New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
Many recent breaches have exploited security weaknesses in third party vendors and suppliers
to attack organizations across all industries. In this SANS What Works Case Study, Chris
Porter, Deputy CISO at Fannie Mae details:
His experience using BitSight Security Ratings to assess the cybersecurity level of...
SANS, NIST and other industry standard methodologies offer thousands of potential questions you could ask your vendor about security. How can you determine which of them are the most important?
Security questionnaires and assessments are integral parts of comprehensive vendor
risk management (VRM) programs. But...
While vendor risk management has long been an area of concern for Financial Institutions, regulators are now looking for banks to do more and provide a higher level of assurance about the security practices of their vendors. But how? With regulators continuously raising the bar, one thing is clear: the vendor reviews...
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
Gartner, the world's leading information technology research and advisory company, has named
BitSight Technologies a "Cool Vendor" in Vendor Management for 2015. The report highlights
three vendors for offering "tools and services to support vendor risk management and improve
The federal government is licensing a government-built anomaly detection tool known as PathScan to Ernst & Young, which, in turn, will refine the software and market it. In an interview, DHS's Mike Pozmantier explains why the government is offering its technology to the private sector.
Blue Coat CTO Dr. Hugh Thompson speaks about the future of security, the constants that need attention, and lessons to be learned from the U.S. when it comes to writing meaningful breach notification laws.
Mumbai-based Meru Cabs, which offers online and mobile-app cab bookings, has been inadvertently exposing customer data to the Internet. How did the exposure occur, and what is Meru doing to address the flaw?
Target is the high-profile example, but many organizations have been breached through third-party vulnerabilities. Where are the security gaps, and how can they be filled? BitSight's Stephen Boyer offers insight.
Retailers cannot avoid innovation. Yet, cybercriminals thrive when retailers innovate. What, then, can retailers do to stop cybercriminals from breaching their defenses? Here are three key questions to answer.
A Government Accountability Office report on agencies' oversight of the security of contractor-operated IT systems contains the revelation that the U.S. government does not know how many of its systems are run by vendors.
To protect their privacy, organizations should get their IT security staffs involved in vendor-requested audits conducted to verify software licensing agreement compliance, says Gartner Research Director Victoria Barber.
With many organizations pushing outsourcing to its limits, regulators and standards bodies (e.g., MAS, OCC, BaFin, FCA, FedRAMP, BITS, NERC, NEI, ISO, PCI Security Council, AICPA, and Cloud Security Alliance) are increasingly putting an emphasis on having a strong and effective supplier risk management framework....