Risk management is essential to the existence of every business. It requires organizations to consider which risks they can accept and which risks they can mitigate. But the problem with risk acceptance is that attackers are "actively looking for risks that you haven't mitigated that they're able to exploit," says...
Third-party risk management is a key priority among businesses today. Risk leaders are being forced to quickly adjust to an evolving risk landscape and a growing number of vendors. As a result, companies need an efficient way to handle their vendor management process.
What are best-in-class organizations doing today...
Third-party risk management is a key priority among businesses today. Risk leaders are being forced to quickly adjust to an evolving risk landscape and a growing number of vendors. As a result, companies need an efficient way to handle their vendor management process.
What are best-in-class organizations doing today...
This ebook examines Zero Trust security strategies and why the effects of the pandemic validate the need for Zero Trust Network Access (ZTNA).
Key insights include:
Trigger points influencing Zero Trust initiatives;
Examining results that Zero Trust strategies have delivered;
The key technologies...
The latest edition of the ISMG Security Report features highlights from interviews in 2021 and examines President Joe Biden's executive order on cybersecurity, ransomware response advice and assessing hidden business risks.
As healthcare entities set out to better secure cloud application development and management, there are several critical considerations they must not overlook. Key among these: "the need to move to a DevSecOps model in the first place," says Adrian Mayers, CISO of health insurer Premera Blue Cross.
Organizations lack a basic understanding of "the landscape of security vulnerabilities," says U.K.-based cybersecurity expert John Walker. He discusses the state of cybersecurity today - including why he prefers the term "verified trust" to Zero Trust - and offers predictions for 2022.
Michael Lines is working with Information Security Media Group to promote awareness of the need for cyber risk management, and as a part of that initiative, the CyberEdBoard will post draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This post's chapter is...
The energy, utilities, and industrials vertical has long been a significant target for criminals and state-sponsored threat actors.
The May 2021 ransomware attack on the US Colonial pipeline operation became one of the most high-profile examples of these long-standing threats, due to the gasoline supply shortages it...
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
From the rain forest of northern Brazil to the business hub of Sao Paulo, Marco Túlio has built an impressive career in cybersecurity. He discusses the opportunity and challenge of enabling people to step up, succeed and eventually rise to be leaders in their own right.
Complex IT ecosystems coupled with fragile security protocols leave companies vulnerable to security attacks. As companies move towards Zero Trust, microsegmentation solutions help protect against unknown exposures on the network. Organizations are continuously responding to changes in the cybersecurity landscape and...
Like CISOs everywhere, Dawn Cappelli of Rockwell Automation awoke last Friday to news about the Log4j vulnerability and the risk it posed to her company, customers and partners. Here is how she approached triage, response and capturing insights to be shared with other security leaders.
Once, in another role, Rent-A-Center CISO Jason Fruge was asked by senior management to develop a "security scorecard," but he resisted. What were his objections, and how did he address them? Fruge explains in this exclusive leadership discussion.
More than ever, financial institutions — such as institutional investors, private equity firms, venture capital firms, mutual funds, underwriters and other types of investors — need to assess cyber risk as part of their risk management process in investing. But how can you gain visibility into the cyber risk...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
