Making Vendor Risk Management Part of Your Security Strategy

Posted by:

Making Vendor Risk Management Part of Your Security Strategy

When we think of Vendor Risk Management (VRM), there’s usually a policy or a procedure, possibly even a process to follow – and for good reason. The consistent approach that effective VRM gives you should lead to lower financial and strategic risks, increased admin efficiencies, reduced costs and quicker onboarding of suppliers.

A painful lessons this year has taught businesses is that they are only as resilient as the vendors they rely on. A promise is only ...

Read More →
0

CISO On Demand, Compliance, Comprehensive Compliance Solutions, Incident Response, Information Security, IT Security, Network Security, Penetration Testing, Regulatory Compliance, Supply Chain

, , , , , ,

How the pandemic changed everything and nothing

Posted by:

How the pandemic changed everything and nothing

This is a quick look back over the last six months or so: what’s changed in the world of work and cybersecurity and how businesses have responded. I wasn’t sure how to title this post. I don’t think words like ‘review’, ‘lessons learned’ or ‘takeaways’ really do the scale of the situation, but ‘What the …. just happened?’ seems a bit strong.

That being said, from my research and conversations with people in the companies that have ...

Read More →
0

CISO On Demand, Cloud Security, Compliance, IT Security, Network Security, Penetration Testing, Ransomware, Supply Chain

, , , , , , ,

Examining the How of NIST Privacy

Posted by:

Examining the How of NIST Privacy

Last time I discussed why you should consider using the NIST Privacy framework as both a foundation and methodology for managing data protection and privacy risk management

In this article, I’d like to explain how it works in practice.

Here we bring together facts and information from disparate and sometimes rather technical documents. When I began my research into the NIST Privacy framework, I saw it described as both “

Read More →
0

201 CMR 17.00, CISO On Demand, Compliance, Comprehensive Compliance Solutions, cyber-security, GDPR, HIPAA, Incident Response, Information Security, PCI DSS, Regulatory Compliance, Uncategorized

, , , , , , ,

NIST Privacy Framework – Your Foundation for Future Privacy Compliance

Posted by:

NIST Privacy Framework – Your Foundation for Future Privacy Compliance

In preparing to write an article about the NIST Privacy Framework I asked some friends who work in infosec and data protection for their thoughts. With few exceptions the conversation went:

“Oh, you mean the NIST CyberSecurity Framework.”

“No, the Privacy Framework”, I’d reply.

“I’m pretty sure it’s Cybersecurity.”

“I’ll send you a link.”

It’s not surprising that it’s gone under the ...

Read More →
0

CISO On Demand, Cloud Security, Compliance, Incident Response, Information Security, IT Security, Network Security, Uncategorized

, , , , , , , ,

CCPA is now in effect. What you need to do about it

Posted by:

CCPA is now in effect. What you need to do about it

The California Consumer Privacy Act, or CCPA, seemed to take an age between being signed into law in 2018 and coming into effect in January of this year. Even after this long lead-up time, businesses were given an additional six months of grace. That six month has just come to an end on 1st July.

So now that CCPA has properly come into effect, what’s your business doing about it?

You ...

Read More →
0

201 CMR 17.00, CISO On Demand, Cloud Security, Compliance, Information Security, SEC, Supply Chain

, , , , ,

Ransomware Going Nowhere – Healthcare Beware!

Posted by:

Ransomware Going Nowhere – Healthcare Beware!

My friends who are lucky enough to still be employed throughout the pandemic appear to be split into two camps. Half seem to be spending much of the day staring out of the window, largely unproductive, the bosses’ gaze concentrating on other areas like the distracted Eye of Sauron. The other half are working three times as hard to make up for the colleagues who are furloughed or are unlucky enough to have been cut.

One set ...

Read More →
0

CISO On Demand, Information Security, Ransomeware, Ransomware, Security Alerts, Uncategorized

, , , ,

TBG Data Breaches Part 2: It’s not (necessarily) your fault

Posted by:

TBG Data Breaches Part 2: It’s not (necessarily) your fault

Last time I discussed the ‘Did they really do that?!’ kind of data breach, the one where you can’t quite see how an organization could manage to have that much data exposed that openly for that long. We all laugh, but as the news clearly demonstrates, it could happen to any company of any size with seemingly any budget.

Malicious actors, however, aren’t just sitting around waiting for the latest instance of an accidental data splurge. They’re ...

Read More →
0

CISO On Demand, Compliance, Data Breach, GDPR, IT Security, Penetration Testing

, , , , , , ,

Zoom: How to Avoid Cyber Security Video Conferencing Pitfalls

Posted by:

Zoom: How to Avoid Cyber Security Video Conferencing Pitfalls

There has been quite a trend in recent years of companies going from zeroes to heroes to villains in a short space of time: think Uber and WeWork. 

Unsustained growth can pose problems, particularly if you do not take cybersecurity seriously. 

Enter Zoom. Its fast growth caught the attention of bad actors and security researchers alike. Here are just a few of the recent security issues that have been raised. 

Read More →
0

CISO On Demand, cyber-security, Information Security, IT Security, Network Security, Security Alerts

, , , , , , , ,

Security Benefits and Perils of Serverless Computing

Posted by:

Security Benefits and Perils of Serverless Computing

Whether you run your infrastructure in house or in the cloud, you’ve probably heard of serverless computing, and how it can make running applications easier and cheaper.  But is it all it’s cracked up to be, and is it more secure than running ‘always on’ servers?

Let’s start with the obvious advantages:

No infrastructure to maintain, not even virtual

With serverless computing, you don’t have to worry about provisioning servers, not even virtual ones. Your code runs ...

Read More →
0

CISO On Demand, Cloud Security, Data Breach, Incident Response, Information Security, IT Security, Network Security

, , , ,

Why it is high time to consider a CISO on demand

Posted by:

Why it is high time to consider a CISO on demand

Many years ago I went to the doctor with a weird arm.  If I held my elbow and wrist just-so, it seemed to stop the blood supply going to my fingers.  Nothing too dramatic, but worth getting checked out. I was referred to the local hospital where the specialist remarked that he had never seen anything like it and he was keen to investigate further.

“I should add that you’ve been referred to the wrong department.  This ...

Read More →
0

Blog, CISO On Demand, Incident Response, Information Security, IT Security, Network Security

, ,

Page 1 of 2 12
})
SEC Cybersecurity Exams