Google says it closely vets third-party party applications that peek into Gmail boxes. But an investigation by the Wall Street Journal raises questions if consumers are fully aware of the consequences of granting access to third-party apps and the practices of email-scanning companies.
The difficulty in hiring new information security personnel and need to combat the ever-rising number of threats is driving many organizations to seek increased incident response automation, and in many cases to get it by working with managed security service providers, says AlienVault's Mike LaPeters.
What happens if organizations that must comply with GDPR have yet to achieve compliance, despite having had two years to do so before enforcement began? Don't panic, says cybersecurity expert Brian Honan, but do be pursuing a data privacy transparency and accountability action plan.
Leading the latest edition of the ISMG Security Report: Reports on the impact enforcement of the EU's General Data Protection Regulation, which began Friday, will have on the healthcare and banking sectors. Plus an assessment of GDPR compliance issues in Australia, which offer lessons to others worldwide.
Facebook has taken several moves aimed at minimizing misuse of social media during the 2019 elections in India. But are the actions merely a marketing maneuver, or could they have a real impact?
Can technology solve the problem of giving law enforcement access to all encrypted communications without additional risks to the public? Software legend Ray Ozzie says he has an idea. But it's unlikely to quell the debate over hard-to-break encryption.
Great news: "SunTrust to offer free identity protection ... at no cost on an ongoing basis." Of course, nothing comes for free, at least for 1.5 million customers of the Atlanta bank, whose personal details may have been sold to criminals by a former employee.
Not long ago, Sam Kassoumeh of Security Scorecard has to explain the concept of cybersecurity ratings. Now he sees the practice being used throughout enterprises for other, evolving business cases.
Managing third-party risks is more critical than ever, says Tom Turner of BitSight Technologies, who discusses the urgency of communicating that to the board.
The Department of Health and Human Services is warning the healthcare sector about ongoing attacks involving SamSam ransomware that have impacted at least eight U.S. organizations so far this year. What mitigation steps are recommended?
It's a complicated cybersecurity ecosystem for most organizations, which manage dozens of third-party relationships. Yet, they often rely on manual processes to manage their security risks. Sam Kassoumeh of SecurityScorecard discusses the value of automated security ratings.
The New Jersey state attorney general has smacked a medical practice with a $418,000 penalty for a 2016 HIPAA breach involving a vendor's misconfigured server. The case is the latest example of the risks posed by vendors.
CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.
Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview.
Vendor risk management is becoming more critical as companies rely more on partners who have access to payment card data and other sensitive information, says Ramon Lipparoni, IT integration manager at ComAir, a South African airline. One critical step, he says, is conducting impromptu vendor audits.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
