The FFIEC's Cybersecurity Assessment Tool is already being integrated into regulators' cybersecurity examinations, says Gartner analyst Avivah Litan. But the tool has so far led to more confusion than clarity, she says, and must be enhanced in 2016.
Conflicting cybersecurity guidance from banking regulators and a federal agency is making it more difficult for CISOs to set priorities, says Chris Feeney, president of BITS, the technology and policy division of the Financial Services Roundtable.
To guard against health data breaches, healthcare organizations must demand more proof that their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.
In its sixth HIPAA resolution agreement so far in 2015, the HHS Office for Civil Rights has announced a settlement with the University of Washington Medicine that includes a $750,000 penalty. It's the first HIPAA enforcement case stemming from the investigation of a phishing-related breach.
TalkTalk's confusion in the wake of its recent data breach, as well as mangling of technical details and failure to encrypt customer data, demonstrate the importance of having an incident-response plan ready in advance of any breach, experts say.
The so-called 30-day cybersecurity sprint championed by Federal CIO Tony Scott has resulted in a strategy and implementation plan for federal government civilian agencies that focuses on a defense-in-depth approach to IT security.
The whole idea behind vendor risk
management is that you want to be
able to verify the effectiveness of your
vendors' security practices. But with current solutions that rely on
self-reporting questionnaires, how
do you actually go about doing that?
Download this whitepaper to explore the flaws of...
Relationships with vendors are
important (or even vital) for many
organizations, but unfortunately,
there's a trade-off - the more data you
share, the more risk you acquire.
It is extremely difficult to measure
the security posture of each of your
vendors, let alone create objective
metrics around those...
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
With the FFIEC releasing their Cybersecurity Assessment Tool (CAT) for Financial Institutions as a 120+ page PDF, many FI's asked us for an easy, effective way to implement the CAT in their own organization.
The DefenseStorm CAT Scorecard addresses the needs of Financial Institutions by providing a straightforward...
Without the ability to benchmark security performance against peers and industry averages, businesses can suffer from optimism bias.
To understand optimism bias of cybersecurity performance, we asked IT professionals about their organization's performance
relative to industry peers. Survey respondents included IT...
If there's one thing federal regulators want to drill into the heads of covered entities and business associates about data breach prevention, it's this: Stop procrastinating, and conduct a risk analysis and encrypt most of your computing devices right away.
Put your personal feelings aside; what's dangerous about the AshleyMadison.com breach is that ideologists will now go beyond taking down an IT system and actually destroy a business. This evolution, says cybersecurity expert Carl Herberger, requires a new way to assess and mitigate risk.
The Mumbai-based SEBI has issued new guidelines to the country's stock exchanges to develop a cybersecurity and cyber resilience framework to protect the securities market from cyber-threats.
As federal lawmakers return this week from their Independence Day recess, Congress picks up where it left off before the break: holding hearings on the Office of Personnel Management breach that exposed the personal records of millions of government workers.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.