The National Institute of Standards and Technology (NIST) has issued special publications focused on improving Third-Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM). The NIST Cyber Security Framework (NIST CSF) special publication has become a popular option for its unique applicability to all industries with critical infrastructures. NIST CSF isn’t a light read.
The National Institute of Standards and Technology (NIST) has produced several publications addressing the different components of information technology security within the NIST 800 computer security series. Compliance across this entire NIST 800 series is expected for all internal and external service providers of government entities - such as the DoD federal agencies.
The SolarWinds supply chain attack highlighted how vulnerable supply chains are to cyberattacks. Supply chain risk mitigation has since become an essential component of risk management strategies and information security programs. To support the success of this effort, we’ve listed the top 4 supply chain security risks you need to be aware of in 2022.
The National Institute of Standards and Technology (NIST) has responded to the increased prevalence of third-party risks by specifying industry standards for securing the supply chain attack surface - the attack surface most vulnerable to third-party risks.
To remain competitive in today's market, businesses in all industries must maintain strict production regulations to decrease downtime and critical errors that could negatively impact their reputations. Organizations can't afford to wait until an event occurs to devise a problem-solving strategy. Your business provides critical products or services to its customers. Any interruption in that service could mean that your customers will seek ways to meet their needs elsewhere.
On March 9, 2022, the Securities and Exchange Commission (SEC) announced proposed rules and amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting. These proposed amendments impact all public companies subject to the reporting requirements of the Security Exchange Act of 1934. To summarize this proposal and learn how to successfully prepare for them, read on.
Given Russia's reputation for highly-sophisticated cyberattacks, the country's invasion of Ukraine has sparked justified fears of an imminent global cyberwar. While, for the time being, Putin’s cyber efforts against Ukraine are surprisingly restrained, this may not be the case for other countries.
ISO 27001 compliance provides greater assurance that an organization is adequately managing its cybersecurity practices, such as protecting personal data and other types of sensitive data. Third-party risk management (TPRM) programs can benefit immensely from implementing the relevant ISO 270001 controls to mitigate the risk of significant security incidents and data breaches.