Automating Third-Party Risk Management

The last article touched on third-party risk management and how it integrates into a company’s overall security program.  This time, we’re talking about automation and how it can help you make the steps of your third-party risk management processes more efficient.  Automating Identification  The identification of third parties is one of the most important steps in your third-party risk...

Cyber Security Staffing Options

As organizations are focusing and spending more on their cyber security programs, they’re running into a new problem: staffing.  With the existing cyber security resource shortage, nearly every organization needs additional cyber security staff.  Whether they’re working on one-time remediation activities to address specific risks, or they need additional staff for their security programs moving...

Understanding Third-Party Risk Management (TPRM)

Third-party risk management (TPRM) is a vital part of your security program’s overall risk management program. The average organization can have hundreds or even thousands of third parties and vendors that have access to their networks or handle sensitive data on their behalf, leaving a large surface open to potential cyber-attack.  One of the most...

Security Trends from 2019 and Into 2020

So, the whole opportunity bummer to this Internet thing is that things you post do not go away.  We’ve been making predictions about coming predictions about coming security trends, so we thought we’d take a look at where we were right and where we were wrong.  Below are each of the trends we identified that we saw developing in...

GRC Urban Legends Exposed

Governance, risk, and compliance, commonly referred to as GRC, has been a component of legacy security dogma and cyber security programs for years. It was created during a time (near the early 2000’s, depending on who you ask) when any definition of a security program was considered valid. Because of this, it persists in cyber...

Addressing the Cyber Security Resource Shortage

There is a lot of talk about a cyber security resource shortage in our discipline. I get this may seem like the case, and maybe it even is, however what I don’t understand is if the time of our cyber security resources is so valuable then why are all of us wasting so darn much...

Tips for CFOs to Stay on Top of Security

Cyber Security Tips for CFOs As organizations continue to prioritize security, CFOs are getting more involved with information security spend and even certain cyber security reporting frameworks. Here are our top tips for CFOs as they become more involved in different areas of cyber security:  Sales Process and Customer Requests  – Account for security planning...

Top 5 Reasons CFOs Should Care About Security

Why CFOs Need to Start Paying Attention to Security The current cyber security landscape is bringing itself to the forefront of company priorities, especially CFOs.  The reason for this can be attributed to the coming trends in security, especially in the way that the current state of security and the coming changes impact the bottom...

What is Progress-Based Security Program Development?

Developing Progress-Based Security Programs to Meet Company Goals We’ve discussed why a strict compliance-based approach to security doesn’t work, but these frameworks make a good starting point for progress-based approach to security. So, what does that mean?  A progress-based approach to security focuses on the ability to make good decisions, as well as the ability...

13 Reasons Strict Compliance with Cyber Security Best Practice Frameworks Don’t Mean You’re Secure

Progress-based security program development focuses on the ability to make good decisions while being able to implement those decisions in the shortest possible time frame.  Unfortunately, most organizations aren’t taking a progress-based approach to security. Instead, most are strictly complying with different best practice frameworks such as ISO 27001 or NIST 800-53, suggestions from certification...