The Florida Information Protection Act of 2014 (FIPA) came into effect July 1, 2014, expanding Florida's existing data breach notification statute requirements for covered entities that acquire, use, store or maintain Floridian's personal information. FIPA modified Florida's existing data breach notification law and applies to commercial and government entities.
Email security refers to various cybersecurity measures to secure the access and content of an email account or service. Proper email security can protect sensitive information in email communications, prevent phishing attacks, spear phishing and email spoofing and protect against unauthorized access, loss or compromise of one or more email addresses.
Penetration testing, pen testing or ethical hacking, is the practice of testing a computer system, network or web application's cybersecurity by looking for exploitable security vulnerabilities. Penetration testing can be automated with penetration testing tools or manually by penetration testers.
Engaging third-party vendors for the provision of goods and services is not a new concept, so why has vendor risk management become so important? Vendor risk management is important because managing vendor risk is foundational to cybersecurity, ensuring business continuity and maintaining regulatory compliance. A robust vendor risk management (VRM) program can help organizations under their vendor risk profile and mitigate third-party and fourth-party risk rather than relying on incident response.
NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171 or NIST 800-171), provides federal agencies with a set of guidelines designed to ensure that Controlled Unclassified Information (CUI) remains confidential and unchanged in nonfederal systems and organizations.
Cybersecurity performance management is the process of evaluating your cybersecurity program's maturity based on top-level risks and the associated level of investment (people, processes and technology) needed to improve your security security to meet regulatory requirements and business outcomes. Security metrics improve decision making by helping risk management and security teams take a risk-based, outcome-driven approach to assessing and managing their organization's cybersecurity capabilities.
NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations (NIST SP 800-53 or NIST 800-53), establishes an information security standard for the federal government. Specifically, NIST 800-53 establishes security controls and privacy controls for federal information systems and organizations excluding those involved with national security.
Vendor risk management is hard. And it's getting harder. But it doesn't have to be. Business units are outsourcing more of their operations to third-party suppliers. In turn, these suppliers outsource to their own service providers. It's undeniable, the average organization's exposure to third-party risk and fourth-party risk has never been higher.
The New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) or Senate Bill 5575, was enacted on July 25, 2019 as an amendment to the New York State Information Security Breach and Notification Act. The law goes into effect on March 21, 2020. The motivation behind the SHIELD Act is to update New York's data breach notification law to keep pace with current technology.
There are many SecurityScorecard alternatives that offer the same core functionality your organization needs to successfully manage first-party, third-party and fourth-party risk. SecurityScorecard is one of the most well-known security ratings platforms but let's look at an alternative and see how they stack up. These security ratings providers are promising to reduce cybersecurity risk by continuously monitoring the security posture of any company in the world, instantly and non-intrusively.
