Really good third-party cybersecurity risk management is essential to enterprise success. Done well it enables an organization to realize at the speed of business the benefits of outsourced systems and services. Done poorly it results in the business missing out on strategically important opportunities or, even worse,...
The firmware of more than 500 Huawei networking products is riddled with security weaknesses that make the vendor risky to use for 5G networks, a new report contends. The study analyzed more than 9,000 firmware images in 558 enterprise products from the Chinese company.
An effective third-party risk management program starts with asking the right questions, says Brad Keller, chief strategy officer and senior vice president at the Santa Fe Group, a strategic advisory company, who spells out key issues to address.
Too many organizations around the world take a "bare minimum" approach to third-party risk management, says Jonathan Ehret, founder of the Third Party Risk Association, who offers risk mitigation insights.
Hackers have repeatedly stolen valuable data - including launch codes and flight trajectories for spacecraft - from NASA's Jet Propulsion Laboratory in recent years, according to a new inspector general audit, which describes weak security practices.
Third-party risk has emerged as one of 2019's top security challenges, and the topic was the focus of a recent roundtable dinner in Charlotte. RSA's Patrick Potter attended that dinner and shares insight on how security leaders are approaching this aspect of digital risk management.
Not long ago, organizations could control their perimeter with relative ease. However, with companies looking toward digital transformation of business processes, myriad communication and collaboration apps are being adopted, even if they aren't given the official stamp of approval from security departments. How do...
License plate and traveler photos collected at the U.S. border have been compromised after a federal government subcontractor was hacked. While Customs and Border Protection officials claim the image data hasn't been seen online, security experts say it's already available for download via a darknet site.
The White House budget chief is seeking to delay a ban on the U.S. government using products manufactured by Huawei. In a letter to Vice President Mike Pence, Russell T. Vought, the acting director of the Office of Management and Budget, says organizations need more time to switch suppliers.
As spotlighted by the recent American Medical Collection Agency breach impacting at least four clients and more than 20 million of those companies' patients so far, vendor risk management is an increasingly critical component of information security, says Eddie Chang of Travelers Insurance.
Cybersecurity continues to be a significant area of concern, with a higher frequency of multi-million dollar, potentially deadly, security breaches, 63% of which can be attributed to a third party.
In this webinar Justin Strackany, Chief Customer Officer at SecureLink, and Tony Howlett, CISO at SecureLink, will...
How big will the American Medical Collection Agency data breach get? LabCorp has now revealed that data on 7.7 million of the patients it serves was potentially compromised in the breach. Earlier, Quest Diagnostics said nearly 12 million of its clients were affected. Two U.S. senators are demanding answers.
On the sixth stop of a multi-city tour, ISMG and Sonatype visited San Francisco for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses the relevance and value of this application security conversation.
Multi-sourcing gives an organization access to the innovations offered by different best-of-breed providers, or the value of 'as-a-service' solutions, within a tightly connected and integrated IT model.
However, organizations must understand that their IT service providers can introduce risks into their carefully...