Not long ago, Sam Kassoumeh of Security Scorecard has to explain the concept of cybersecurity ratings. Now he sees the practice being used throughout enterprises for other, evolving business cases.
Managing third-party risks is more critical than ever, says Tom Turner of BitSight Technologies, who discusses the urgency of communicating that to the board.
It's a complicated cybersecurity ecosystem for most organizations, which manage dozens of third-party relationships. Yet, they often rely on manual processes to manage their security risks. Sam Kassoumeh of SecurityScorecard discusses the value of automated security ratings.
CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.
Vendor risk management is becoming more critical as companies rely more on partners who have access to payment card data and other sensitive information, says Ramon Lipparoni, IT integration manager at ComAir, a South African airline. One critical step, he says, is conducting impromptu vendor audits.
A recent alert from the Department of Homeland Security warning of vulnerabilities in certain medical imaging products from GE Healthcare is a reminder to other medical device makers and healthcare entities about the risks posed by hardcoded and default credentials.
The Playbook is the definitive study of third-party security risk management practices. Based on in-depth interviews of security executives from 30 domestic and global firms, it reveals the real world capabilities and practices employed to manage third-party security risk.
In this webinar, learn what real firms...
When working with cloud service providers, healthcare organizations must take responsibility for security practices rather than relying on the vendor, says Sonia Arista, a security consultant who formerly was CISO at Tufts Medical Center. She's a featured speaker at the HIMSS18 conference.
With the advent of technology in personal healthcare - internet connected glucose monitors, intravenous blood pressure monitoring, personal best friend emotional bots - a lot of highly sensitive data that's rampantly traversing the airwaves. The impact of this data getting in the wrong hands is just starting to be...
As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. Cloud systems and images have operating system and component vulnerabilities just like those in the enterprise. For example, Heartbleed, Shellshock and other major bugs can affect cloud systems, and there are new issues to...
Learn how cyber threat intelligence (CTI) helps you bolster defenses, hunt down adversaries, investigate incidents and make better security decisions
While once considered a "nice to have," Cyber Threat Intelligence (CTI) is now widely considered an essential weapon against breaches. A recent study by Enterprise...
As a long-time security leader, Qualys CISO Mark Butler has watched the evolution of security tools and platforms. The best-of-breed approach still has value, but also has failed us, he says. How can automation and orchestration provide new business value?
A lawsuit alleging that federal regulations "unlawfully" restrict fees healthcare entities can charge for providing patients with copies of their health records shines a spotlight of confusion and obstacle around patients' "right to access" under HIPAA.
Security vendor products are held to a higher standard of security. They must help their customers solve complex security problems, as well as have the most stringent security measures in place throughout the software development lifecycle. To meet those standards, many security vendors are turning to more innovative...
Bug bounties are fundamentally changing the way financial service organizations approach the security of the Internet, moving from the realm of novelty towards becoming best practice.
This report presents how the financial services industry is actively looking to bug bounty programs to augment their existing...