Just as you would map a hike or climb by creating waypoints you plan to hit each day, you must plan your vulnerability management process by creating similar goals. We call these goals Maturity Levels, from ML0 to ML5, as we defined them in the last blog. You have your asset inventory from an open-source tool, asset tracking database or maybe your preferred vulnerability assessment tool. Now it is time to climb to the first waypoint ML0.

At Reciprocity, our mission has always been to simplify the way your organization manages risk and compliance, and to encourage transparency and trusted relationships with your key stakeholders. With ZenGRC, we delivered the industry’s best GRC solution and simplified a traditionally complicated tool to make it easy for CISOs, CROs and CCOs to manage their organization’s information security. Today, we are excited to announce our next massive milestone: ZenConnect.

As a Professional Services Consultant, I have the pleasure of traveling all around the globe meeting clients and talking to a wide variety of IT security professionals who form the front line of defence against malware. One of my favorite topics is how people got their start in their careers in IT, but when I start discussing my own early years and touch upon my university studies, I’m often surprised by the number of people who do a double take when I share my chosen subject.

Even though the healthcare industry has been slower to adopt Internet of Things technologies than other industries, the Internet of Medical Things (IoMT) is destined to transform how we keep people safe and healthy, especially as the demand for lowering healthcare costs increases. The Internet of Medical Things refers to the connected system of medical devices and applications that collect data that is then provided to healthcare IT systems through online computer networks.

If you’re not in the IT industry, all the technical terms for malicious attacks on computer network systems can be confusing. It’s also pretty easy to think you know what you’re talking about but actually have not got it right. In today’s blog post, we’re going to tackle viruses and malware, a couple of the most-used terms when talking about email threat protection, and figure out how you can address them.

A data breach is a security incident where sensitive, protected confidential information is copied, transmitted, viewed, stolen or used by a person or persons with unauthorized access. Data breaches can involve financial information like credit card numbers or bank account details, personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.

Texas’ Department of Information Resources (DIR) launched an investigation into the attacks once they learned of the incident this week. Based on the collected evidence, cyber security officials suspect the attacks to be orchestrated by a single person where the bad actor encrypted files and appended the .JSE extension to the encrypted files.

A biometrics system used to secure more than 1.5 million locations around the world – including banks, police forces, and defence companies in the United States, UK, India, Japan, and the UAE – has suffered a major data breach, exposing a huge number of records. South Korean firm Suprema runs the web-based biometric access platform BioStar 2, but left the fingerprints and facial recognition data of more than one million people exposed on a publicly accessible database.

As technology continues to pervade modern-day society, security and trust have become significant concerns. This is particularly due to the plethora of cyber attacks that target organizations, governments and society. The traditional approach to address such challenges has been to conduct cybersecurity risk assessments that seek to identify critical assets, the threats they face, the likelihood of a successful attack and the harm that may be caused.

Information security or infosec is concerned with protecting information from unauthorized access. It's part of information risk management and involves preventing or reducing the probability of unauthorized access, use, disclosure, disruption, deletion, corruption, modification, inspect, or recording.