Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

Examining NIST CSF 2.0: Everything you need to know

In 2014, the National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (CSF) following a presidential executive order to help organizations better understand, reduce, and communicate cybersecurity risk. In the decade since its introduction, NIST CSF has become one of the most widely recognized and utilized frameworks globally, built upon five key functions: Identify, Protect, Detect, Respond, and Recover.

How Cyber Exposure Management Strengthens Overall Enterprise Risk Management

In recent years, there's only been a handful of data breaches within public companies that could be considered financially "material." These breaches include those often pointed to as examples in cybersecurity presentations: the 2013 Target breach, the 2017 Equifax breach, the 2019 Capital One breach, and most recently, the Colonial Pipeline incident.

The Impact of FAIR on Risk Management with Jack Jones | Razorthorn Security

Welcome to Razorwire, the podcast that cuts through cybersecurity and risk management complexities. Host Jim welcomes Jack Jones, creator of the FAIR risk methodology, for an in-depth discussion on how his approach has transformed information security risk perception and management. Jack shares his journey from facing scepticism to global recognition, detailing the development of FAIR and its impact on the industry. He also previews his upcoming book on the controls analytics model, exploring the future of risk management and FAIR's role in advancing cybersecurity practices.

What Cybersecurity Metrics Should I Report to My Board?

‍ ‍ Chief information security officers (CISO) or respective organizational cybersecurity leaders are most likely well aware of the cybersecurity risks their organizations face. However, being aware of and communicating important cyber risk management data to the board of directors are two entirely different matters.

Telephony Or VoIP Device Accessible Issue And How To Fix It On Your Scorecard

Is the "Telephony/VoIP Device Accessible" issue type bringing your rating down and you don't know what to do about it? Watch this short video which explains what these are and what you can do to improve them. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

National Vulnerability Database Updates: How SecurityScorecard's CVEDetails can help

The National Vulnerability Database (NVD), the world’s most widely used vulnerability data source, has been having some problems recently, causing uncertainty and anxiety for everyone dealing with security vulnerabilities. Many organizations, including cybersecurity vendors, rely on CVE data provided by NVD. As a government organization operated by the U.S.

Top open source licenses and legal risk for developers

If you’re a software developer, you’re probably using open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges for your organization?

Setting Objectives with ISO 27001's ISMS: A Strategic Overview

ISO 27001 is an international standard specifying how organizations should develop and implement an effective information security management system (ISMS). Organizations can apply ISO 27001 to manage their information security risks and be certified as ISO 27001-compliant. The measures to achieve compliance are specified in Annex A of the standard; organizations should select and apply the necessary controls to safeguard their stakeholders based on their own company risk profile.