Even though many organizations believe that supply chain cyber risk is a serious problem, very few organizations are vetting their suppliers, says CrowdStrike's Michael Sentonas.
"Our risk landscape has changed from protecting the things that we operate to protecting the things that we buy, and that's why third party risk management is the place where people are really focusing," says Joel de la Garza of the venture capital firm Andreessen Horowitz.
Risk managers in particular have a vested interest in ensuring their organizations are in ongoing compliance with GDPR.
If you are concerned about your organization's GDPR compliance, download this guide and learn:
A history and background of the GDPR;
A number of noteworthy compliance indications;
Six...
To build out the business structure and technical functionality that enables your organization to deliver products and services quickly and efficiently, you have to know how you're doing compared to how your competitors and peers are doing.
In other words, CIOs today must be highly effective at...
Without fostering feelings of responsibility and accountability for cybersecurity among employees, security awareness training won't necessarily make an organization any safer or less vulnerable.
Download this eBook and learn:
Why current awareness practices don't work;
The value of evidence-based awareness;
How...
Big data and artificial intelligence have sparked a paradigm shift in risk management. From cybersecurity to PR to logistics, continuous monitoring is already making a major impact.
Download this eBook and learn how continuous monitoring technologies are transforming a range of risk areas such as:
Vendor...
How can security ratings help you identify, quantify, and mitigate cyber risk? Smart benchmarking requires objective, verifiable and actionable metrics on security performance.
Download this eBook and learn how:
To create a framework for effective cybersecurity benchmarking;
Security ratings can be used to...
Australian medical booking platform HealthEngine offered AU$25 (US$19) gift vouchers to dental patients who sent photos of their treatment invoices to the company, which it positioned to patients as "invaluable" research. Privacy experts say the company may have fallen afoul of Australian privacy guidelines.
A new initiative by the Cyber Readiness Institute aims to promote best cybersecurity and vendor risk management practices to smaller enterprises. RiskRecon founder and CEO Kelly White offers his perspective on converting standards to practices.
A coding mistake by an electronic health records vendor has resulted in a data breach impacting thousands of United Kingdom patients. But the incident also serves as a reminder to healthcare entities in the U.S. and elsewhere about the variety of data privacy and security risks vendors can pose.
Google says it closely vets third-party party applications that peek into Gmail boxes. But an investigation by the Wall Street Journal raises questions if consumers are fully aware of the consequences of granting access to third-party apps and the practices of email-scanning companies.
The difficulty in hiring new information security personnel and need to combat the ever-rising number of threats is driving many organizations to seek increased incident response automation, and in many cases to get it by working with managed security service providers, says AlienVault's Mike LaPeters.
The security of your vendor's entire enterprise impacts you, and that is why third-party security risk matters. The third-party space is currently being transformed, which will change how you must prioritize risk.
Download this white paper and learn:
Principles for fair and accurate security ratings;
The true...
This is the definitive study of third-party security risk management practices. Based on in-depth interviews of risk executives from 30 domestic and global firms, it reveals the real-world capabilities and practices employed to manage third-party security risk.
Compare your own program with the Playbook data about...
Your executives have adopted a service-provider-first strategy, outsourcing system hosting and services operations on a large scale. As systems and services move outside the organization, related information assets move with it. While you can outsource your systems and services, you cannot outsource your risk....
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.