Understanding Your Risk Surface

Data Breach Today

How can they best understand and mitigate their risks? Kelly White of RiskRecon on How to Track What's Being Missed In the expanded, virtual enterprise, security leaders face the challenge of defending an ever more complicated attack surface.

Risk 175

Phishing: Mitigating Risk, Minimizing Damage

Data Breach Today

In Wake of Recent Incidents, Experts Offer Insights on Critical Steps to Take As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage

Managing Open Source Risks

Data Breach Today

But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks Chris Eng of CA Veracode on Best Practices Open source and third-party components help developers build and deploy applications faster.

Risk 168

Security Risks of Chatbots

Schneier on Security

Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks

Risk 83

Tackling the Prevalent Fraud Risks

Data Breach Today

Dora Gomez on the Highlights of ACFE Report to Nations What are the prevailing fraud trends, and how are they impacting consumers, clients and enterprises?

Risk 169

Maximize Cybersecurity Risk Ratings in 2019

Data Breach Today

Insights from the Forrester New Wave: Cybersecurity Risk Rating Solutions, Q4 2018. If you are a security or risk leader, you know that even with a formal third-party risk program in place, you are not effectively keeping track of all of your third parties

Risk 179

Improving Vendor Risk Management

Data Breach Today

NYKA Advisory Services' Sunil Chandiramani Offers Insights for Financial Institutions Providing vendors with visibility to a company's systems makes the vendor management process far more complicated, says Sunil Chandiramani of NYKA Advisory Services

Risk 161

Vendor Risk Management: A Better Approach

Data Breach Today

The risks posed by third-party vendors are a top concern for Aaron Miri, CIO of University of Texas at Austin's Dell Medical School and its affiliated UT Health Austin group practice. He explains steps he's taking to help mitigate those risks

Risk 140

Solving 3rd Party Cybersecurity Risk

Data Breach Today

Your organization's risk surface may be larger than you think. Your organization's risk surface is larger than you think. How can you get a handle on what risks exist, where they reside, and which ones are most important to resolve immediately

Risk 146

Managing Third-Party Risks

Data Breach Today

Bitsight's Tom Turner on Security Ratings Managing third-party risks is more critical than ever, says Tom Turner of BitSight Technologies, who discusses the urgency of communicating that to the board

Risk 158

HHS Updates Security Risk Assessment Tool

Data Breach Today

But Why Is Conducting a Risk Analysis So Challenging for So Many Organizations? But why is conducting a risk assessment so challenging for so many

Tools 182

Future-Proofing for IoT Risks

Data Breach Today

Check Point's Robert Falzon on Preparing for the Changes to Come The internet of things promises to change how enterprises operate - as well as the cybersecurity risks they will face. Robert Falzon of Check Point Software Technologies outlines IoT risks and how to prepare to mitigate them

IoT 153

Who Faces Biggest Financial Risks From Cyberattacks?

Data Breach Today

Risk 211

Major Flaw in Runc Poses Mass Container Takeover Risk

Data Breach Today

The flaw in the "runc" container-spawning tool could allow attackers to craft a malicious container able to "break out" and gain root control of a host system, potentially putting thousands of other containers at risk

Risk 230

How to create an ISO 27001-compliant risk treatment plan

IT Governance

An RTP (risk treatment plan) is an essential part of an organisation’s ISO 27001 implementation process, as it documents the way your organisation will respond to identified threats. What are your risk treatment options? Avoid the risk by ceasing any activity that creates it.

Risk 70

Medical Device Cyber Risk: An Enterprise Problem

Data Breach Today

Medical device cybersecurity risks should be viewed as an enterprise problem, say Tracey Hughes of Duke University Health Systems and Clyde Hewitt of security consultancy CynergisTek, who outline critical security steps

Risk 156

Open Source Components: Managing the Risks

Data Breach Today

Maria Loughlin of Veracode on Mitigation Strategies Open source components help developers build and deploy applications faster, but with increased speed comes greater risk.

Risk 165

Mitigating Emerging Risks

Data Breach Today

Chris Testa of Cybereason on Going Beyond Defense-in-Depth As businesses change their key strategies, they must ensure they mitigate new risks that emerge, says Chris Testa of Cybereason.

Risk 130

Cyber Risk Management: Why Automation is Essential

Data Breach Today

Risk 179

How Risk Management Is Evolving

Data Breach Today

Jennifer Bayuk of Decision Framework Systems on Putting Principles Into Practice How is risk management evolving as a result of ubiquitous cybersecurity risks?

Risk 130

Business Email Compromise: Mitigating the Risk

Data Breach Today

David Appelbaum of Valimail on Addressing Vulnerabilities Email remains a key vector for inbound attacks. David Appelbaum of Valimail explains how the threat can be remediated

Risk 183

Smart Cities Challenge: Real-Time Risk Management

Data Breach Today

Risk 174

Report: UK Believes Risk of Using Huawei Is Manageable

Data Breach Today

Risk 196

Blockchain in Healthcare: The Potential Benefits, Risks

Data Breach Today

He sizes up the potential risks and benefits Indiana University Health is evaluating the use of blockchain in two areas to improve healthcare information security, Mitch Parker, CISO, says in an interview at the HIMSS19 conference.

How to create a risk assessment matrix

IT Governance

To comply with ISO 27001 , the international standard for information security, you need to know how to perform a risk assessment. To complete this process, you need a risk assessment matrix. What is a risk assessment matrix? How to use the risk assessment matrix.

Risk 79

Managing Third-Party Risks in a New Era

Data Breach Today

How far does an organization's risk surface extend, and who are the custodians of all that data? A new research report aims to answer those questions. In a joint interview, Kelly White, of RiskRecon and Wade Baker of the Cyentia Institute offer an analysis

Risk 148

ISO 27001: Gap analysis vs. risk assessment

IT Governance

Gap analyses and risk assessments are two of the most important processes organisations must complete when implementing ISO 27001 or reviewing their compliance status. What is a risk assessment? The process begins by creating a long list of risks, which will be given a risk score.

Browser Extensions: Are They Worth the Risk?

Krebs on Security

For its part, Google tries to communicate the potential risk of extensions using three “alert” levels: Low, medium and high, as detailed in the screenshot below. Doing otherwise is almost always a high-risk proposition. Popular file-sharing site Mega.nz

Risk 171

GDPR Compliance: The Role of Vendor Risk Management

Data Breach Today

Attorney Steven Teppler on Holding Vendors Accountable Why is ramping up vendor risk management such a critical component of compliance with the EU's General Data Protection Regulation?

Spotlight Podcast: Managing the Digital Risk in your Digital Transformation

The Security Ledger

But do they really understand the risks lurking in their digital transformation strategies? In this Spotlight Podcast, sponsored by RSA,* we're joined by RSA Portfolio Strategist Steve Schlarman for a discussion of managing the risks in digital transformation. Re-Thinking Cyber Risk.

Avoiding Critical Security Risk Analysis Mistakes

Data Breach Today

Privacy attorney Adam Greene provides tips for avoiding mistakes when conducting a HIPAA security risk analysis and spells out the essential steps to take

Cyber Exposure: How to Discover, Measure and Reduce Your Risk

Data Breach Today

But Diwakar Dayal of Tenable proposes ways to measure a cybersecurity posture, benchmark it against peers and use the metrics to create a report card and reduce cyber risk

Risk 189

The Link Between Volatility and Risk

Data Breach Today

Qadium's Matt Kraning on Lessons Learned From Review of Top Financial Networks Financial service organizations have networks that are larger and more dynamic than ever - and so are their network security risks.

Risk 149

Risk assessments – software Vs spreadsheets

IT Governance

Risk assessments are at the core of many standards, including ISO 27001 , the international standard that describes best practice for an information security management system (ISMS). Difficult to use and identify risks or assets. What is risk assessment software? .

Risk 61

Mobile Risks Boom in a Post-Perimeter World

Threatpost

Featured Malware Mobile Security Vulnerabilities Android Encryption enterprise mobility ios iphone MDM MitM mobil device management mobile malware Mobile Risks Mobile security SDKs triout Wi-F

Risk 90

Travel-Related Breaches: Mitigating the Risks

Data Breach Today

Billings Clinic Employee's Email Hacking Incident Highlights Need for Precautions The hacking of an email account of a medical clinic employee during travels overseas demonstrates the risks posed to data when workers travel. Security experts offer insights on mitigating those risks

Risk 141

IoT Devices: Reducing the Risks

Data Breach Today

Attorney Steven Teppler, who recently wrote a report that addresses risks related to the internet of things, offers insights on risk management steps organizations in all sectors must take as IoT devices proliferate in the enterprise

IoT 113

Simplifying Vendor Security Risk Management

Data Breach Today

Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority

Risk 100

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

Accounting for third-party risks is now mandated by regulations — with teeth. Allen is a widely respected thought leader on this topic, having launched Shared Assessments in 2005 as an intel-sharing and training consortium focused on third-party risks.

Risk 173

Assessing IoT Risks in Healthcare Environments

Data Breach Today

Healthcare organizations should steer clear of connecting internet of things devices to their networks unless they serve a precise medical purpose, says attorney Julia Hesse, a featured speaker at the HIMSS19 Conference

IoT 140