Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

IT Security Risk Assessment Methodology: Qualitative vs Quantitative

Formulating an IT security risk assessment methodology is a key part of building a robust information security risk management program. The two most popular types of risk assessment methodologies used by assessors are: A risk assessment is a process that aims to identify cybersecurity risks, their sources and how to mitigate them to an acceptable level of risk.

Vendor Risk Assessment Questionnaire Template

A vendor risk management questionnaire (also known as a third-party risk assessment questionnaire or vendor risk assessment questionnaire) is designed to help your organization identify potential weaknesses among your third-party vendors and partners that could result in a data breach, data leak or other type of cyber attack.

California Confidentiality of Medical Information Act vs. HIPAA

Patient health information is governed by robust rules that determine how this data is handled, stored, and accessed. Federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) and various state laws strengthen patient rights. HIPAA set a baseline for regulatory compliance with patient health information. Under the “preemption” language in the rule, no state may create less effective or weaker medical privacy protection for individuals.

NIST CSF Categories and Framework Tiers

NIST CSF stands for the National Institute of Standards and Technology Cybersecurity Framework. The NIST CSF consists of best practices, standards, and guidelines to manage cybersecurity program risk. This voluntary framework is divided into three primary parts: the framework core, profiles, and tiers. The NIST CSF core comprises five functions, where each function are further broken down into categories and subcategories. There are currently 23 categories and 108 subcategories in the NIST CSF.

3 Trends Where Technology Can Simplify Vendor Risk Management

Vendor risk management is the practice of governing third-party access to company data. This is a critical aspect of an organization since vendors view your business information when providing their services. For some, this can turn into a severe vulnerability that can lead to data breaches. In fact, in the past five years, vendors like Home Depot and Target were responsible for those incidents, as reported by Forbes.

How to Maintain ISO 9001 Certification

It’s not easy for an organization to implement the International Organization for Standardization (ISO) 9001 and obtain an ISO certification for the standard. But just because you’ve achieved ISO 9001:2015 (the latest version) certification, doesn’t mean your work is done. That’s because your company has to be continually audited to ensure it still meets the requirements of the ISO 9001 standard.

ISO 9001 Quality Management Principles

ISO 9001 is the international standard for quality management systems (QMS), published by the International Organization for Standardization (ISO). ISO standards are the most widely used quality management standards worldwide. Increasingly, your customers are looking for a guarantee that the products they’re buying from you have gone through quality management best practices. Adopting the ISO 9001 standard is one step toward offering that guarantee.

Featured Post

What To Know About User Behavior Analysis

Over the last few years, significant strides have been made in artificial intelligence (AI). Businesses, both big and small, are finally finding value in the data at their disposal. Big data is no longer a buzzword but a critical tool used by both governments and businesses in many. User Behavior Analysis (UBA) is one of the practical implementations of big data today, coupled with deep learning algorithms. UBA is used to make sense of every day user activity in any setting to predict patterns and help in decision making.

What is Cyber Risk?

Cyber risk is defined as exposure to harm or loss resulting from data breaches or cyber attacks on information systems, information technology and information security. However, this definition must be broadened. A better, more encompassing definition is the risk of financial loss, disruption or reputational damage due to the failure of an organization's cybersecurity strategy.

Lessons learned conducting an information security risk assessment

In an age where businesses are relying more than ever on the rapid advancements in technology to drive innovation, strategy, growth and competitive advantage, it is clear the prevalence of technology is not slowing down. But the increase in new devices and systems that utilize connectivity, as well as the transition to the network of devices and systems that were traditionally air-gapped, brings with it an increased cybersecurity risk.