

The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. ” reads a Form 8-K filing with the SEC.

Passwords

Passwords Access Cybersecurity Authentication

Information Management Today

Free Expert Insights

Best Third-Party Risk Management (TPRM) Tools of 2021

Webinars

Trending Sources

The 14 Cloud Security Principles explained

Webinars

Application Security: Complete Definition, Types & Solutions

NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

How Cyber Essentials can help secure your patch management

Smart review of WannaCry suggests 22 recommendations for improved cyber security across health and social care.

How to Implement a Penetration Testing Program in 10 Steps

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

34 Most Common Types of Network Security Protections

President Biden’s Executive Order on improving the nation’s cybersecurity

Top Threat Intelligence Platforms for 2021

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

Part 3: OMG! Not another digital transformation article! Is it about effecting risk management and change management?

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Best Zero Trust Security Solutions for 2021

9 cyber security predictions for 2022

CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe?

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails

Stay Connected