Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

TPRM for Government Contractors: General Services Administration Policies

The U.S. General Services Administration (GSA) is an independent agency that helps manage and support the basic functioning of federal agencies. The GSA supplies products and communications, provides transportation and office space, and oversees the government’s real estate portfolio, among other management tasks.

UpGuard Summit March 2024 Recap: Scaling Your TPRM Program

In mid-March, UpGuard welcomed security professionals from APAC, EMEA, India, and the U.S. to participate in the first UpGuard Summit of 2024. This quarter’s event focused on third-party risk management (TPRM), specifically addressing how organizations can scale their TPRM programs to meet their evolving needs and defend their growing attack surfaces.

Vendor Risk Management: Benefits, Process, Software, and Tools

Vendor risk management (VRM) is a process that helps businesses manage the risks associated with their vendors. This includes assessing how well their vendors are performing, identifying potential problems early, and taking appropriate action to mitigate any damage.

Quantifying NIST CSF Maturity Levels for Data-Driven Cyber Programs

Cybersecurity maturity assessments play a fundamental role in helping chief information security officers (CISOs) determine the level of risk their organizations face due to cyber activity. By illuminating the various areas that are exposed to exploitation, these evaluations serve as a blueprint for cybersecurity leaders tasked with making the business secure amid an increasingly risky operational landscape.

Breaches Beyond Borders: The global landscape of third-party risk

While the digital landscape evolves, cyber adversaries are also honing their tactics, techniques, and procedures. In recent years, ransomware groups have made major disruptions to the digital supply chain and, by extension, the world economy. What’s more, organizations in all industries and geographies continue to grapple with third-party threats, zero-day vulnerabilities, and more.

What Does a Solid VM Ticketing Workflow Actually Look Like?

In this webinar, Scott Kuffer discusses the challenges and best practices of vulnerability management workflows and ticketing. He emphasizes the discrepancy between vulnerability management teams' priorities and the priorities of the business as a whole. Scott explores different ticketing workflows, starting with basic vulnerability-based tickets and progressing to more advanced options such as asset-based, team-based, and action-based tickets. He highlights the benefits of automating ticket creation and reporting, as well as the potential for redefining how vulnerability management is approached within organizations.

Understanding the Vital Importance of Security Awareness in Today's Digital World

The IT security awareness training is organized to educate individuals to recognize and avoid cyber threats, aiming to prevent or minimize damage to your company while reducing human errors. By promoting a security-first policy and educating all employees on protecting personal and company data, your company can prevent those threats.

New Research Identifies Oversight Practices Correlated With Effective Cybersecurity Outcomes

In the last few years, boards have rushed to incorporate Cyber Risk into the Board’s overall risk management duty, without really knowing how effective those efforts have been. For the first time ever, Diligent and Bitsight have partnered to see just how well the effort at the board level is translating into reducing Cyber Risk for their company.

Exploring OneTrust Alternatives: Which GRC Fits You Best?

When one looks at the marketplace of governance, risk management, and compliance (GRC) software platforms, it’s clear that OneTrust has established itself as a key player in the field — and also that the quest for the right GRC solution is a nuanced exercise, depending on your organization’s specific needs and preferences.

Corporate Cybersecurity Engagement - A Practical Guide for Investors

Bitsight's leading analytics and workflows allow Nomura Asset Management to effectively reduce cyber risk across credit portfolios through targeted engagement. The increasing frequency and complexity of cyber attacks makes one thing clear - cyber risk is inextricably linked to business performance. This has prompted investors to prioritize cyber risk assessments within their portfolios.