Risk Management

Examining NIST CSF 2.0: Everything you need to know

Apr 4, 2024 By SecurityScorecard In SecurityScorecard

In 2014, the National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (CSF) following a presidential executive order to help organizations better understand, reduce, and communicate cybersecurity risk. In the decade since its introduction, NIST CSF has become one of the most widely recognized and utilized frameworks globally, built upon five key functions: Identify, Protect, Detect, Respond, and Recover.

Read Post

SecurityScorecard

Read more about Examining NIST CSF 2.0: Everything you need to know

How Cyber Exposure Management Strengthens Overall Enterprise Risk Management

Apr 3, 2024 By George V. Hulme In BitSight

In recent years, there's only been a handful of data breaches within public companies that could be considered financially "material." These breaches include those often pointed to as examples in cybersecurity presentations: the 2013 Target breach, the 2017 Equifax breach, the 2019 Capital One breach, and most recently, the Colonial Pipeline incident.

Read Post

BitSight

Read more about How Cyber Exposure Management Strengthens Overall Enterprise Risk Management

The Impact of FAIR on Risk Management with Jack Jones | Razorthorn Security

Apr 3, 2024 By Razorthorn In Razorthorn

Welcome to Razorwire, the podcast that cuts through cybersecurity and risk management complexities. Host Jim welcomes Jack Jones, creator of the FAIR risk methodology, for an in-depth discussion on how his approach has transformed information security risk perception and management. Jack shares his journey from facing scepticism to global recognition, detailing the development of FAIR and its impact on the industry. He also previews his upcoming book on the controls analytics model, exploring the future of risk management and FAIR's role in advancing cybersecurity practices.

View Video

Razorthorn

Read more about The Impact of FAIR on Risk Management with Jack Jones | Razorthorn Security

What Cybersecurity Metrics Should I Report to My Board?

Apr 2, 2024 By Kovrr In Kovrr

‍ ‍ Chief information security officers (CISO) or respective organizational cybersecurity leaders are most likely well aware of the cybersecurity risks their organizations face. However, being aware of and communicating important cyber risk management data to the board of directors are two entirely different matters.

Read Post

Kovrr

Read more about What Cybersecurity Metrics Should I Report to My Board?

Telephony Or VoIP Device Accessible Issue And How To Fix It On Your Scorecard

Apr 2, 2024 By SecurityScorecard In SecurityScorecard

Is the "Telephony/VoIP Device Accessible" issue type bringing your rating down and you don't know what to do about it? Watch this short video which explains what these are and what you can do to improve them. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about Telephony Or VoIP Device Accessible Issue And How To Fix It On Your Scorecard

National Vulnerability Database Updates: How SecurityScorecard's CVEDetails can help

Apr 2, 2024 By SecurityScorecard In SecurityScorecard

The National Vulnerability Database (NVD), the world’s most widely used vulnerability data source, has been having some problems recently, causing uncertainty and anxiety for everyone dealing with security vulnerabilities. Many organizations, including cybersecurity vendors, rely on CVE data provided by NVD. As a government organization operated by the U.S.

Read Post

SecurityScorecard

Read more about National Vulnerability Database Updates: How SecurityScorecard's CVEDetails can help

How To Evaluate Your Organization's Cyber Insurance Risk Profile

Apr 1, 2024 By Arctic Wolf In Arctic Wolf

In the face of increasingly frequent and severe cyber attacks, organizations with strong cybersecurity maturity are working hard to manage and mitigate their risk, while recognizing that these may no longer be enough.

Read Post

Arctic Wolf

Read more about How To Evaluate Your Organization's Cyber Insurance Risk Profile

Email Exposed / Password Hint Exposed Issue On Your Scorecard?

Apr 1, 2024 By SecurityScorecard In SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about Email Exposed / Password Hint Exposed Issue On Your Scorecard?

Top open source licenses and legal risk for developers

Apr 1, 2024 By Fred Bals In Synopsys

If you’re a software developer, you’re probably using open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges for your organization?

Read Post

Synopsys

Read more about Top open source licenses and legal risk for developers

Setting Objectives with ISO 27001's ISMS: A Strategic Overview

Mar 31, 2024 By RiskOptics In RiskOptics

ISO 27001 is an international standard specifying how organizations should develop and implement an effective information security management system (ISMS). Organizations can apply ISO 27001 to manage their information security risks and be certified as ISO 27001-compliant. The measures to achieve compliance are specified in Annex A of the standard; organizations should select and apply the necessary controls to safeguard their stakeholders based on their own company risk profile.

Read Post