Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Vendor Due Diligence Questionnaires: Free Template

Vendor due diligence questionnaires are a type of security questionnaire for third-party vendors or service providers that are an essential part of any third-party risk management program (TPRM) program. By using a vendor due diligence questionnaire, security teams can evaluate a new vendor’s overall risk hygiene before entering into a business partnership.

8 Steps to Cultivate a Culture of Risk Awareness in Higher Education

Over the last few years, the education industry has increased its dependency on third-party service providers, expanding the average attack surface and escalating the importance of comprehensive risk awareness. Higher education institutions that rely on large vendor ecosystems must develop robust cultures of risk awareness to safeguard their data and daily operations from cyber attacks, data breaches, and other disruptions.

Deciphering CUI: What is Controlled Unclassified Information?

In today’s interconnected digital world, safeguarding sensitive data and preventing unauthorized access is vital, especially for U.S. government agencies, contractors, and other information-sharing partners that compete for Department of Defense (DoD) contracts. While many organizations that work alongside the U.S.

Why the CISO Has Become the Chief Storytelling Officer

The role of the Chief Information Security Officer (CISO) has undergone a transformation as profound as the threats we face. Between new regulations such as SEC, NIS2, and DORA, the explosion of generative AI, and the rapidly expanding attack surface, the burden is now on cybersecurity leaders to not only protect the organization but build confidence with customers, regulators, board members, and other stakeholders. The key to building trust? Storytelling.

Examining NIST CSF 2.0: Everything you need to know

In 2014, the National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (CSF) following a presidential executive order to help organizations better understand, reduce, and communicate cybersecurity risk. In the decade since its introduction, NIST CSF has become one of the most widely recognized and utilized frameworks globally, built upon five key functions: Identify, Protect, Detect, Respond, and Recover.

How Cyber Exposure Management Strengthens Overall Enterprise Risk Management

In recent years, there's only been a handful of data breaches within public companies that could be considered financially "material." These breaches include those often pointed to as examples in cybersecurity presentations: the 2013 Target breach, the 2017 Equifax breach, the 2019 Capital One breach, and most recently, the Colonial Pipeline incident.

What Cybersecurity Metrics Should I Report to My Board?

‍ ‍ Chief information security officers (CISO) or respective organizational cybersecurity leaders are most likely well aware of the cybersecurity risks their organizations face. However, being aware of and communicating important cyber risk management data to the board of directors are two entirely different matters.

National Vulnerability Database Updates: How SecurityScorecard's CVEDetails can help

The National Vulnerability Database (NVD), the world’s most widely used vulnerability data source, has been having some problems recently, causing uncertainty and anxiety for everyone dealing with security vulnerabilities. Many organizations, including cybersecurity vendors, rely on CVE data provided by NVD. As a government organization operated by the U.S.

Top open source licenses and legal risk for developers

If you’re a software developer, you’re probably using open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges for your organization?