What happens if organizations that must comply with GDPR have yet to achieve compliance, despite having had two years to do so before enforcement began? Don't panic, says cybersecurity expert Brian Honan, but do be pursuing a data privacy transparency and accountability action plan.
Leading the latest edition of the ISMG Security Report: Reports on the impact enforcement of the EU's General Data Protection Regulation, which began Friday, will have on the healthcare and banking sectors. Plus an assessment of GDPR compliance issues in Australia, which offer lessons to others worldwide.
It's a complicated cybersecurity ecosystem for most organizations, which manage dozens of third-party relationships. Yet, they often rely on manual processes to manage their security risks. Sam Kassoumeh of SecurityScorecard discusses the value of automated security ratings.
CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.
As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. Cloud systems and images have operating system and component vulnerabilities just like those in the enterprise. For example, Heartbleed, Shellshock and other major bugs can affect cloud systems, and there are new issues to...
As a long-time security leader, Qualys CISO Mark Butler has watched the evolution of security tools and platforms. The best-of-breed approach still has value, but also has failed us, he says. How can automation and orchestration provide new business value?
Patch or perish to protect against Meltdown and Spectre attacks, and prepare to keep patching as Intel, AMD and ARM, as well as makers of devices running Apple, Google and Windows operating systems, including Apple iOS and Android smartphones and tablets, continue to refine their fixes.
From GDPR to the NIST Cybersecurity Framework, vendor risk management is a key component of every new piece of cybersecurity guidance. Yet, security leaders still struggle to inventory and assess their strategic partners. Sam Kassoumeh of SecurityScorecard explores the challenges.
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
Many organizations trying to secure privileged access for employees or vendors focus solely on the privileged credentials or identities. But that's only half the battle. Securing the access pathways is just as critical to protecting your critical systems and data from cyber threats. This session outlines the six steps...
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? How do you prepare for this new generation of cybersecurity regulations?
Download this eBook that discusses:
Common threads in GDPR, NIST framework and other guidance
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.
Many organizations trying to secure privileged access for employees or vendors focus solely on the privileged credentials or identities. But that's only half the battle. Securing the access pathways is just as critical to protecting critical systems and data from cyber threats. This session outlines the six steps...