An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic.
How can organizations get the most out of partnering with managed security services providers and avoid common pitfalls? Cybersecurity consultant Vito Sardanopoli, an experienced CISO, offers top tips.
Many third-party risk management (TPRM) programs rely on tools and processes that are expensive, non-scalable, and ineffective at reducing risk. Additionally, some TPRM professionals (and the individuals who approve their budgets) are relying on subjective, outdated information to make decisions - and that information...
With growing numbers of data breaches being traced to third parties with lax security controls and processes, organizations need to implement "always-on" vendor risk management programs.
Download this report and learn why:
Third-party data breaches are so common and damaging;
Third-party risk management programs...
Organizations must carefully monitor that their business associates are adequately addressing data security to help guard against breaches, says Mark Eggleston, CISO at Health Partners Plans, who will speak on vendor risk management at ISMG's Healthcare Security Summit, to be held Nov. 13-14 in New York.
Your organization's risk surface is likely much larger than you think, so how can you get a handle on what risks exist, where they reside, and which ones are most important to resolve immediately? By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your...
Security ratings are increasingly popular as a means of selecting cybersecurity vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses.
In today's risk landscape, third-party risk management (TPRM) programs are becoming increasingly critical for businesses. In fact, Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a Board-level initiative to mitigate brand and reputation risk. However, there are...
Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority.
"Our risk landscape has changed from protecting the things that we operate to protecting the things that we buy, and that's why third party risk management is the place where people are really focusing," says Joel de la Garza of the venture capital firm Andreessen Horowitz.
Risk managers in particular have a vested interest in ensuring their organizations are in ongoing compliance with GDPR.
If you are concerned about your organization's GDPR compliance, download this guide and learn:
A history and background of the GDPR;
A number of noteworthy compliance indications;
Big data and artificial intelligence have sparked a paradigm shift in risk management. From cybersecurity to PR to logistics, continuous monitoring is already making a major impact.
Download this eBook and learn how continuous monitoring technologies are transforming a range of risk areas such as:
Australian medical booking platform HealthEngine offered AU$25 (US$19) gift vouchers to dental patients who sent photos of their treatment invoices to the company, which it positioned to patients as "invaluable" research. Privacy experts say the company may have fallen afoul of Australian privacy guidelines.
Your executives have adopted a service-provider-first strategy, outsourcing system hosting and services operations on a large scale. As systems and services move outside the organization, related information assets move with it. While you can outsource your systems and services, you cannot outsource your risk....
What happens if organizations that must comply with GDPR have yet to achieve compliance, despite having had two years to do so before enforcement began? Don't panic, says cybersecurity expert Brian Honan, but do be pursuing a data privacy transparency and accountability action plan.