MVSP: A minimum cybersecurity baseline to simplify vendor security assessment
Any organization that’s actively working on managing its cybersecurity risk can’t ignore the risk that goes with third-party vendors having access to its critical …
security assessment
CAM sector cybersecurity challenges and how to mitigate them
ENISA discloses an in-depth analysis of the cybersecurity challenges faced by the connected and automated mobility (CAM) sector and provides actionable recommendations to …
MythBusters: What pentesting is (and what it is not)
You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security …
Third-party risk management programs still largely a checkbox exercise
Enterprise third-party risk management (TPRM) programs have been around for a half-decade or longer, and at this point most large organizations run one. However, many of these …
PCI SSC releases PCI Secure Software Lifecycle (SLC) Standard 1.1
The PCI Security Standards Council (PCI SSC) has published version 1.1 of the PCI Secure Software Lifecycle (SLC) Standard and its supporting program documentation. The PCI …
The cybersecurity issues of seismic monitoring devices
Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, say researchers who have probed the devices …
How do I select a security assessment solution for my business?
A recent research shows high-risk vulnerabilities at 84% of companies across finance, manufacturing, IT, retail, government, telecoms and advertising. One or more hosts with a …
How security theater misses critical gaps in attack surface and what to do about it
Bruce Schneier coined the phrase security theater to describe “security measures that make people feel more secure without doing anything to actually improve their security.” …
A proactive approach to cybersecurity requires the right tools, not more tools
The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made …
Google introduces many G Suite security enhancements
Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification. …
Third-party cyber risk management is a burden on human and financial resources
Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective. There are four major takeaways for key decision …
Cyber preparedness essential to protect EU from large scale cyber attacks
The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable. Preparing …