Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview.
After suffering one of the worst data breaches in history, in which 145.5 million U.S. consumers' personal details were stolen, credit bureau Equifax has hired Jamil Farshchi to serve as its new CISO. Farshchi joins from Home Depot, which hired him after suffering a massive data breach.
As a long-time security leader, Qualys CISO Mark Butler has watched the evolution of security tools and platforms. The best-of-breed approach still has value, but also has failed us, he says. How can automation and orchestration provide new business value?
Patch or perish to protect against Meltdown and Spectre attacks, and prepare to keep patching as Intel, AMD and ARM, as well as makers of devices running Apple, Google and Windows operating systems, including Apple iOS and Android smartphones and tablets, continue to refine their fixes.
From GDPR to the NIST Cybersecurity Framework, vendor risk management is a key component of every new piece of cybersecurity guidance. Yet, security leaders still struggle to inventory and assess their strategic partners. Sam Kassoumeh of SecurityScorecard explores the challenges.
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.
As the GDPR enforcement date edges closer, organizations remain unprepared to comply, says BitSight's Elizabeth Fischer - especially when it comes to vendor risk management. What - beyond contracts - do organizations need?
Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."
Security comes to Las Vegas this week in the form of Black Hat USA 2017. Hot sessions range from an analysis of power grid malware and "cyber fear as a service" to details of two major hacker takedowns and how the world's two largest ransomware families cash out their attacks.
Organizations rely on a variety of outside firms to deliver security services. But how can they get the most value? Catherine Buhler, CISO of BlueScope Steel, shares how she challenges managed security services providers.
Worried about the use of encryption by terrorists, Australia plans to lobby its key signal intelligence partners at a meeting in Canada for the creation of new legal powers that would allow access to scrambled communications. But Australia says it doesn't want backdoors. So what does it want?
Two researchers who launched a crowdsourced effort to subscribe to the Shadow Brokers' monthly leak of stolen Equation Group exploits - on behalf of the entire information security community - have dropped their effort, citing legal concerns.