Risk Management

Understanding GDPR Vendor Management and Compliance for your Business

Oct 2, 2023 By SecurityScorecard In SecurityScorecard

General Data Protection Regulation (GDPR) is a framework for data protection that gives strict obligations for organizations within the European Union. For many businesses, understanding and implementing GDPR vendor management is a daunting task. That’s why we are going to break down what GDPR vendor management is, who is involved in it, and what the requirements are.

Read Post

SecurityScorecard

Read more about Understanding GDPR Vendor Management and Compliance for your Business

How to Discover and Secure Open Port Vulnerabilities

Oct 1, 2023 By Sabrina Pagnotta In BitSight

Open port vulnerabilities pose a significant security risk to your organization. If left exposed, ports are a gateway for hackers to breach your network and steal your data. But what are open ports, why are they a security risk, and what can you do to close open port vulnerabilities? Let’s answer your open port questions.

Read Post

BitSight

Read more about How to Discover and Secure Open Port Vulnerabilities

Effective Risk Management: The COSO ERM Framework

Sep 29, 2023 By Leah Sadoian In UpGuard

Enterprise risk management (ERM) frameworks allow organizations to identify, assess, manage, and monitor risks across all levels of an organization. One of the most well-known approaches to ERM is the COSO ERM framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The framework offers guidelines and best practices for organizations seeking to achieve a balanced perspective on risk.

Read Post

UpGuard

Read more about Effective Risk Management: The COSO ERM Framework

Qualitative vs. Quantitative Cybersecurity Risk Assessment

Sep 28, 2023 By SecurityScorecard In SecurityScorecard

Risk mitigation is at the heart of cybersecurity. By connecting to the Internet, implementing upgraded IT systems, or adding a new vendor to your organization, you are automatically exposing your business to some level of cyber risk. With outsourcing on the rise and a growing reliance on vendors who are processing, storing, and transmitting sensitive data, assessing and mitigating risk is becoming increasingly important.

Read Post

SecurityScorecard

Read more about Qualitative vs. Quantitative Cybersecurity Risk Assessment

Overcoming Cybersecurity Headwinds Part 2: Automation and Repurposing Time Savings

Sep 27, 2023 By Vanessa Jankowski In BitSight

Welcome back to our Overcoming Cybersecurity Headwinds blog series—inspired by my latest webinar about third party risk with Marc Crudginton, CISO at Howard Hughes Corporation. In our last blog, we explored the wisdom of centrally managing cyber risk efforts across your organization and your third-party supply chain—a strategy that helps you do more with less in an era of budget constraints. Today, we dive deeper into the core of efficient Third Party Risk Management (TPRM): Automation.

Read Post

BitSight

Read more about Overcoming Cybersecurity Headwinds Part 2: Automation and Repurposing Time Savings

Combining IT and OT security for enhanced cyber risk management

Sep 27, 2023 By Irfan Shakeel In AT&T Cybersecurity

Historically, IT and OT have operated in separate worlds, each with distinct goals and protocols. IT, shaped by the digital age, has always emphasized the protection of data integrity and confidentiality. In this space, a data breach can lead to significant consequences, making it crucial to strengthen digital defenses. On the other hand, OT, a legacy of the Industrial Revolution, is all about ensuring machinery and processes run without interruptions.

Read Post

AT&T Cybersecurity

Read more about Combining IT and OT security for enhanced cyber risk management

How we operationalize security risk assessments at Vanta

Sep 27, 2023 By Vanta In Vanta

This post is part of an ongoing series where you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta—and most importantly, our customers—secure. In today’s post, you’ll hear from Rob Picard, who leads Vanta’s Security team, and Matt Cooper, who leads Vanta’s Privacy, Risk, & Compliance team. ‍

Read Post

Vanta

Read more about How we operationalize security risk assessments at Vanta

Over 53% of Organizations Have An Internet-Exposed Vulnerability

Sep 27, 2023 By SecurityScorecard In SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about Over 53% of Organizations Have An Internet-Exposed Vulnerability

GDPR Compliance Guide: A 9-Step Checklist

Sep 27, 2023 By SecurityScorecard In SecurityScorecard

With many nuances to consider, adhering to the General Data Protection Regulation (GDPR) requirements can be a daunting task. After all, the entirety of the GDPR consists of a whopping 99 Articles. Fortunately, by following a GDPR security checklist, you can help your organization ensure that all required facets of data security are covered without sifting through pages and pages of legalese.

Read Post

SecurityScorecard

Read more about GDPR Compliance Guide: A 9-Step Checklist

A Deep Dive into the Exploit Prediction Scoring System EPSS

Sep 27, 2023 By Nucleus In Nucleus

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS’s goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data.

View Video