Risk Management

Meeting Third-Party Risk Requirements of DORA in 2024

Apr 8, 2024 By Edward Kost In UpGuard

The deadline for achieving complaince with the Digital Operational Resilience Act (DORA) will be here before you know it, with enforcement beginning in January 2025. With Third-Party Risk Management being the central focus of the EU regulation, it’s imperative to cater your TPRM program to the DORA regulation to achieve sustainable compliance. In this post, we outline the DORA requirements related to third-party risk management and explain how to comply with them.

Read Post

UpGuard

Read more about Meeting Third-Party Risk Requirements of DORA in 2024

How exposure management can help CISOs benchmark their security posture against industry peers--and why that's important

Apr 8, 2024 By Jai Vijayan In BitSight

Digital transformation initiatives and the adoption of cloud, mobile, and remote work models have eviscerated the traditional security perimeter. Enterprise assets are distributed across the cloud, endpoints, mobile, and personally owned devices and expanded the attack surface in the process. Organizations are increasingly vulnerable to attack via unknown and unmanaged Internet-facing assets.

Read Post

BitSight

Read more about How exposure management can help CISOs benchmark their security posture against industry peers--and why that's important

Managing risk at scale

Apr 8, 2024 By Charlotte Freeman In Synopsys

Enterprise organizations face big challenges in managing software application risk at scale. With hundreds of developers working on thousands of applications across numerous business units, the complexity of ensuring security throughout the software development life cycle (SDLC) is staggering.

Read Post

Synopsys

Read more about Managing risk at scale

Perspective-Driven Probability: Simplifying Risk Assessment with FAIR Methodology

Apr 8, 2024 By Razorthorn In Razorthorn

Explore the nuanced nature of probability and risk assessment in this insightful video. Join us as we navigate the diverse perspectives that shape individual interpretations of what's probable. Discover how the FAIR (Factor Analysis of Information Risk) methodology provides a structured approach to understanding and communicating risk, making it accessible not only to the creator but to a wider audience. Gain insights into the challenges of assigning probabilities to uncertain events with limited data, and learn how FAIR methodology offers clarity in the face of uncertainty.

View Video

Razorthorn

Read more about Perspective-Driven Probability: Simplifying Risk Assessment with FAIR Methodology

Third-Party Risk Management vs Vendor Risk Management

Apr 5, 2024 By Leah Sadoian In UpGuard

Organizational risk management often mentions third-party risk management (TPRM) and vendor risk management (VRM). The cybersecurity industry commonly uses these terms interchangeably, but there is a distinct difference between these two crucial components of an organization's broader risk management strategy.

Read Post

UpGuard

Read more about Third-Party Risk Management vs Vendor Risk Management

Vendor Due Diligence Questionnaires: Free Template

Apr 5, 2024 By Leah Sadoian In UpGuard

Vendor due diligence questionnaires are a type of security questionnaire for third-party vendors or service providers that are an essential part of any third-party risk management program (TPRM) program. By using a vendor due diligence questionnaire, security teams can evaluate a new vendor’s overall risk hygiene before entering into a business partnership.

Read Post

UpGuard

Read more about Vendor Due Diligence Questionnaires: Free Template

8 Steps to Cultivate a Culture of Risk Awareness in Higher Education

Apr 5, 2024 By Nicholas Sollitto In UpGuard

Over the last few years, the education industry has increased its dependency on third-party service providers, expanding the average attack surface and escalating the importance of comprehensive risk awareness. Higher education institutions that rely on large vendor ecosystems must develop robust cultures of risk awareness to safeguard their data and daily operations from cyber attacks, data breaches, and other disruptions.

Read Post

UpGuard

Read more about 8 Steps to Cultivate a Culture of Risk Awareness in Higher Education

Deciphering CUI: What is Controlled Unclassified Information?

Apr 5, 2024 By Nicholas Sollitto In UpGuard

In today’s interconnected digital world, safeguarding sensitive data and preventing unauthorized access is vital, especially for U.S. government agencies, contractors, and other information-sharing partners that compete for Department of Defense (DoD) contracts. While many organizations that work alongside the U.S.

Read Post

UpGuard

Read more about Deciphering CUI: What is Controlled Unclassified Information?

Website References Object Storage

Apr 5, 2024 By SecurityScorecard In SecurityScorecard

Is the "Website References Object Storage" issue type bringing your rating down and you don't know what to do about it? Watch this short video which explains what these are and what you can do to improve them. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about Website References Object Storage

HTTP Proxy Service Detected

Apr 5, 2024 By SecurityScorecard In SecurityScorecard

Is the "HTTP Proxy Service Detected" issue type bringing your rating down and you don't know what to do about it? Watch this short video which explains what these are and what you can do to improve them. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video