Risk Management

3 best practices to make the most of Snyk AppRisk Essentials

Sep 19, 2024 By Daniel Berman In Snyk

Thousands of our customers are leveraging Snyk to implement their DevSecOps and shift-left strategies. However, with the increasing speed and complexity of applications, we also know it’s harder to stay in sync with development. It is increasingly difficult to maintain a clear view of all the software assets being developed, identify ownership and their importance to the business, and, most importantly, ensure that these assets are properly secured by Snyk.

Read Post

Snyk

Read more about 3 best practices to make the most of Snyk AppRisk Essentials

From Theory to Practice: How Portugal's Cybersecurity Centre Is Tackling NIS2 Compliance

Sep 19, 2024 By Francisco Fonseca In BitSight

In their capacity as a regulator, the Portuguese National Cybersecurity Centre (CNCS) is at the forefront of adapting to NIS2 requirements and ensuring that entities under their purview are compliant. They provide strategic oversight and support for organisations navigating the complexities of the new directive, which introduces stricter standards for risk management, incident response, and supply chain security.

Read Post

BitSight

Read more about From Theory to Practice: How Portugal's Cybersecurity Centre Is Tackling NIS2 Compliance

The Crucial Role of Service-Level Agreements in Third-Party Risk Assessments

Sep 19, 2024 By Foresiet In Foresiet

In today's interconnected business environment, third-party risk management has become a pivotal concern for organizations. As businesses increasingly rely on external vendors for essential services, managing the risks associated with these third-party relationships is critical. A key tool in mitigating these risks is the Service-Level Agreement (SLA).

Read Post

Foresiet

Read more about The Crucial Role of Service-Level Agreements in Third-Party Risk Assessments

Prioritize Security Without Sacrificing Productivity: Balancing Identity Management and Risk Tolerance

Sep 19, 2024 By Crystal Morin In Sysdig

In the fast-paced, large-scale world of digital business, establishing and managing an acceptable risk tolerance related to user identities — both human and machine — is a critical element of organizational security. At the forefront of this challenge is the need to strike the right balance between ensuring robust security and maintaining an environment that doesn’t impede innovation. After all, identities are the new perimeter in the cloud.

Read Post

Sysdig

Read more about Prioritize Security Without Sacrificing Productivity: Balancing Identity Management and Risk Tolerance

What is a Zero Day Vulnerability? Meaning, Examples

Sep 19, 2024 By Obrela In Obrela

The “Zero-Day” term highlights the critical nature of the threat, as the system remains exposed until the vulnerability is addressed. Attackers aim to exploit this gap before a fix can be implemented. Below are some terms to clarify.

Read Post

Obrela

Read more about What is a Zero Day Vulnerability? Meaning, Examples

Leveraging Cyber Risk Quantification for NIS2 Compliance

Sep 18, 2024 By Kovrr In Kovrr

‍In response to the growing number of disparate cyber regulations across its member states, resulting in inconsistent cybersecurity practices, the EU drafted Directive 2022/2555, more commonly known as NIS 2. This sweeping directive, officially in effect in October 2024, aims to ensure a more uniform, proactive approach to cyber risk management across the union in the face of an interdependent market and increasingly costly risk landscape.

Read Post

Kovrr

Read more about Leveraging Cyber Risk Quantification for NIS2 Compliance

CISA KEV performance in the Financial Sector

Sep 18, 2024 By Ben Edwards In BitSight

As a security data nerd I am absolutely spoiled here at Bitsight. So much so that I have to stop myself from doing little projects and requests so I can dive into the “big” stuff1. So it is always refreshing when folks see a piece of research and decide “hey can you give me more information on my little corner of the world.” Then of course and can throw off those notions of “stopping” and just dive back in.

Read Post

BitSight

Read more about CISA KEV performance in the Financial Sector

Keeper 101 | Enterprise: Risk Management Dashboard

Sep 17, 2024 By Keeper In Keeper

The Keeper Risk Management Dashboard is a powerful feature of the Keeper Admin Console that provides comprehensive security posture information covering end-user deployment, utilization, cloud configuration, and event monitoring. This critical data helps administrators ensure that risks are remediated and compliance is enforced effectively. The Risk Management Dashboard monitors key metrics and leverages Keeper Security's Benchmarks to enforce the highest level of security in your environment across all users and devices.

View Video

Keeper

Read more about Keeper 101 | Enterprise: Risk Management Dashboard

UpGuard's Cyber Risk Ratings: Enhancing Risk Categorization for 2024

Sep 17, 2024 By Nicholas Sollitto In UpGuard

Each year, we revisit our risk rating system to ensure it best reflects the needs of security practitioners safeguarding their organizations and supply chains. For our 2024 update, we’ve made two closely related changes: we’ve recategorized some of our existing findings to make an organization’s risk profile more understandable and recalibrated our scoring algorithm to more clearly illustrate the impact of specific risks.

Read Post

UpGuard

Read more about UpGuard's Cyber Risk Ratings: Enhancing Risk Categorization for 2024

What is Enterprise Attack Surface Management?

Sep 17, 2024 By Edward Kost In UpGuard

The rapid expansion of the digital landscape adds increasing complexity to cybersecurity, especially for enterprises that could have up to 100,000 vendors in their supply chain. Addressing these challenges requires implementing an Attack Surface Management (ASM) strategy tailored to enterprise businesses' unique risk profiles. This post outlines the importance of ASM for enterprises and offers a strategy for ensuring its effective implementation.

Read Post