third-party risk

Balancing Security and Privacy in the Enterprise

Enterprise security teams have a namesake job to do – secure their organizations – but it does not have to come at the expense of their colleague’s privacy. How, then, do organizations balance the requirements and expectations of both sides and keep their data secure while ensuring that the company refrains from violating privacy laws?

IoT And The Quantum Threat. What To Do?

These days, every report on the Internet of Things (IoT) reminds us that we are continuing to increase our connectivity to the Internet through everyday appliances, sensors, and wearables, despite rampant security risks. In this new Experts Corner, Scott Totzke looks at how already-vulnerable technologies are left wide open.

How To Streamline The Cybersecurity Insurance Process

Is cybersecurity insurance a necessary evil? Assuming it is, how can organizations make the most of their audit and compliance efforts to get the best coverage and rates possible? Expert Alan Zeichick speaks with experts from multiple angles to see how best to streamline the application process.

Data Protection & Disaster Recovery Tips for Law Firms

As the issue of IT threats loom over the unprotected, there are several steps the legal industry can take to ensure critical case data remains intact and accessible. Expert Derek Brost shares some of those tips with us today.

Cybercriminals Make a Lot of Money. Because it is Too Easy

A new Kaspersky report shows criminals are enjoying profit margins of up to 95% on some DDoS attacks. Attackers are also demanding a ransom from a target in return for not launching a DDoS attack, or calling off an ongoing attack. Ben Herzberg from Imperva tells us why you need to pay attention to these stats.

Cyber Threats Have Evolved. How About Your Insurance?

Great advancements have been made in cyber risk insurance since the first policies were introduced nearly two decades ago. Options available in 2017 offer organizations the ability to not only survive a data breach but the resources and finances to swiftly take it head on and win. Cyber threats have evolved but has your approach to insurance?

You Can’t Change The Future, But You Can Foresee It, and Be Ready

When it comes to ingesting, digesting, and applying threat intelligence in a meaningful way, it can seem like information overload. With their Threat Catalogue, HITRUST is helping the healthcare industry overcome this challenge with a complete list of security and privacy threats geared toward the threats the industry faces on a daily basis.

We Have No Choice. We MUST Make 2017 the Year of Cybersecurity

It’s 2017 and we can no longer afford to ignore good cybersecurity practices. In this ITSPmagazine exclusive, we connected with top cybersecurity experts to get their recommendations on protecting business and users from malicious attacks.

When the Society of Things Attacks Itself - A BBC World News Newsday Interview

We’ve heard about cyberattacks against critical infrastructure sites and systems including dams (Bowman Avenue Dam in NY), railroads, electrical grids (Israel, US, Ukraine), and even nuclear power plants (Germany). But it doesn't stop there. And it may not even begin there.

They All Look Cute, Until You Analyze Security Posture Data

We can learn a lot about a vendor by looking at external indicators of compromise. But, are we getting the whole picture or just framing the risk at the moment?

Cybersecurity? What About Your People? Their People? People?

Psychology skills are supplanting technical skills as a critical hacker skill. "A culture of security is in place when rhetoric is replaced with action," says Gene Fredriksen CISM, CRISC and VP & CISO, PSCU. 

The Looming Threat of Third-Party Security Risks

The Looming Threat of Third-Party Security Risks

The inability to measure the security posture of third-party vendors and the inability to confirm whether they have suffered cyberattacks involving sensitive information serves as a wake-up call for all businesses.

Expert Harry Wan takes a deep dive into the findings of a recent Ponemon Institute survey which should create the call-to-action for businesses to search for processes and tools to help them deal with these challenges.

RSA Conference 2016 Recap: Third-Party Risk Was a Hot Topic

RSA Conference 2016 Recap: Third-Party Risk Was a Hot Topic

While it was difficult to decipher sometimes, some signals did find a way to cut through the noise at RSA Conference 2016. Analyst and journalist, Sean Martin, captured a few observations from the event.

Security Risk Assessment of Your Vendors and Yourself - Part 2

Security Risk Assessment of Your Vendors and Yourself - Part 2

If you're at a wealthy firm that performs annual SOC1 and SOC2 audits, then you're providing your clients with these reports.  If you're not one of the well-funded shops, then you're handling this verification the manual way—over and over again.

Expert Gary Landau digs deeper into the third-party risk - organizations should start by setting a good example.

Security Risk Assessment of Your Vendors and Yourself

Security Risk Assessment of Your Vendors and Yourself

My telecom provider wants a VPN connection and server login to maintain our phone system and voicemail server. Great. I've outsourced this support to a qualified expert and I just need to ensure they have remote access. Life is good, or is it?


Expert Gary Landau looks at the risks associated with providing access to third-party vendors. Perhaps organizations operating from glass houses shouldn't throw stones.