Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says CEO Steve Harvey. BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies.
See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors.
This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust...
Modern organizations often have complex cloud and on-premise environments often managed with siloed security tools. This situation leads to fragmented visibility, an inability to prioritize risks for remediation and a lack of business-level reporting.
In this webinar, security leaders will learn how cloud security...
Unifying decision-making about privacy, security, ethics and governance poses a huge challenge from a regulatory and operational perspective, says OneTrust CEO Kabir Barday. OneTrust has created a network of 900 lawyers across 300 jurisdictions that feed intelligence into the company's platform.
Third-party risk management; environmental, social and governance risk; risk quantification: They are all critical topics as we approach 2023. Richard Marcus of AuditBoard explains the significance of these areas and how security leaders should approach them strategically.
In this interview with Information...
Cyber resilience extends beyond cyberattacks and encompasses the convergence of security and disaster recovery and takes into account other factors such as supply chain disruption, attacks on critical infrastructure, epidemics, market fluctuations, power outages, and natural disasters.
The shift to remote work introduced new security risks for Piedmont Healthcare since workers could no longer rely on the firm to protect their information. Employees need to understand the security issues associated with connecting to the network using personal devices, says CISO Monique Hart.
To ensure your security investments offer complete visibility into your attack surface and uncover critical risks at scale, we've compiled questions to help you evaluate solutions. We focus on six key areas: attack surface discovery, exposure identification, triage, validation, remediation, and outputs.
CISOs must focus on the business value they're providing, not the technical details of their work, when interacting with the C-suite and board. Don’t focus too narrowly on security risks and technical requirements and miss what the business wants to achieve, says David Nolan, CISO, The Aaron’s Co.
In 2021, U.S. mergers and acquisitions shot up 55%. In 2022, that percentage is set to climb even higher. The wave of post-COVID M&A demands that cybersecurity leaders improve their efficacy. Ben Murphy of Truist shares insight on where, when and how cybersecurity needs to influence the M&A agenda.
It has never been more vital to secure your supply chain, with governments also recognizing the urgency by increasingly calling for Software Bills of Materials (SBOMs) and the implementation of effective third-party security risk management (TPRSM) to stem the surge in ransomware and other cyberattacks.
Have you ever struggled to answer the questions “how secure is our company” or “are we as secure as our top competitors”, or even “are we doing better or worse than the last time we checked”? Even companies who pride themselves on having best-in-class security programs often don’t have the data to answer...
Compliance isn’t exactly the most exciting side of cybersecurity. But like it or not, much of our work to secure digital assets boils down to implementing and validating checklists of controls that prevailing wisdom holds to be effective.
During this webinar, experts from RiskRecon and Cyentia Institute will...
In this episode of "Cybersecurity Unplugged," Mark Cristiano of Rockwell Automation discusses Rockwell's cybersecurity journey, the particular challenges of deploying cybersecurity in an OT environment, and the minimum and proper industrial protections that organizations need to have in place.