TalkTalk's confusion in the wake of its recent data breach, as well as mangling of technical details and failure to encrypt customer data, demonstrate the importance of having an incident-response plan ready in advance of any breach, experts say.
The National Institute of Standards and Technology has issued a Guide to Application Whitelisting that provides step-by-step instructions on deploying automated application whitelisting to help prevent malware from accessing IT systems.
The so-called 30-day cybersecurity sprint championed by Federal CIO Tony Scott has resulted in a strategy and implementation plan for federal government civilian agencies that focuses on a defense-in-depth approach to IT security.
The whole idea behind vendor risk
management is that you want to be
able to verify the effectiveness of your
vendors' security practices. But with current solutions that rely on
self-reporting questionnaires, how
do you actually go about doing that?
Download this whitepaper to explore the flaws of...
Relationships with vendors are
important (or even vital) for many
organizations, but unfortunately,
there's a trade-off - the more data you
share, the more risk you acquire.
It is extremely difficult to measure
the security posture of each of your
vendors, let alone create objective
metrics around those...
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
With the FFIEC releasing their Cybersecurity Assessment Tool (CAT) for Financial Institutions as a 120+ page PDF, many FI's asked us for an easy, effective way to implement the CAT in their own organization. The Praesidio CAT Scorecard addresses the needs of Financial Institutions by providing a straightforward way...
Benchmarking security performance against peers and industry averages is one way
organizations can get a true picture of just how secure they are.
To understand optimism bias of cybersecurity performance, we commissioned a survey with
Dimensional Research that asked IT professionals about their organization's...
Put your personal feelings aside; what's dangerous about the AshleyMadison.com breach is that ideologists will now go beyond taking down an IT system and actually destroy a business. This evolution, says cybersecurity expert Carl Herberger, requires a new way to assess and mitigate risk.
As federal lawmakers return this week from their Independence Day recess, Congress picks up where it left off before the break: holding hearings on the Office of Personnel Management breach that exposed the personal records of millions of government workers.
The FFIEC has released its much-anticipated Cybersecurity Assessment Tool. Hear why banking regulator Tim Segerson believes the tool is expected to be rolled into regulatory examinations by summer of 2016.
EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.
In assessing risk, computer security has three characteristics: confidentiality, integrity and availability. But not all of those traits help systems designers assess privacy risks. So NIST is developing a privacy risk management framework.
Emerging cybersecurity risks are now banking institutions' top concern, says the ABA's Heather Wyson-Constantine. What are institutions' contractual protections in the wake of a third-party data breach?
White House Cybersecurity Coordinator Michael Daniel says the toughest international cybersecurity challenge facing the Obama administration is getting cooperation in coordinating responses to online crime.