Data Breaches in Healthcare and Pharma

Every year IBM Security sponsors and publishes the Cost of a Data Breach Report based on research from the Ponemon Institute. The report for 2020 is an 84-page resource with valuable information regarding not only the cost of breaches, but also insight into mitigating factors, and data breach trends. This article takes a focused look...

Remote Work and Cyber Hygiene

Everyone's been working from home for a while now, but just because we're getting used to the remote work lifestyle doesn't mean that cyber-attacks are any less possible or relevant. Many organizations have adopted or created a remote work policy and adjusted security processes accordingly, but these should be assessed and improved regularly, just as any other aspect of...

Using Assessments for Security Program Progress

What is a security program assessment? How often does an organization need to conduct one? Do you have to outsource assessments?These are questions people often ask in security, and this article will go through the basics of a security program assessment and what to keep in mind to make the most of them to improve...

Vendor Risk Management: What to Address

What is a vendor risk management program? Vendor risk management, also referred to as third-party risk management is a common component of many organizations, but many of the problems that organizations and security teams encounter haven’t changed.  The hurdles organizations face can commonly be broken down into three categories: the current approach for third-party risk, technology associated with these processes, and the resources or people...

9 Issues in Cyber Security Talent Development

Many studies have shown that there is a talent gap in cyber security and given the current state of cyber security’s talent development practices, it’s not surprising.  This talent gap is a contributing factor to the overall resource shortage as well as a lack of diversity throughout cyber security and technology companies as a whole.  This...

Building an Effective Security Program Roadmap

The pressure is on for cyber security teams to build effective security programs that can effectively stay on top of the changing threat landscape while simultaneously meeting business needs.  The work of an effective security program is never done but keeping up with changing demands and requirements can quickly become overwhelming.  Establishing a roadmap can provide guidance...

Creative Solutions to Cyber Security Problems

CISOSHARE has always been dedicated to helping organizations improve their security programs. Throughout the years, our team has been able to implement security programs in organizations of all sizes and industries. Much of our success can be attributed to the learning and teaching culture that guides our actions, both with clients and the way that we guide the development of our team.  Keeping Up...

CISOSHARE COVID-19 Cyber Security Progress Model

This forward-looking model is designed to support cyber security planning activities from the perspective of before, during and, after a pandemic event occurs. The goal of the model is to forecast the world and business landscapes in each phase to help organizations best consider and understand cyber security needs and activities in the coming landscape.  To accomplish this, we have created a 3-phase model that first aligns...

COVID-19 Cyber Security Tips to Make Progress in Uncertain Times

In any rapidly changing or fearful time, we’ve always found that it’s most helpful to contribute where we can, to help move each other forward and bring hope.  While I’m not an expert in the details of healthcare and specifics to COVID-19, there are many parallels in this world crisis — especially in how it affects businesses — and the cyber security crises that the CISOSHARE team sees...

Automating Third-Party Risk Management

The last article touched on third-party risk management and how it integrates into a company’s overall security program.  This time, we’re talking about automation and how it can help you make the steps of your third-party risk management processes more efficient.  Automating Identification  The identification of third parties is one of the most important steps in your third-party risk...