NIST (National Institute of Standards and Technology) is a federal agency under the responsibility of the US Department of Commerce. Established in 1901 to promote innovation and industrial competitiveness in the US, NIST helps organizations advance measurement science, technology, and standards to improve the quality of life for citizens and enhance economic security.

$132.94 billion. That’s the size of the cybersecurity market today. But despite the massive investment in money, time, and expertise, organizations have never been more at risk of an attack. What’s causing the disconnect? Despite all the effort to ensure security, there is an equally massive and growing effort to exploit vulnerable organizations.

The UK’s public sector has now had three months to digest the first UK Government Cyber Security Strategy and start building it into their short and long-term plans. With the strategy specifically calling upon public sector organisations to lead by example, the clock is ticking for action to follow the guidelines.

New York DFS is working with SecurityScorecard to further support the department’s first-in-the-nation cybersecurity efforts to modernize its supervision process. The New York Department of Financial Services (DFS) is now working with SecurityScorecard to modernize its approach toward regulatory oversight.

The Reciprocity® Community Edition is now available and is your chance to see the new Reciprocity ROAR Platform in action and it…is…totally…free! This is a great opportunity for you to not only get an instance of the ROAR Platform but also to see how the Reciprocity Community can provide you with meaningful content and connections to other organizations facing similar challenges. And did I mention that it’s free?!?

COBIT is an acronym for Control Objectives for Information and Related Technologies. The COBIT framework was created by Information Systems Audit and Control Association, ISACA to bridge the crucial gap between technical issues, business risks and control requirements. COBIT is an IT governance framework for businesses that want to implement, monitor and improve their IT management best practices.

When protecting an organisation against cyber attacks, the words security threats, vulnerabilities, risk exposure, and sometimes exploits are seen very commonly. Unfortunately, these terms are not used correctly or interchangeably and are often left undefined.

Your organization’s attack surface can be a tricky thing to monitor. In our connected world, it seems like your attack surface is always expanding. That’s probably true. Attack surface expansion has exploded, driven by cloud adoption, the use of SaaS (software as a service) tools, and the fact that so many organizations have come to rely on third-party vendors.

In a world full of security breaches and litigation, every organization needs a solid strategy to identify and reduce risks relating to the use of third parties, e.g., vendors, suppliers, partners, contractors, or other service providers.

This blog is the latest in a series dedicated to Zhadnost, a Russia-aligned botnet first discovered by SecurityScorecard in March.