Traditional cybersecurity risk management remediation efforts start with cybersecurity risk assessments and penetration testing. This commonly involved outsourcing to a consultant who would offer the assessment as a standalone service or as part of a larger risk management program. The issue is cyber risk assessments offered by third-parties only provide a point-in-time assessment of your (or your vendor's) security controls, an inaccurate measure of the true level of risk.

The increasing number of third-party data breaches and the sensitive information they expose have negatively impacted consumer trust. Third-party breaches occur when sensitive data is stolen from a third-party vendor or when their systems are used to access and steal sensitive information stored on your systems. In today's interconnected economy, companies rely on third-parties.

The information security landscape is constantly evolving, which is why it's so important to stay up to date with the latest trends, threats, and advancements. Given that a Google search for cybersecurity websites produces millions of results, we thought we thought we'd compile a list of the best. Adam Shostack & friends is a group blog on security, liberty, privacy, and economics.

Third-party risk management (TPRM) is the process of analyzing and minimizing risks associated with outsourcing to third-party vendors or service providers. This is commonly known as third-party risk or vendor risk and can include financial, environmental, reputational, and security risks due to a vendor's access to intellectual property, sensitive data, personally identifiable information (PII), and protected health information (PHI).

An insider threat is a threat to an organization that comes from negligent or malicious insiders, such as employees, former employees, contractors, third-party vendors, or business partners, who have inside information about cybersecurity practices, sensitive data, and computer systems.

You're probably familiar with the defense-in-depth or castle and moat approach to cybersecurity. It remains a common model that organizations use to think through their information security. However, as organizations have matured they have sought out new models to enable them to better understand how cyber attackers operate and how best to defend against them.

The Server Message Block Protocol (SMB Protocol) is a client-server communication protocol used for sharing access to files, printers, serial ports, and data on a network. It can also carry transaction protocols for authenticated inter-process communication. In short, the SMB protocol is a way for computers to talk to each other. SMB works through a client-server approach, where a client makes specific requests and the server responds accordingly. This is known as a response-request protocol.

Data is rapidly becoming one of the most valuable assets in the modern world. The digital giants that monopolize data are arguably the most powerful companies in the world, prompting ongoing conversations about anti-trust legislation and digital privacy. Despite the overwhelming value controlled by these entities, as we'll see, even companies such as Facebook are vulnerable to the byproduct of the rapid move to digitization – the data breach epidemic.