Third-party risk has emerged as one of 2019's top security challenges, and the topic was the focus of a recent roundtable dinner in Charlotte. RSA's Patrick Potter attended that dinner and shares insight on how security leaders are approaching this aspect of digital risk management.
Not long ago, organizations could control their perimeter with relative ease. However, with companies looking toward digital transformation of business processes, myriad communication and collaboration apps are being adopted, even if they aren't given the official stamp of approval from security departments. How do...
License plate and traveler photos collected at the U.S. border have been compromised after a federal government subcontractor was hacked. While Customs and Border Protection officials claim the image data hasn't been seen online, security experts say it's already available for download via a darknet site.
The White House budget chief is seeking to delay a ban on the U.S. government using products manufactured by Huawei. In a letter to Vice President Mike Pence, Russell T. Vought, the acting director of the Office of Management and Budget, says organizations need more time to switch suppliers.
As spotlighted by the recent American Medical Collection Agency breach impacting at least four clients and more than 20 million of those companies' patients so far, vendor risk management is an increasingly critical component of information security, says Eddie Chang of Travelers Insurance.
Cybersecurity continues to be a significant area of concern, with a higher frequency of multi-million dollar, potentially deadly, security breaches, 63% of which can be attributed to a third party.
In this webinar Justin Strackany, Chief Customer Officer at SecureLink, and Tony Howlett, CISO at SecureLink, will...
How big will the American Medical Collection Agency data breach get? LabCorp has now revealed that data on 7.7 million of the patients it serves was potentially compromised in the breach. Earlier, Quest Diagnostics said nearly 12 million of its clients were affected. Two U.S. senators are demanding answers.
On Tuesday, Information Security Media Group will host a Fraud & Breach Summit in Seattle that will focus on critical issues facing CISOs and their security teams. Here's a preview.
On the sixth stop of a multi-city tour, ISMG and Sonatype visited San Francisco for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses the relevance and value of this application security conversation.
Multi-sourcing gives an organization access to the innovations offered by different best-of-breed providers, or the value of 'as-a-service' solutions, within a tightly connected and integrated IT model.
However, organizations must understand that their IT service providers can introduce risks into their carefully...
Federal regulators have issued new guidance clarifying when a business associate can be held directly liable for compliance with the HIPAA privacy, security and breach notification rules. Why is there still so much confusion?
After the Trump administration last week blacklisted Huawei amid rising trade tensions, Google says it has canceled the Chinese smartphone giant's Android license. Many chipmakers and other technology firms have also said they will cease or at least pause the sharing of software, hardware and services.
Managing risks are part of a robust information security program. Our organizations have come to depend on a complex network of third-party relationships. Reliance on third-parties can drive performance, but also pose significant risks. Many organizations are still struggling to effectively manage their third-party...
CISOs and other security leaders know they can't find and fix every vulnerability. Yet, that's what's expected. So, what can you do?
The short answer: Work smarter, not harder. To do that, you need to reduce the vast universe of potential vulnerabilities down to a subset of the vulnerabilities that matter...
In 2017 the US Department of Homeland Security (DHS) added Election Infrastructure as a cyber-resiliency Critical Infrastructure Subsector under the Presidential Policy Directive/PPD 21 (2013) and raised the profile of elections security substantially. By doing this, DHS empowered states to integrate elections...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
