Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Monetary Authority of Singapore (MAS) is Singapore's central bank and financial regulatory authority. Along with regulating monetary policies, banking, and currency issuance, MAS sets standards for financial institutions' operational practices. MAS’ third-party risk management guidelines provide structure for financial institutions to ensure resilience against third-party outsourcing arrangements risks, including supply chain vulnerabilities and information security.

From U.S. executive orders to cyber regulations, prominent cybersecurity policies are increasing their inclusion of Third-Party Risk Management standards, and for good reason - every organization, no matter what size, is impacted by third-party risks. If you're looking for a TPRM software solution to enhance the efficiency of your TPRM program, this post will help you evaluate the top contenders in the market.

43% of all websites are built in WordPress (W3Techs). Custom WordPress sites rely on plugins, themes, and other components determined by the website administrators. Because these extensible components are often created by third-parties, each custom addition is a potential attack vector that needs to be monitored and updated to maintain a secure website. Website security is a critical aspect of your cybersecurity posture.

Organizations focus on building resilience in their global supply chain through effective supply chain risk management strategies. The planning process involves identifying potential high-risk factors, analyzing their impact, and developing strategic measures for mitigating risk. In addition, organizations perform due diligence when creating incident response and recovery plans to ensure business continuity and avoid supply chain disruptions.

SysAid on-premises software faces a zero-day vulnerability tracked as CVE-2023-47246. SysAid recommends that all customers immediately upgrade to version 23.3.36, which has a security patch for the path traversal vulnerability.

With the majority of data breaches now caused by compromised third-party vendors, cybersecurity programs are quickly evolving towards a greater emphasis on Vendor Risk Management. For advice on choosing the best VRM solution for your specific data breach mitigation requirements, read on.

Data collection is the gear that powers the modern internet. User data provides powerful behavioral insights, supercharges web analytics for tailored advertisements, and engages organizations in meaningful user experience research. But collecting that data requires tracking user behavior, which can lead to potential for personal data leaks, advertising spam, and unclear boundaries around what is considered invasive user research.

Transport Layer Security (TLS) provides security for internet communications. TLS is the successor to the now-deprecated Secure Sockets Layer (SSL), but it is common for TLS and SSL to be used as synonyms for the current cryptographic protocols that encrypt digital communications through public key infrastructure (PKI).

A HIPAA (Health Insurance Portability and Accountability Act) questionnaire is essential for evaluating third-party vendors for healthcare organizations to ensure they follow HIPAA regulations and standards. As one of the most breached industries, it is vastly important for healthcare organizations to send out comprehensive security questionnaires to properly assess their vendors’ risks and determine a plan of action on how to remediate those risks or potentially end the business partnership.

A post-data breach questionnaire is essential for evaluating the impact of a third-party breach on your organization. This due diligence also ensures complaints with expanding data breach protection standards sweeping across government regulations. This post outlines a template to inspire the design of your security questionnaire for vendors that have suffered a data breach or similar security incident. Learn how UpGuard streamlines Vendor Risk Management >