Vendor Risk Management: What to Address

What is a vendor risk management program? Vendor risk management, also referred to as third-party risk management is a common component of many organizations, but many of the problems that organizations and security teams encounter haven’t changed.  The hurdles organizations face can commonly be broken down into three categories: the current approach for third-party risk, technology associated with these processes, and the resources or people...

9 Issues in Cyber Security Talent Development

Many studies have shown that there is a talent gap in cyber security and given the current state of cyber security’s talent development practices, it’s not surprising.  This talent gap is a contributing factor to the overall resource shortage as well as a lack of diversity throughout cyber security and technology companies as a whole.  This...

Building an Effective Security Program Roadmap

The pressure is on for cyber security teams to build effective security programs that can effectively stay on top of the changing threat landscape while simultaneously meeting business needs.  The work of an effective security program is never done but keeping up with changing demands and requirements can quickly become overwhelming.  Establishing a roadmap can provide guidance...

Creative Solutions to Cyber Security Problems

CISOSHARE has always been dedicated to helping organizations improve their security programs. Throughout the years, our team has been able to implement security programs in organizations of all sizes and industries. Much of our success can be attributed to the learning and teaching culture that guides our actions, both with clients and the way that we guide the development of our team.  Keeping Up...

CISOSHARE COVID-19 Cyber Security Progress Model

This forward-looking model is designed to support cyber security planning activities from the perspective of before, during and, after a pandemic event occurs. The goal of the model is to forecast the world and business landscapes in each phase to help organizations best consider and understand cyber security needs and activities in the coming landscape.  To accomplish this, we have created a 3-phase model that first aligns...

COVID-19 Cyber Security Tips to Make Progress in Uncertain Times

In any rapidly changing or fearful time, we’ve always found that it’s most helpful to contribute where we can, to help move each other forward and bring hope.  While I’m not an expert in the details of healthcare and specifics to COVID-19, there are many parallels in this world crisis — especially in how it affects businesses — and the cyber security crises that the CISOSHARE team sees...

Automating Third-Party Risk Management

The last article touched on third-party risk management and how it integrates into a company’s overall security program.  This time, we’re talking about automation and how it can help you make the steps of your third-party risk management processes more efficient.  Automating Identification  The identification of third parties is one of the most important steps in your third-party risk...

Cyber Security Staffing Options

As organizations are focusing and spending more on their cyber security programs, they’re running into a new problem: staffing.  With the existing cyber security resource shortage, nearly every organization needs additional cyber security staff.  Whether they’re working on one-time remediation activities to address specific risks, or they need additional staff for their security programs moving...

Understanding Third-Party Risk Management (TPRM)

Third-party risk management (TPRM) is a vital part of your security program’s overall risk management program. The average organization can have hundreds or even thousands of third parties and vendors that have access to their networks or handle sensitive data on their behalf, leaving a large surface open to potential cyber-attack.  One of the most...

Security Trends from 2019 and Into 2020

So, the whole opportunity bummer to this Internet thing is that things you post do not go away.  We’ve been making predictions about coming predictions about coming security trends, so we thought we’d take a look at where we were right and where we were wrong.  Below are each of the trends we identified that we saw developing in...