Risk Management

Mitigate Third Party Breaches with Vendor Risk Management

Mitigate Third Party Breaches with Vendor Risk Management As we enter into the end of the first quarter of 2020, breaches as a result of third parties are expected to be a primary contributor. Reflecting upon 2019, some of the worst breaches experienced were the U.S. Customs and Border Protection, the FBI, Facebook, and Focus Brands1 to name a few. A recent analysis by Risk Based Security, uncovered an increase in incidents involving companies handling sensitive data for business partners and other clients. The total number of such third-party breaches hit 368 in 2019, up from 328 in 2018 and 273 in 2017 — a 35% increase in two years2. …

Mitigate Third Party Breaches with Vendor Risk Management Read More »

Vendor Risk Management Security Studio

Mitigating Cloud Vulnerabilities – National Security Agency

National Security Agency – Mitigating Cloud Vulnerabilities National Security Agency guidance on how to reduce overall exposure to the risk cloud presents and how to enhance your security posture. While careful cloud adoption can enhance an organization’s security posture, cloud services can introduce risks that organizations should understand and address both during the procurement process and while operating in the cloud. Fully evaluating security implications when shifting resources to the cloud will help ensure continued resource availability and reduce risk of sensitive information exposures. To implement effective mitigations, organizations should consider cyber risks to cloud resources, just as they would in an on-premises environment. This document divides cloud vulnerabilities into …

Mitigating Cloud Vulnerabilities – National Security Agency Read More »

National Security Agency - Mitigating Cloud Vulnerabilities

DHS, federal agencies urge vigilance from infrastructure operators, facilities

Then last week, the CISA published another Insights bulletin – Enhancing Chemical Security During Heightened Geopolitical Tensions – which “urges facilities with chemicals of interest (COI)…to consider enhanced security measures to decrease the likelihood of a successful attack.” COI is a term used for a list of more than 300 hazardous chemicals that if misused could cause harm to individuals, facilities or society in general, such as if they were stolen and converted into weapons. Utilities should report any physical security incidents or threats to WaterISAC (analyst@waterisac.org or 866-H2O-ISAC), their local police department, and the FBI (via a local field office). Malicious cyber activity should be reported to WaterISAC as well as to the FBI …

DHS, federal agencies urge vigilance from infrastructure operators, facilities Read More »

DHS, federal agencies urge vigilance from infrastructure operators, facilities

Recommendations for IoT Device Manufacturers

Foundational Activities and Core Device Cybersecurity Capability Baseline (2nd Draft)   Date Published: January 2020 Comments Due: February 7, 2020 Email Comments to: iotsecurity@nist.gov Author(s) Michael Fagan (NIST), Katerina Megas (NIST), Karen Scarfone (Scarfone Cybersecurity), Matthew Smith (G2) Abstract Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are, meaning the devices provide functionality that their customers need to secure them within their systems and environments, and manufacturers can also help their customers by providing them with the cybersecurity-related information they need. This publication describes voluntary, recommended activities related to …

Recommendations for IoT Device Manufacturers Read More »

Recommendations for IoT Device Manufacturers
Scroll to Top