On August 4, the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) announced the release of its Blueprint for Ransomware Defense - a clear, actionable framework for ransomware mitigation, response, and recovery aimed at helping organizations navigate the growing frequency of attacks.

Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 prohibits the procurement or use of Huawei, ZTE, Hytera, Hikvision, or Dahua telecommunication and video surveillance products and services by federal agencies, government contractors, and the recipients of any federal grants or loans (this latter category includes many state and local governments).

Risk management is the process of identifying, evaluating, and controlling risks to an organization’s operations and financial performance. These dangers can be caused by several things, such as economic unpredictability, legal responsibilities, technological problems, strategic management blunders, accidents, and natural calamities. An effective risk management program helps a business navigate all potential hazards.

Data is one of the most valuable assets for modern organizations. The right type and quality of data allows companies to resolve problems and improve business performance; it guides enterprise decision-making and drives business strategy. Data is also vital to improve cybersecurity, maintain regulatory compliance, and strengthen the competitive posture. In short, data matters. Organizations must protect their data assets from unauthorized access, compromise, and theft.

In 2022, a lot of crime involves a digital element. The digital element can be anything from text messages to complex cyber attacks on organizational networks. If you're prosecuting, a digital forensics expert can help you build a stronger case by gathering and documenting evidence and testifying in court on their findings.

On June 8, an explosion took place at Freeport LNG’s liquefied natural gas (LNG) export facility in Quintana, Texas. The company later explained that the explosion resulted from a rupture in an over-pressurized pipeline, but did not comment as to how the pressure built up enough to cause such a rupture. In the wake of the explosion, Freeport reported that the outage resulting from it would persist until September, after which the facility would only resume partial operations.

The internet of things (IoT) is a system of interconnected computers, devices, digital machines, and objects, all marked with unique identifiers (UIDs) and enabled to transfer and share data over a network. It was first coined by Kevin Ashton in 1999 when he envisioned a future where things communicated with each other, apart from human interaction With the evolution of web-enabled smart homes and smart devices in nearly every corner of life, IoT attack surfaces begin to emerge.

On June 23, The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) warning network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers.

All the risk management measures an organization might take to address cybersecurity threats depend on one critical question: What is the organization’s risk tolerance? Risk tolerance is a concept borrowed from investment strategy and is part of various risk assessment methodologies. Investors with high risk tolerance are willing to endure volatility in the stock market and engage in risky investments; those with a low risk tolerance are more cautious.

All organizations have a team of C-suite executives to set strategy and run the business. Typically that group looks quite similar from one organization to the next, with the chief executive officer, chief technology officer, and chief financial officer among the most important. But do you also have a chief risk officer? Do you even need a “CRO”? What are the CRO’s responsibilities, anyway; and what is his or her role in enterprise risk management (ERM)?