Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2023

A Guide to Vendor Relationship Management

Vendor relationship management is a process focused on overseeing relationships with third-party vendors. Vendors can range from small independent contractors for one-time projects to multi-year business partners critical to an organization’s success. Companies rarely handle all their business in-house and independently.

8 Third-Party Risk Management Challenges + Solutions and Tips

An effective third-party risk management (TRPM) program allows organizations to assess potential vulnerabilities and mitigate security risks across their entire ecosystem of vendors and suppliers. If your organization is expanding its third-party ecosystem by relying on partnerships to execute core operations, creating an effective TPRM plan is critical to regulating data risks across your growing attack surface.

What is the VCDPA? Comprehensive Guide + Compliance Tips

The Virginia Consumer Data Protection Act (VCDPA) was the second comprehensive consumer privacy law passed in the United States. The act followed the California Consumer Privacy Act (CCPA) and took effect on January 1, 2023. Commercial organizations that conduct business in Virginia and process consumer data will be the most affected by the VCDPA. Learn how UpGuard’s comprehensive cybersecurity solution can help your business remain compliant>

What is TX-RAMP? Full Compliance Guide

TX-RAMP (Texas Risk and Authorization Management Program) is a cybersecurity program that was modeled after the similarly named FedRAMP and StateRAMP programs to ensure that cloud computing services that work with federal or state agencies have adequate security controls in place. TX-RAMP was created by the Texas Department of Information Resources (DIR) to provide a method to review the security measures taken by cloud-based products and services that process and transmit data to Texas state agencies.

Choosing a Healthcare Attack Surface Management Product

With its treasure trove of sensitive information swirling inside vulnerable legacy software, the healthcare industry fits the profile of an almost textbook-perfect cyber attack target. This is why ransomware attacks are so popular within the healthcare sector. Threat actors have very little trouble getting into the industry’s network, and they know the data they compromise is too valuable to end up on the dark web.

Choosing a Tech Attack Surface Management Product

With cybercriminals continuously improving their breach tactics, the tech industry can no longer solely rely on point-in-time cyber resilience evaluations like penetration testing. Point-in-time assessments now must be combined with continuous attack surface management for the most comprehensive awareness of data breach risks.

What is SSL Certificate Expiration?

Your site has been configured with a SSL/TLS certificate from a trusted authority, but you're receiving risk findings that say your SSL certificate expired or is expiring. How can that be and what does it mean for your organization's cybersecurity? SSL/TLS certificates provide a critical security layer for your public web systems using the transport layer security (TLS) protocol (and its predecessor secure sockets layer or SSL).

Biggest Data Breaches in France [Updated 2023]

According to the latest cybersecurity report of CNIL, the French data protection supervisor, France has seen a record of personal data breaches in 2021 — a near 80% increase from 2020. The CNIL carried out strict regulatory measures on French businesses and organizations in 2021, sending 135 formal notices that resulted in €214 million in fines and 18 sanctions. Nine sanctions were for inefficient data security.

What are Vulnerability Disclosure Programs?

Vulnerability disclosure programs (VDPs) are structured frameworks or processes for organizations to document, submit, and report security vulnerabilities to all other relevant organizations. Being ready and able to address vulnerabilities before they become problems is an essential part of any cybersecurity strategy. While VDPs are not currently required by law, the U.S. government encourages vulnerability disclosure programs as a proactive approach to cybersecurity.

Choosing a Finance Attack Surface Management Product

The financial sector is home to the most coveted category of sensitive data amongst cybercriminals - customer financial information. As such, cybercriminals are continuously pounding against the industry’s cyber defenses, often finding their way through. The good news is financial institutions could minimize their data breach risks with the right attack surface management product. To learn which key features to look for in an ideal ASM product optimized for the financial sector, read on.

What is the Texas Data Privacy and Security Act (TDPSA)?

The Texas Data Privacy and Security Act (TDPSA) was enacted on June 18, 2023, making Texas the tenth U.S. state to authorize a comprehensive privacy law that protects resident consumers. The TDPSA borrows many statutes from other state privacy laws, mainly the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act (CCPA).

What is the CMMC (Cybersecurity Maturity Model Certification)?

The Cybersecurity Maturity Model Certification (CMMC) is a US Department of Defense (DoD) certification framework that aims to protect sensitive information handled by Defense Industrial Base (DIB) contractors by establishing a set of cybersecurity standards and best practices to follow. DIB partners often handle critical DoD information and other government data to operate, which typically has various levels of sensitivity and classification.

Exploring the Nevada Privacy Law (NRS 603A) and its Impact on Data Protection

When the Nevada Revised Statutes Chapter 603A (Nevada Privacy Law) was first proposed, it only required businesses to notify consumers in the event of a data breach. Since then, the law has been expanded and amended on several occasions. Today, the law grants resident consumers various privacy rights and requires operators and data brokers to adhere to strict data protection regulations.

Top 8 Vanta Competitors & Alternatives: Comparison & Review

Finding the perfect cybersecurity SaaS solution can be difficult considering the numerous factors that must be considered, such as the industry your organization operates in, the number of vendors your organization manages, the budget available to find a suitable security solution, and the specific use cases for your organization. Part of the selection process is to trial many different products so you can compare multiple services and find the best solution for your organization’s needs.

How to Respond: CVE-2023-27997 (Fortigate SSL VPN)

A critical vulnerability in FortiGate SSL VPN could allow hackers to access vulnerable systems and inject malicious code, even if Multi-Factor Authentication (MFA) is enabled. To learn how to identify whether your Fortinet product is impacted and how to quickly secure it, read on. Learn how UpGuard simplifies Vendor Risk Management >

Best Software for Managing the External Attack Surface in 2023

Your choice of external attack surface management software could significantly reduce your data breach risks, but only if it has the proper set of features. To learn which features to look out for in an external ASM solution, read on. Learn how UpGuard simplifies Attack Surface Management >

Choosing Cyber Risk Remediation Software in 2023 (Key Features)

Effective remediation management is critical as it has the greatest positive influence on your cybersecurity risk management lifecycle. Efficient remediation ensures vulnerabilities are completely addressed, supporting compliance management efforts and a healthy security posture, reducing overall data breach risks. Poor remediation burdens security teams with avoidable incident responses, distracting them from emerging cyber threats bloating remediation backlogs.

Executive Order 13800 on Cybersecurity Policy and Practice

On May 11, 2017, President Trump signed Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The intention was to reduce cybersecurity risks to national security by improving federal agencies’ cybersecurity and information technology (IT) systems. The executive order holds the heads of federal agencies accountable for their agencies’ risk management practices.

Exploring the Colorado Privacy Act (CPA) and its Implications for Consumer Data Protection

On July 7, 2021, Colorado became the third U.S. state to establish regional data privacy legislation. Colorado included the legislation in Senate Bill 21-190, which was signed into action by Governor Polis. The Colorado Privacy Act (CPA), also called the Colorado Privacy Law, became effective on July 1, 2023.

What is CISPA? A Guide to the Cyber Intelligence Sharing and Protection Act

The Cyber Intelligence Sharing and Protection Act (CISPA) was first introduced in 2011 by Representative Mike Rogers, the chairman of the House Select Committee on Intelligence Committee), and 111 co-sponsors. Although the House of Representatives originally passed the bill on April 25, 2012, it was later rejected by the US Senate. Since then, it has been reintroduced several times, but Congress has not passed the bill despite amendments made in good faith following criticism of some propositions.

DFARS Compliance: What You Need to Know

Businesses that work with the US Department of Defense (DoD) and collect, process, transmit, or store controlled unclassified information (CUI) must comply with Defense Federal Acquisition Regulation Supplement (DFARS) standards. The DoD has responded to the growing threat of cyber incidents, including cyberattacks from cybercriminals and nation-states, by prioritizing cybersecurity best practices and insisting they are implemented throughout the DoD supply chain.