Risks of Password Managers

Schneier on Security

Stuart Schechter writes about the security risks of using a password manager. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. passwordsafe passwords riskassessment risks

CISO Notebook: Third-Party Risk

Data Breach Today

Cris Ewell of UW Medicine on Managing Vendor Risks Where is the data, who has access to it, and how is it being secured? These are among the top questions inherent in any third-party risk program. Cris Ewell, CISO of UW Medicine, shares insight from his experience managing vendor risk

Risk 154

Understanding Your Risk Surface

Data Breach Today

How can they best understand and mitigate their risks? Kelly White of RiskRecon on How to Track What's Being Missed In the expanded, virtual enterprise, security leaders face the challenge of defending an ever more complicated attack surface.

Risk 179

Phishing: Mitigating Risk, Minimizing Damage

Data Breach Today

In Wake of Recent Incidents, Experts Offer Insights on Critical Steps to Take As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage

Managing Open Source Risks

Data Breach Today

But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks Chris Eng of CA Veracode on Best Practices Open source and third-party components help developers build and deploy applications faster.

Risk 176

Healthcare Security: Tactics for Reducing Risk

Data Breach Today

IBM's Christopher Bontempo on Where to Focus for Quick Results Reducing risk is a tall order, but IBM's Christopher Bontempo says healthcare security leaders can get immediate and measurable results by concentrating on two aspects: data security and incident response

Risk 163

Security Risks of Chatbots

Schneier on Security

Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks

Risk 84

Vendor Security Risk Management: A Growing Concern

Data Breach Today

Eddie Chang, Travelers Insurance, cyber insurance, Quest Diagnostics, Optum360, breach, Labcorp, BioReference, AMCA, American Medical Collections Agency, vendor risk management, application security

John Halamka: Mitigating Medical Device Security Risks

Data Breach Today

Enumerating medical devices, identifying where the security risks lie and then implementing a multilayered defense plan to mitigate risks should be top priorities for healthcare organizations, says thought leader John Halamka, M.D., executive director for technology exploration at Beth Israel Lahey Health

Risk 113

Maximize Cybersecurity Risk Ratings in 2019

Data Breach Today

Insights from the Forrester New Wave: Cybersecurity Risk Rating Solutions, Q4 2018. If you are a security or risk leader, you know that even with a formal third-party risk program in place, you are not effectively keeping track of all of your third parties

Risk 184

Improving Vendor Risk Management

Data Breach Today

NYKA Advisory Services' Sunil Chandiramani Offers Insights for Financial Institutions Providing vendors with visibility to a company's systems makes the vendor management process far more complicated, says Sunil Chandiramani of NYKA Advisory Services

Risk 166

Solving 3rd Party Cybersecurity Risk

Data Breach Today

Your organization's risk surface may be larger than you think. Your organization's risk surface is larger than you think. How can you get a handle on what risks exist, where they reside, and which ones are most important to resolve immediately

Risk 150

Tackling the Prevalent Fraud Risks

Data Breach Today

Dora Gomez on the Highlights of ACFE Report to Nations What are the prevailing fraud trends, and how are they impacting consumers, clients and enterprises?

Risk 175

Cyberattack Risk: Scans Find Big Businesses Exposed

Data Breach Today

Britain's biggest businesses continue to inappropriately expose servers and services to the internet, putting the organizations and data at risk, according to a study by Rapid7. Tod Beardsley describes the findings, including a widespread lack of phishing defenses as well as cloud misconfigurations

Risk 151

HHS Updates Security Risk Assessment Tool

Data Breach Today

But Why Is Conducting a Risk Analysis So Challenging for So Many Organizations? But why is conducting a risk assessment so challenging for so many

Tools 186

Managing Third-Party Risks

Data Breach Today

Bitsight's Tom Turner on Security Ratings Managing third-party risks is more critical than ever, says Tom Turner of BitSight Technologies, who discusses the urgency of communicating that to the board

Risk 155

Cybersecurity Incident Response and Managing Risk

Data Breach Today

IBM's Anup Kanti Deb Offers Insights Incident response is an ongoing process, a lifecycle that requires a risk mitigation strategy covering operational, legal and reputational risk

Risk 138

Future-Proofing for IoT Risks

Data Breach Today

Check Point's Robert Falzon on Preparing for the Changes to Come The internet of things promises to change how enterprises operate - as well as the cybersecurity risks they will face. Robert Falzon of Check Point Software Technologies outlines IoT risks and how to prepare to mitigate them

IoT 161

How Organizations Can Reduce Their Data Risk Footprint

Data Breach Today

Ilker Taskaya of Delphix on Reducing Risk in Non-Production Environments Data in non-production environments represents a significant percentage of total enterprise data volume.

Risk 160

Risk and Resilience: Finding the Right Balance

Data Breach Today

Finding the right balance between risk and resilience is a challenge for every cybersecurity project - especially in the aerospace, space and defense sectors - and that's why such efforts must be driven by CISOs and CIOs, says Leonardo's Nik Beecher

Risk 123

Vendor Risk Management: A Better Approach

Data Breach Today

The risks posed by third-party vendors are a top concern for Aaron Miri, CIO of University of Texas at Austin's Dell Medical School and its affiliated UT Health Austin group practice. He explains steps he's taking to help mitigate those risks

Risk 144

Using AI to Detect Cyber Risks

Data Breach Today

David Atkinson of Senseon Discusses Key Benefits of Artificial Intelligence Artificial Intelligence is coming of age as a key tool in the security analyst's arsenal, says David Atkinson, founder and CEO of Senseon, who highlights key benefits of the technology

5G Networks Spark Concerns For Enterprise Risks


As 5G deployments continue to increase, what are the top security risks for enterprises? Hacks IoT Podcasts 5G enterprise risk GSMA mobile360 network deploymentsWe discuss with an expert during GSMA's Mobile360 conference.

Risk 110

Who Faces Biggest Financial Risks From Cyberattacks?

Data Breach Today

Risk 215

Open Source Components: Managing the Risks

Data Breach Today

Maria Loughlin of Veracode on Mitigation Strategies Open source components help developers build and deploy applications faster, but with increased speed comes greater risk.

Risk 171

Developing a Robust Third-Party Risk Management Program

Data Breach Today

Too many organizations around the world take a "bare minimum" approach to third-party risk management, says Jonathan Ehret, founder of the Third Party Risk Association, who offers risk mitigation insights

Risk 123

Mitigating Emerging Risks

Data Breach Today

Chris Testa of Cybereason on Going Beyond Defense-in-Depth As businesses change their key strategies, they must ensure they mitigate new risks that emerge, says Chris Testa of Cybereason.

Risk 130

Medical Device Cyber Risk: An Enterprise Problem

Data Breach Today

Medical device cybersecurity risks should be viewed as an enterprise problem, say Tracey Hughes of Duke University Health Systems and Clyde Hewitt of security consultancy CynergisTek, who outline critical security steps

Risk 159

Major Flaw in Runc Poses Mass Container Takeover Risk

Data Breach Today

The flaw in the "runc" container-spawning tool could allow attackers to craft a malicious container able to "break out" and gain root control of a host system, potentially putting thousands of other containers at risk

Risk 229

Strong Risk Management Must Go Beyond Frameworks in Healthcare


Read more about the report and the state of risk management in healthcare here. Healthcare News healthcare HIPAA NIST risk managementA recent report from the College of Healthcare Information Management Executives (CHIME) and KLAS Research found that there is a severe divide between security programs of larger and smaller healthcare organizations. The report found that many providers don’t conform with HIPAA or adhere to a specific security framework like NIST.

Risk 40

How Risk Management Is Evolving

Data Breach Today

Jennifer Bayuk of Decision Framework Systems on Putting Principles Into Practice How is risk management evolving as a result of ubiquitous cybersecurity risks?

Risk 130

Smart Cities Challenge: Real-Time Risk Management

Data Breach Today

Risk 182

Cyber Risk Management: Why Automation is Essential

Data Breach Today

Risk 184

Business Email Compromise: Mitigating the Risk

Data Breach Today

David Appelbaum of Valimail on Addressing Vulnerabilities Email remains a key vector for inbound attacks. David Appelbaum of Valimail explains how the threat can be remediated

Risk 188

Blockchain in Healthcare: The Potential Benefits, Risks

Data Breach Today

He sizes up the potential risks and benefits Indiana University Health is evaluating the use of blockchain in two areas to improve healthcare information security, Mitch Parker, CISO, says in an interview at the HIMSS19 conference.

Report: UK Believes Risk of Using Huawei Is Manageable

Data Breach Today

Risk 200

How to create an ISO 27001-compliant risk treatment plan

IT Governance

An RTP (risk treatment plan) is an essential part of an organisation’s ISO 27001 implementation process, as it documents the way your organisation will respond to identified threats. What are your risk treatment options? Avoid the risk by ceasing any activity that creates it.

Risk 71

How to create a risk assessment matrix

IT Governance

To comply with ISO 27001 , the international standard for information security, you need to know how to perform a risk assessment. To complete this process, you need a risk assessment matrix. What is a risk assessment matrix? How to use the risk assessment matrix.

Risk 79

How to Model Risk in an Apex Predator Cyber-World


Critical Infrastructure Government Hacks InfoSec Insider advanced threat actors apex predators apt chronicle security corporate risk corporate security frequency open fair probability risk risk assessment risk modeling

Risk 70

Third-Party Risk Management: Asking the Right Questions

Data Breach Today

An effective third-party risk management program starts with asking the right questions, says Brad Keller, chief strategy officer and senior vice president at the Santa Fe Group, a strategic advisory company, who spells out key issues to address

Risk 125