Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

The SEC's New Cybersecurity Regulations: What Investors and Shareholders Should Know

It seems everyone is concerned about cybersecurity these days, and the investor community is no different. Shareholders are reading the headlines—ransomware attacks, data breaches, infrastructure disruptions—and they are wondering how these incidents could impact the companies that they invest in. Shareholders are about to get a lot more information from companies in the months ahead. In July 2023, the U.S.

Navigating APRA's CPS 234: A Universal Metric

In an era where digital innovation has become the lifeblood of businesses, cybersecurity has taken center stage in the corporate world. The Australian Prudential Regulation Authority (APRA) recognized this need and introduced CPS 234, a regulation that puts cybersecurity at the forefront of APRA-regulated entities. APRA is currently conducting an independent tripartite cyber assessment of compliance with CPS234, which took effect in 2019.

What are Software Supply Chain Attacks?

Software supply chain attacks, or digital supply chain attacks, have become increasingly prevalent over the last couple of years. According to a study by KPMG, 73% of organizations have experienced at least one significant disruption from a third-party in the last three years. What’s the best way to protect against potential software supply chain attacks? To get the answer, let’s define what those attacks are, how they happen, and how you can defend against them.

An Easy Guide to Understanding Risk Management and Quantification, 2

‍This is the second of a two part series on highlighting the power of cyber risk quantification, based on a webinar hosted by Kovrr’s Director of Product Management, Amir Kessler. Part two delves into the transformative potential of converting cyber risks from financial insights to actionable plans. Watch the full webinar here.

Today's Top Risk Management Frameworks

Business environments change every day. That’s why using a risk management framework is a crucial part of any organization. It helps manage different kinds of threats you face day in, day out. Organizations with robust RMFs are better prepared to thrive and adapt in this unpredictable world, ensuring their continued success and resilience. This article introduces risk management frameworks and explains the significance of using one in your organization.

What You Need to Know About Security Compliance Management

Security compliance management is that set of policies, procedures, and other internal controls that an organization uses to fulfill its regulatory requirements for data privacy and protection. Put another way, security compliance management is a subset of regulatory compliance management that specifically addresses data protection. Clearly security compliance management is important.

The Statistical Analysis of Measuring Cybersecurity Risk

Businesses are more at risk of cyber attacks than ever before. Calculating that risk, however, can be a challenging task. In this post we will provide an overview of traditional calculation methods and explore the future of measuring cybersecurity risk: statistical analysis. The cost of a cyberattack can be painfully high, sometimes high enough to shut down business operations entirely.

How to Build a Customized TPRM Framework

Third-party risk management (TPRM) is reviewing and mitigating risks associated with outsourcing business operations to third-party vendors or service providers. Risks are varied but include cybersecurity risks like data breaches or reputational risks that affect business continuity. If your organization wants to create a TPRM program or upgrade your current risk management strategy, focusing on customization can be critical in setting your organization apart.

An Overview of ENISA's Risk Management Standards Report

The European Union Agency for Cybersecurity (ENISA) published its Risk Management Standards report on March 16, 2022. The report's primary objective was to produce an organized overview of all published standards that address aspects of risk management. Subsequently, ENISA aimed to describe the various methodologies organizations can use to implement the risk management frameworks it covers.