Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

Understanding Risk Assessment in the Manufacturing Industry

Supervisory Control Data Acquisition Systems (SCADA) communicate with industrial control systems (ICS) to provide manufacturers monitoring and analysis in real-time. However, the SCADA systems, established initially in the 1960s, cannot keep pace with the speed at which cybercriminals evolve their threat methodologies. Understanding risk assessment in the manufacturing industry means recognizing the concerns specific to these technologies.

Risk Mitigation in Software Engineering

Developing software while maintaining its embedded security can feel like the “Impossible Dream.” As you update your product, you’re potentially adding new vulnerabilities. As part of the risk management process in software engineering, you need to work with cybersecurity professionals throughout the software development life cycle (SDLC) to create a mature security profile.

6 Steps to Performing a Cybersecurity Risk Assesment

If you ever purchased a “one-size-fits-all” item of clothing, you know that it’s never really going to fit everyone. Some people are too shirt and others too tall. Most cybersecurity standards and regulatory requirements recognize the same limitations apply to cybersecurity. Multinational corporations have different needs when compared to small and mid-sized organizations.

Top 7 Tips for Improving Cyber Risk Management in 2019

With the constant barrage of headlines regarding breaches in the last few years, it seems that society in general has become numb to losing personal data. This year’s overarching cybersecurity theme is clear: We’re all in this together because we simply can’t do it alone. Effective defense demands a team effort where employees, enterprises, and end users alike recognize their shared role in reducing cybersecurity risks.

KPI's For Evaluating Your Vendor Management Program

Creating a vendor management program is difficult. However, that’s only the first part of the process. To fully implement your plan, you need to measure its effectiveness at reducing risk. To do that, you need objective key performance indicators (KPIs) for determining how well your vendors comply with the outlined controls in the service level agreement.

Risk Management Planning: What Is It?

We all live in a world full of "what ifs." In data protection, the "what ifs" of data security control effectiveness can drastically change in a spur of the moment. If a malicious actor finds a zero-day exploit or even a previously unknown vulnerability, he/she can cause a domino effect data breach that cuts across your entire IT supply chain.

Risk Appetite vs Risk Tolerance

Although often used interchangeably, risk appetite and risk tolerance distinguish themselves from one another in a nuanced way. While most regulations and standards focus on the risk management process, few clearly define the differences between these terms in a meaningful way. However, to create an effective cybersecurity program, you need to be able to separate risk appetite from risk tolerance so that you can develop appropriate controls to protect data.

Third-Party Credentials and Vendor Risk: Safeguard Your Applications

Your primary systems aren’t the only source of damaging exposed credentials. Third-party applications employed by your organization also have privileged logins that must be protected. Cloud platforms, software as a service (SaaS), and local third party applications such as ERP systems often have administrative logins with full control.

Redefining the Meaning of Operational Risk

The definition of “operational risk” is variable but it generally covers the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. I, however, want to re-examine this general definition, so that the definition of operational risk takes into account all the cybersecurity-related risks that are currently plaguing organizations today. With the current definition, one cannot quantify internal processes and people.