Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Do Banks Need to be PCI Compliant

Financial institutions are one of the most heavily regulated industries around, and for good reason. Access to the personal information and funds of their customers makes banks a popular target with hackers, and a dangerous location for a cybersecurity breach. With all of the regulations a bank needs to obey, it’s possible you may have overlooked the Payment Card Industry Data Security Standard, or PCI DSS.

What is a Risk Assessment?

A risk assessment is a multi-step process that catalogs all the potential threats to your business. In the same way a person might check the air pressure in a car’s tires or that the office elevator was recently serviced, CISOs should conduct regular risk assessments. Consider it a part of your standard safety management routines.

What Are the Different Types of Penetration Testing?

No company is free from risks and vulnerabilities. No matter how robust the digital infrastructure or how strict the cybersecurity measures are, some level of residual risk will always remain. That’s why many organizations include penetration testing in their risk assessment and security program.

What is Endpoint Security?

In enterprise networks, endpoint devices refer to end-user devices such as laptops, servers, desktops, Internet of Things (IoT) devices, and mobile devices. Such devices enable users to access the corporate network, and are therefore indispensable for day-to-day operations. Endpoints also, however, expand a company’s attack surface, since each one can be exploited by malicious threat actors to launch cyberattacks via ransomware, phishing emails, social engineering, and so forth.

What is a Third-Party Risk Assessment?

A third-party risk assessment is an analysis of the risk introduced to your organization via third-party relationships along the supply chain. Those third parties can include vendors, service providers, software providers and other suppliers. Risks to be considered include security, business continuity, privacy, and reputation harm; as well as the risk that regulatory compliance obligations might force you to stop working with a party until its issues are addressed.

Security Exception vs. Risk Acceptance: What's the Difference?

Businesses face an endless range of security concerns. Internal controls and security procedures help, but not every risk can be managed out of existence. To build a sustainable security program, then, executives need to rely on risk acceptance and security exceptions to keep operations running and to appease stakeholders as best as possible.

What is Vulnerability Testing?

Even the most secure IT system can have vulnerabilities that leave it exposed to cyber attacks. Constantly changing network environments, social engineering schemes, and outdated or unpatched software are all threats that call for routine vulnerability testing. Vulnerability testing, also called vulnerability assessment or analysis, is a one-time process designed to identify and classify security vulnerabilities in a network.

What is a Cybersecurity Framework?

Headlines coming out of Sweden in July gave IT departments around the world a jolt: one of the country’s largest grocery chains, COOP, had been hit by ransomware and had to temporarily shut down hundreds of stores. Cybercriminals had infiltrated the software as a service (SAS) company Kaseya, a client management platform used by as many as 40,000 organizations (including COOP).

What is the Difference Between Vulnerability Assessment and Penetration Testing?

A vulnerability assessment is the process of identifying IT security weaknesses in your network, operating systems, firewalls, and hardware, and then taking steps to fix them. Penetration testing, also known as “pen testing,” is an intentional, simulated cyberattack against your IT systems to find vulnerabilities and test the efficacy of cybersecurity controls. Both are essential components of a comprehensive vulnerability management and network security protocol.