Assessing the cybersecurity risk posed by third-party vendors and service providers is time-consuming, operationally complex, and often riddled with errors. You need to keep track of requests you send out, chase up vendors who haven't answered, and ensure that when they do they answer in a timely and accurate manner.

Business is inherently risky. Types of risk abound: financial, legal, regulatory, reputational and more. In the most extreme scenarios, failing to maintain an acceptable level of risk could result in injury or death, as in a factory; or, in the case of critical infrastructure, widespread economic catastrophe.

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53. NIST SP 800-53 provides a catalog of cybersecurity and privacy controls for all U.S. federal information systems except those related to national security. The IT security controls in the “NIST SP 800-171 Rev.

When it comes to organizations incorporated and operating out of the United States, General Data Protection Regulation (GDPR) compliance can be confusing. Many people struggle to understand what exactly is the GDPR and whether it applies to all organizations. On May 25, 2018, the European Union (EU) via the European Parliament, signed into law the GDPR, to an enhance Directive 95/46/EC.

Not too long ago, “risk management” was considered mainly an insurance term. The risks a business might incur covered a fairly small and discrete range of scenarios, including the following: The times have changed, however, and so have risks. With the advent of the digital age come a plethora of new risks as well as an increase in the complexity of existing ones.

The novel coronavirus isn’t the only plague affecting businesses. Cyberattacks are spreading, too, as malicious actors take advantage of interest in COVID-19 news and coronavirus fears to trick people into clicking on phony links and attachments in social engineering and phishing scams. The U.S.

The healthcare industry possesses the crown jewels that the bulk of attackers are after: Personally Identifiable Information (PII). Data has become the new currency in the digital underground, consisting primarily of social security numbers, credit card information, health information, and passwords.

As COVID-19 continues to spread worldwide, not only disrupting health and life but also business continuity up and down the supply chain, economic and cyber risk have taken on pandemic proportions, as well. Many enterprises are struggling just to keep essential services functioning as they send employees home to work with new, hastily procured technologies. At the same time, they’re battling a surge in cybercrime by threat actors seeking to take advantage of the chaos.

On May 29, 2019, the governor of Nevada signed into law Senate Bill 220, a new consumer privacy law. The new privacy law amended Nevada’s existing 2017 online privacy law. Effective October 1, 2019, the new privacy gives consumers the right to opt-out of the sale of their personal information.

In today’s constantly evolving cybersecurity threat landscape, you have to do everything possible and then some to protect your critical data assets. Performing a vulnerability assessment and implementing a vulnerability management program can help your organization effectively deal with cybersecurity vulnerabilities. However, it’s important to understand the difference between vulnerability assessment and vulnerability management.