Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

Application Risk Assessments: Why They're Important and How to Perform Them

An application risk assessment is the process of evaluating and understanding the security risks associated with an application. This information is used to help organizations make better decisions about how to protect their applications from potential attacks. By examining factors such as the number of vulnerabilities and the time needed to patch them, they are able to estimate the possibility of an attack on their application.

CISO's Guide to Data-Driven Budget for Cyber Security Spend

‍ The global economic situation is far from encouraging. The IMF’s World Economic Outlook predicts growth will again fall by 3% in 2024 as central banks continue to fight inflation. Businesses throughout all industries are expected to tighten their budgets for the upcoming year, scrutinizing and slashing spending across departments. ‍ At the same time, recent research reveals that the global cost of cyber attacks is expected to reach $10.5 trillion annually.

How Security Ratings Can Harmonize Cybersecurity Regulations

In July of this year, the Office of the National Cyber Director (ONCD) stated in its release of an RFI on regulatory harmonization that: “When cybersecurity regulations of the same underlying technology are inconsistent or contradictory—or where they are duplicative but enforced differently by different regulators … consumers pay more, and our national security suffers.” This is an understatement. SecurityScorecard agrees and was happy to share our comments with ONCD today.

Cyber Trust and Transparency

In cybersecurity, the terms “trust” and “transparency” are often mentioned. And while they should no doubt be a priority, they can also be difficult to quantify. Good CISOs recognize that transparency in cybersecurity isn’t a one-time effort. It’s a continuous process that involves a near-constant state of evolution. But with the right tools and systems in place, it’s possible to not only measure trust and transparency but improve them as well.

Identifying Assets for IT Risk Analysis

Any organization that uses information technology should conduct cybersecurity risk assessments from time to time. Each organization, however, faces its own unique set of security risks and needs to tailor its approach to addressing those specific risks within its risk management processes. To get started, you first need to identify all your organization’s IT assets, which might be subject to those risks.

What's new in Riscosity: October

Custom Descriptions Teams can now design custom descriptions to provide context as to why a finding was ignored, resolved or marked as false positive. Previously, teams were provided a set of out of the box options, for the common use cases. The new flow resembles a standard documentation process where canned and contextual responses are available to help scale internal communication.

Effective Workflow For Your Audit Management Process

External and internal audits generate better insight into your data security, yet most employees flee from the process. Audits are cumbersome, time-consuming, and often feel peripheral to most people’s daily workload. Yet, several benefits of internal auditing make it a critical component of the long-term sustainability of your organization. However, mastering an efficient workflow for your audit management process, including risk-based internal audits, can make a significant difference.

How to Resolve SSL Configuration Risks

Transport Layer Security (TLS) provides security for internet communications. TLS is the successor to the now-deprecated Secure Sockets Layer (SSL), but it is common for TLS and SSL to be used as synonyms for the current cryptographic protocols that encrypt digital communications through public key infrastructure (PKI).

Top 3 Vendor Cybersecurity IT Risk Assessment Templates

If you’re developing a vendor risk management (VRM) plan from scratch or looking to scale your existing program, a cybersecurity IT risk assessment template can help you get started. Fortunately, you have options. In this blog, we’ve listed several templates, frameworks, and checklists that can help you create a personalized vendor cybersecurity IT risk assessment questionnaire.

SEC's Cybersecurity Regulations, Part III: The Relationship Between the CISO & The Board

Cybersecurity is a top risk for corporate directors to understand and navigate. The implications of cyber events for a company are many and growing: instantly damaged reputations that erode years of credibility and trust with customers and investors, impaired profitability from customer attrition and increased operating costs, lost intellectual property, fines and litigation, and harm to a company’s people and culture.