Effective breach response in today's fast-paced and threat-filled environment means juggling several priorities at once, with organizations needing to work well with a pool of trusted forensic advisors, public relations professionals and law enforcement, just to name a few. In this session, Jim Harvey, founder and...
Outsourcing is nothing new. Industries have been embracing service providers for functions they either couldn't or didn't want to perform for years. This necessitated integrating business systems and providing these third party vendors with access to corporate networks and computer systems. The risk was generally...
Behind many of the biggest breaches is a third-party intrusion. And yet far too few organizations have an effective third-party risk management program in place, says Norman Menz III, co-founder and CTO of Prevalent, in this video interview. How must they address this gap?
Cybersecurity in the financial services industry is rapidly evolving.
Do you know how to stay ahead of the curve?
The financial sector has been a pioneer for vendor risk management (VRM) best practices for a
long time. Yet cybersecurity practices are continuing to evolve, and regulatory bodies are
focusing more on...
Increasingly, regulatory agencies are pressuring organizations to assess and attest to the cybersecurity of their business partners. In this video interview, Jay Jacobs of Bitsight Technologies discusses strategies for third-party management.
Learn how Financial Services organizations have moved from trustbased
continuous monitoring of vendor security.
The Financial Services industry has long been a pioneer in developing risk management
practices. As third party data breaches have increased in recent years, regulators...
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
Many recent breaches have exploited security weaknesses in third party vendors and suppliers
to attack organizations across all industries. In this SANS What Works Case Study, Chris
Porter, Deputy CISO at Fannie Mae details:
His experience using BitSight Security Ratings to assess the cybersecurity level of...
SANS, NIST and other industry standard methodologies offer thousands of potential questions you could ask your vendor about security. How can you determine which of them are the most important?
Security questionnaires and assessments are integral parts of comprehensive vendor
risk management (VRM) programs. But...
While vendor risk management has long been an area of concern for Financial Institutions, regulators are now looking for banks to do more and provide a higher level of assurance about the security practices of their vendors. But how? With regulators continuously raising the bar, one thing is clear: the vendor reviews...
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
Gartner, the world's leading information technology research and advisory company, has named
BitSight Technologies a "Cool Vendor" in Vendor Management for 2015. The report highlights
three vendors for offering "tools and services to support vendor risk management and improve
The federal government is licensing a government-built anomaly detection tool known as PathScan to Ernst & Young, which, in turn, will refine the software and market it. In an interview, DHS's Mike Pozmantier explains why the government is offering its technology to the private sector.
Blue Coat CTO Dr. Hugh Thompson speaks about the future of security, the constants that need attention, and lessons to be learned from the U.S. when it comes to writing meaningful breach notification laws.
Mumbai-based Meru Cabs, which offers online and mobile-app cab bookings, has been inadvertently exposing customer data to the Internet. How did the exposure occur, and what is Meru doing to address the flaw?