Managing Open Source Risks

Data Breach Today

But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks Chris Eng of CA Veracode on Best Practices Open source and third-party components help developers build and deploy applications faster.

Risk 172

HHS Updates Security Risk Assessment Tool

Data Breach Today

But Why Is Conducting a Risk Analysis So Challenging for So Many Organizations? But why is conducting a risk assessment so challenging for so many

Tools 186

Smart Cities Challenge: Real-Time Risk Management

Data Breach Today

Risk 178

Future-Proofing for IoT Risks

Data Breach Today

Check Point's Robert Falzon on Preparing for the Changes to Come The internet of things promises to change how enterprises operate - as well as the cybersecurity risks they will face. Robert Falzon of Check Point Software Technologies outlines IoT risks and how to prepare to mitigate them

IoT 157

Managing Third-Party Risks

Data Breach Today

Bitsight's Tom Turner on Security Ratings Managing third-party risks is more critical than ever, says Tom Turner of BitSight Technologies, who discusses the urgency of communicating that to the board

Risk 158

How Risk Management Is Evolving

Data Breach Today

Jennifer Bayuk of Decision Framework Systems on Putting Principles Into Practice How is risk management evolving as a result of ubiquitous cybersecurity risks?

Risk 130

Mitigating Emerging Risks

Data Breach Today

Chris Testa of Cybereason on Going Beyond Defense-in-Depth As businesses change their key strategies, they must ensure they mitigate new risks that emerge, says Chris Testa of Cybereason.

Risk 130

Moody’s to Include Cyber Risk in Credit Ratings

Adam Levin

The American business and financial services company Moody’s will start factoring risk of getting hacked into their credit ratings for companies. The move is seen as part of a wider initiative to gauge the risk of cyberattacks and data breaches to companies and their investors. “We’ve We’ve been in the risk management business for a very long time. The post Moody’s to Include Cyber Risk in Credit Ratings appeared first on Adam Levin.

Risk 72

The Link Between Volatility and Risk

Data Breach Today

Qadium's Matt Kraning on Lessons Learned From Review of Top Financial Networks Financial service organizations have networks that are larger and more dynamic than ever - and so are their network security risks.

Risk 152

The Need for Real-Time Risk Management

Data Breach Today

As companies go through a digital transformation, they need to move toward real-time risk management - and artificial intelligence can play a critical role, says David Walter, vice president of RSA Archer

Vendor Risk Management: Conquering the Challenges

Data Breach Today

Organizations must carefully monitor that their business associates are adequately addressing data security to help guard against breaches, says Mark Eggleston, CISO at Health Partners Plans, who will speak on vendor risk management at ISMG's Healthcare Security Summit, to be held Nov.

Risk 126

Simplifying Vendor Security Risk Management

Data Breach Today

Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority

Risk 100

Travel-Related Breaches: Mitigating the Risks

Data Breach Today

Billings Clinic Employee's Email Hacking Incident Highlights Need for Precautions The hacking of an email account of a medical clinic employee during travels overseas demonstrates the risks posed to data when workers travel. Security experts offer insights on mitigating those risks

Risk 141

Risk assessments – software Vs spreadsheets

IT Governance

Risk assessments are at the core of many standards, including ISO 27001 , the international standard that describes best practice for an information security management system (ISMS). Difficult to use and identify risks or assets. What is risk assessment software? .

Risk 59

Software Vendor Breach Spotlights Broad BA Risks

Data Breach Today

Patients at 11 Organizations Affected by Hacker Attack A recent hacker attack targeting a revenue cycle management software and services vendor, which impacted more than 31,000 patients at 11 healthcare organizations, illustrates the potentially broad security risks posed by business associates

Risk 130

Gaining Visibility Into Supply Chain Risk

Data Breach Today

CrowdStrike's Mike Sentonas Shares Insights From Latest Research Even though many organizations believe that supply chain cyber risk is a serious problem, very few organizations are vetting their suppliers, says CrowdStrike's Michael Sentonas

Risk 130

IoT Devices: Reducing the Risks

Data Breach Today

Attorney Steven Teppler, who recently wrote a report that addresses risks related to the internet of things, offers insights on risk management steps organizations in all sectors must take as IoT devices proliferate in the enterprise

IoT 114

Managing Third-Party Risk in the Age of Ransomware

Data Breach Today

As ransomware and other cyberattacks continues to proliferate, organizations must improve vendor risk management so they have a plan in place in case a business associate falls victim, says Mitch Parker, CISO of Indiana University Health System, who will speak at ISMG's Healthcare Security Summit in New York

Simplify your risk assessments

IT Governance

A risk assessment enables you to identify, analyse and evaluate your organisation’s risk. Risk assessments are central to many standards, including ISO 27001, the international standard that describes best practice for an information security management system (ISMS).

Risk 53

GRC Evolves Into Integrated Risk Management

Data Breach Today

Rsam's Vivek Shivananda on How the New Approach Solves a Classic Problem As corporate information silos fall, traditional approaches to governance, risk and compliance are giving way to the new category of integrated risk management solutions.

Risk 130

How to create an ISO 27001-compliant risk treatment plan

IT Governance

The risk treatment plan (RTP) is one of the mandatory reports that you will need to produce for your information security management system (ISMS). Key elements of the risk treatment plan. The date to apply the risk treatment. Help with creating your risk treatment plan template.

Risk 71

Managing Cyber Risks: A New Tool for Banks

Data Breach Today

Banks have a new tool available for developing cyber risk management programs. In an interview, architects of the Financial Services Sector Cybersecurity Profile, Denyette DePierro and Josh Magri, describe how to use it. They'll offer more details at ISMG's Legal & Compliance Summit in New York on Nov.

Tools 113

Managing 'Shadow IT' Risks in Healthcare Settings

Data Breach Today

Risk 151

Risk Analysis Requirement Survives 'Meaningful Use' Revamp

Data Breach Today

But current program requirements for conducting a security risk analysis would stick CMS Proposes Major Overhaul of EHR Incentive Program, Emphasizing Interoperability Federal regulators are proposing an overhaul to the "meaningful use" electronic health record incentive program.

Healthcare Security Summit Speaker on Vendor Risk Management

Data Breach Today

Organizations must carefully monitor that their business associates are adequately addressing data security to help guard against breaches, says Mark Eggleston, CISO at Health Partners Plans, who will speak on vendor risk management at ISMG's Healthcare Security Summit, to be held Nov.

Risk 113

Cryptocurrency Infrastructure Flaws Pose Bitcoin Risks

Data Breach Today

Major Cybercrime Gangs Shift From Hacking Banks to Bitcoins Bitcoin's massive rise in value and hype continues to draw the attention of hackers, scammers and organized crime.

Risk 198

Reducing Medical Device Cyber Risks

Data Breach Today

Many medical devices, especially older ones, were not designed with cybersecurity in mind, so healthcare organizations need to take special precautions to reduce risks, says security expert Justine Bone, who describes effective strategies

Risk 100

Bringing Vendor Risk Management to the Midmarket

Data Breach Today

A new initiative by the Cyber Readiness Institute aims to promote best cybersecurity and vendor risk management practices to smaller enterprises. RiskRecon founder and CEO Kelly White offers his perspective on converting standards to practices

Risk 109

Reputational Risk and Third-Party Validation

Data Breach Today

Security ratings are increasingly popular as a means of selecting cybersecurity vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses

Risk 121

Vendor Risk Assessment: Essential Components

Data Breach Today

Vendor risk management is becoming more critical as companies rely more on partners who have access to payment card data and other sensitive information, says Ramon Lipparoni, IT integration manager at ComAir, a South African airline. One critical step, he says, is conducting impromptu vendor audits

Risk 100

5 steps to an effective ISO 27001 risk assessment

IT Governance

Risk assessments are one of the most important parts of an organisation’s ISO 27001 compliance project. It’s impossible to prepare for every risk that you might be vulnerable to, so you should use the assessment stage to gauge your biggest priorities. Risk scale. Risk appetite.

Risk 68

Security Risks of Government Hacking

Schneier on Security

A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. These risks are real, but I think they're much less than mandating backdoors for everyone.

Risk 70

How to improve your risk assessment process

IT Governance

For many people, the prospect of conducting a risk assessment is daunting. The risk assessment software vsRisk provides a simple and fast way to identify relevant threats, and deliver repeatable, consistent assessments year after year.

Risk 65

How to deliver hassle free risk assessments

IT Governance

To ensure that the cyber security controls your organisation has chosen are appropriate to the risks it faces, a risk assessment should be carried out. This risk assessment consists of identifying, analysing and evaluating risk.

Risk 63

How to achieve an effective risk assessment

IT Governance

A risk assessment is the process of identifying, analysing and evaluating risk. Carrying out a risk assessment is the only way to ensure that the cyber security controls chosen for your organisation are appropriate to the risks it may face.

Risk 68

How to Control API Security Risks

eSecurity Planet

Plugging critical vulnerabilities and using API security products are the best ways to manage API security risks

Risk 63

Growing IT-OT Integration: Addressing the Risks It Brings

Data Breach Today

IBM Security's Paul Garvey on Taking the Right Approach While IT and OT integration has brought about new levels of operational efficiency, it has also introduced serious cyber risks that conventional IT security approaches might fail to address, says IBM Security's Paul Garvey

Risk 130

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In the first segment, we talk with Thomas Harvey of the firm RMS about the problem of “silent cyber” risk to insurers and how better modeling of cyber incidents is helping to address that threat. Sure, that seemed like an unlikely (though not unprecedented ) risk.

Risk 52

Why risk assessments are essential for GDPR compliance

IT Governance

Any organisation that’s required to comply with the EU General Data Protection Regulation (GDPR) needs to conduct regular risk assessments. Organisations might assume that the only risks they face are from cyber criminals trying to break into their systems.

Risk 71

Create hassle-free risk assessments (and save up to £400)

IT Governance

Risk assessments are at the core of many frameworks and standards, including ISO 27001, the international standard that describes best practice for an ISMS (information security management system).

Risk 61

The Industrial Internet of Things: Emerging Risks

Data Breach Today

Leading the latest edition of the ISMG Security Report: Chris Morales of the cybersecurity firm Vectra discusses how the industrial internet of things is changing the nature of industrial espionage and disruption

Risk 116

What is the Business Continuity Risk Management Pack?

IT Governance

Organisations face a myriad of risks and threats. The Business Continuity Risk Management Pack will help you develop effective business continuity plans tailored to your organisation’s unique needs. Risk Assessment Procedure . Risk Register/Treatment Plan .

Risk 58

When did you last perform a risk assessment?

IT Governance

The risks your organisation faces are constantly evolving, so they need to be regularly assessed and addressed to prevent them from becoming a threat. So if you performed a risk assessment a few months ago, it is likely that things will have changed in the meantime.

Risk 54