A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.
Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.
As ransomware and other cyberattacks continues to proliferate, organizations must improve vendor risk management so they have a plan in place in case a business associate falls victim, says Mitch Parker, CISO of Indiana University Health System, who will speak at ISMG's Healthcare Security Summit in New York.
An Iowa eye clinic and its affiliated surgery center recently recovered from a ransomware attack on their common systems within one day and without paying a ransom. This case offers important reminders to other healthcare entities and their vendors about advance planning.
Malicious bots and botnets are becoming increasingly common and sophisticated, and enterprises need to address them in their risk assessments and security frameworks, says Akamai's Aseem Ahmed.
Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Systems, who formerly was CISO at Vanderbilt University and Medical Center.
Because business associates have been culprits in heath data breaches impacting millions of individuals, healthcare entities need to be diligent in taking steps to reduce the persistent risks these vendors pose, says privacy and security expert Susan Lucci.
In today's risk landscape, third-party risk management (TPRM) programs are becoming increasingly critical for businesses. In fact, Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a Board-level initiative to mitigate brand and reputation risk. However, there are...
Compliance regulations such as SWIFT and GDPR can be challenging to understand and implement. Many of these regulations have cybersecurity requirements that are focused on protecting critical banking infrastructure with aggressive timelines - and without disrupting the very business-critical systems you're trying to...
A new council of healthcare CISOs hopes to work together toward improving uniformity and efficiency in the way organizations review the security controls and practices of third-party vendors that handle sensitive patient data.
Philips and Becton Dickinson have each issued multiple alerts this year regarding cybersecurity flaws in some of their medical devices. Some security experts say the two companies' transparency about cybersecurity issues - including new alerts issued last week - should be emulated by other manufacturers.
The level of integration that third-party vendors and services have in the enterprise environment is introducing risks vectors that are not well understood, says Trustwave's Edwin Lim.
Even though many organizations believe that supply chain cyber risk is a serious problem, very few organizations are vetting their suppliers, says CrowdStrike's Michael Sentonas.
"Our risk landscape has changed from protecting the things that we operate to protecting the things that we buy, and that's why third party risk management is the place where people are really focusing," says Joel de la Garza of the venture capital firm Andreessen Horowitz.
Risk managers in particular have a vested interest in ensuring their organizations are in ongoing compliance with GDPR.
If you are concerned about your organization's GDPR compliance, download this guide and learn:
A history and background of the GDPR;
A number of noteworthy compliance indications;
Six...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
