Moving Security Programs Forward
The last article touched on third-party risk management and how it integrates into a company’s overall security program. This time, we’re talking about automation and how it can help you make the steps of your third-party risk management processes more efficient. Automating Identification The identification of third parties is one of the most important steps in your third-party risk...
As organizations are focusing and spending more on their cyber security programs, they’re running into a new problem: staffing. With the existing cyber security resource shortage, nearly every organization needs additional cyber security staff. Whether they’re working on one-time remediation activities to address specific risks, or they need additional staff for their security programs moving...
Third-party risk management (TPRM) is a vital part of your security program’s overall risk management program. The average organization can have hundreds or even thousands of third parties and vendors that have access to their networks or handle sensitive data on their behalf, leaving a large surface open to potential cyber-attack. One of the most...
So, the whole opportunity bummer to this Internet thing is that things you post do not go away. We’ve been making predictions about coming predictions about coming security trends, so we thought we’d take a look at where we were right and where we were wrong. Below are each of the trends we identified that we saw developing in...
Governance, risk, and compliance, commonly referred to as GRC, has been a component of legacy security dogma and cyber security programs for years. It was created during a time (near the early 2000’s, depending on who you ask) when any definition of a security program was considered valid. Because of this, it persists in cyber...
There is a lot of talk about a cyber security resource shortage in our discipline. I get this may seem like the case, and maybe it even is, however what I don’t understand is if the time of our cyber security resources is so valuable then why are all of us wasting so darn much...
Cyber Security Tips for CFOs As organizations continue to prioritize security, CFOs are getting more involved with information security spend and even certain cyber security reporting frameworks. Here are our top tips for CFOs as they become more involved in different areas of cyber security: Sales Process and Customer Requests – Account for security planning...
Why CFOs Need to Start Paying Attention to Security The current cyber security landscape is bringing itself to the forefront of company priorities, especially CFOs. The reason for this can be attributed to the coming trends in security, especially in the way that the current state of security and the coming changes impact the bottom...
Developing Progress-Based Security Programs to Meet Company Goals We’ve discussed why a strict compliance-based approach to security doesn’t work, but these frameworks make a good starting point for progress-based approach to security. So, what does that mean? A progress-based approach to security focuses on the ability to make good decisions, as well as the ability...
Progress-based security program development focuses on the ability to make good decisions while being able to implement those decisions in the shortest possible time frame. Unfortunately, most organizations aren’t taking a progress-based approach to security. Instead, most are strictly complying with different best practice frameworks such as ISO 27001 or NIST 800-53, suggestions from certification...