Data collection is the gear that powers the modern internet. User data provides powerful behavioral insights, supercharges web analytics for tailored advertisements, and engages organizations in meaningful user experience research. But collecting that data requires tracking user behavior, which can lead to potential for personal data leaks, advertising spam, and unclear boundaries around what is considered invasive user research.

Transport Layer Security (TLS) provides security for internet communications. TLS is the successor to the now-deprecated Secure Sockets Layer (SSL), but it is common for TLS and SSL to be used as synonyms for the current cryptographic protocols that encrypt digital communications through public key infrastructure (PKI).

A HIPAA (Health Insurance Portability and Accountability Act) questionnaire is essential for evaluating third-party vendors for healthcare organizations to ensure they follow HIPAA regulations and standards. As one of the most breached industries, it is vastly important for healthcare organizations to send out comprehensive security questionnaires to properly assess their vendors’ risks and determine a plan of action on how to remediate those risks or potentially end the business partnership.

A post-data breach questionnaire is essential for evaluating the impact of a third-party breach on your organization. This due diligence also ensures complaints with expanding data breach protection standards sweeping across government regulations. This post outlines a template to inspire the design of your security questionnaire for vendors that have suffered a data breach or similar security incident. Learn how UpGuard streamlines Vendor Risk Management >

Whether you're expanding use cases, adding new vendors, or scaling the scope of your offerings, you need to keep apprised of potential security risks impacting your organization. UpGuard has added the SIG Lite questionnaire to our Questionnaire Library, making SIG available to help UpGuard customers evaluate third-party risks and potential vulnerabilities in your vendors' security policies.

Network segmentation or segregation is a network architecture practice used by network security personnel to divide an organization’s computer network into smaller subnets. Each subnet or network segment forms its own smaller network. By segmenting an organization’s network, personnel can better control the traffic flow between subnets, improve security policies, and make it more challenging for unauthorized users to access sensitive data and critical parts of the network.

Every website needs to be set up with a cloud service provider, but what about your other CSP: Content Security Policy? The Content Security Policy (CSP) is a standard provided in an HTTP response header that helps prevent cross-site scripting attacks (XSS), clickjacking, packet sniffing, and malicious content injection on the client side of your web page. Configuring the header will enable a CSP with the directives you supply to control how a user agent loads resources on your site.

‍Cybersecurity has become crucial for businesses and government entities in today's ever-changing digital landscape. While various frameworks and guidelines are available, the Australian Signals Directorate's "Essential Eight" is an effective and practical approach to strengthening an organization’s security against cyber attacks and threat actors.

When organizations hear “third-party risk management,” they often consider the processes needed to mitigate risks when working with a third-party vendor. These can include procurement risks and risks associated with starting new vendor relationships, often referred to as "onboarding,”—but what about when a working relationship ends?

Cisco has released a Product Security Incident Response Team (PSIRT) advisory regarding a zero-day vulnerability in the web UI feature of Cisco IOS XE software. Cisco has stated that the web-based user interface should never be accessible through the public internet, yet research indicates that more than 10,000 Cisco devices have been exploited by an unknown threat actor. This critical vulnerability is being tracked as CVE-2023-20198 and is currently undergoing investigation for active exploitation.