The following list offers three effective strategies for keeping your board informed of the business’s third-party risk exposure and the efficacy of its Third-Party Risk Management program.

ISO 9000 and ISO 9001 are terms that are often used interchangeably when discussing quality management at an organization, but they actually refer to separate things. While both are related to quality assurance and ISO certification, they have distinct differences in their fundamentals and approach.

Last week, SecurityScorecard was invited to participate in a fireside chat with Michael Daniel, President & CEO of the Cyber Threat Alliance (CTA). SecurityScorecard’s Chief Business Officer, Sachin Bansal, joined Daniel for a lively discussion regarding how to measure cyber health and clearly communicate progress against those metrics.

Cybersecurity is one of the top concerns for organizations. In recent years, and that’s not going to change any time soon – unless, if anything, cybersecurity becomes the top concern. So what can an organization do about the rise in cybersecurity incidents? In this article we’ll take a closer look at security incidents: what they are, the most common types, and how to prevent and mitigate them.

As cloud adoption continues to grow, periodic cloud security risk assessments should be high on your organization’s priority list.

Supply chain security has been a top concern for risk management leaders ever since the high-profile attacks to SolarWinds and Log4j took place. While there's no one-size-fits-all way to identify, assess, and manage cyber risks in the supply chain, MITRE's System of Trust Framework offers a comprehensive, consistent, and repeatable methodology for evaluating suppliers, supplies, and service providers alike.

Most malware security researchers encounter in the wild is written in C or C++. These languages provide low-level system access and control, plus performance, allowing threat actors to create highly efficient and stealthy code. But that doesn’t mean cybercriminals are limited to those two languages. SecurityScorecard recently reverse-engineered the Vjw0rm worm written in JavaScript and the Java-based STRRAT remote access trojan (RAT).

Digital infrastructure is the foundation of a modern, connected organization. It encompasses connectivity, cloud, compute, security, storage, applications, databases, IoT, remote networks, and more. Once housed on premises, this infrastructure now extends across regions, offices, work-from-anywhere environments—and across the third-party providers who make digital transformation possible. Securing this digital infrastructure is a growing challenge.

The other week, Bitsight released a piece of high-profile research alerting the public to a high-severity vulnerability potentially allowing attackers to launch one of the most powerful Denial-of-Service (DoS) attacks in history. Here’s a summary of what happened and why it matters: Security leaders are asking “now what?” and Bitsight has answers.

Open-source software has been a godsend for the development community. They bring lower development costs, faster application delivery, and greater flexibility; it’s no wonder nearly 90% of modern applications comprise third-party software nowadays. That’s not to say open-source software doesn’t come with its share of pitfalls, including security risks and vulnerabilities.