%term

Want Your Third Parties To Take Security Seriously?

Jul 2, 2024 By Crystal Morin In Sysdig

In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.

Read Post

Sysdig

Read more about Want Your Third Parties To Take Security Seriously?

Third-Party Risk Management Dashboard: How to Design One

Jun 28, 2024 By Nicholas Sollitto In UpGuard

In today's interconnected business landscape, Third-Party Risk Management (TPRM), sometimes called vendor risk management (VRM), is a critical cybersecurity strategy for organizations aiming to safeguard their operations and reputation. With most companies increasing their reliance on external vendors and service providers, managing and mitigating risks associated with these third-party relationships is paramount.

Read Post

UpGuard

Read more about Third-Party Risk Management Dashboard: How to Design One

How CPG 235 is Shaping Data Security Standards in Finance

Jun 28, 2024 By Leah Sadoian In UpGuard

In 2013, the Australian Prudential Regulation Authority (APRA) introduced Prudential Practice Guide CPG 235, a comprehensive framework designed to enhance data risk management across the finance sector. This guide provides financial institutions with principles and best practices to safeguard data integrity, confidentiality, and availability. This blog explores CPG 235, its key components, compliance requirements, and how implementing the framework can enhance data security standards at your organization.

Read Post

UpGuard

Read more about How CPG 235 is Shaping Data Security Standards in Finance

Boost Your Cybersecurity with DevSecOps

Jun 28, 2024 By Leah Sadoian In UpGuard

As cyber threats increase in complexity and frequency, traditional security methods often fall short of safeguarding sensitive data and vital systems. DevSecOps offers a groundbreaking approach by incorporating security practices into all stages of the software development lifecycle (SDLC). By uniting development, security, and operations, DevSecOps ensures that security is a collective responsibility, promoting a culture of collaboration and ongoing enhancement.

Read Post

UpGuard

Read more about Boost Your Cybersecurity with DevSecOps

Building a Human-Centric Vulnerability Management Program

Jun 27, 2024 By Nucleus In Nucleus

Steve Carter, CEO and co-founder of Nucleus Security, and Dr. Nikki Robinson, Security Architect at IBM, discuss the importance of the people side of vulnerability management. They explore challenges such as context switching, long mean time to remediation, and the impact of communication on vulnerability management programs. The conversation includes practical advice on incorporating human factors into cybersecurity practices, how to improve communication and collaboration among teams, and why understanding human factors is crucial for effective vulnerability management.

View Video

Nucleus

Read more about Building a Human-Centric Vulnerability Management Program

2024 Bitsight Ratings Algorithm Update: Purpose, Observations, and Impact

Jun 27, 2024 By Abdullah Al Rashid, Xiaofei Yang, and Francisco Almeida In BitSight

As our 2024 Rating Algorithm Update (RAU) goes live on July 10, 2024, we wanted to share some research that validates this update and reinforces the importance of the RAU process. As we noted in our announcement blog, after RAU 2024, remediated Patching Cadence findings will impact the Bitsight Rating for 90 days after the last vulnerable observation instead of 300 days.

Read Post

BitSight

Read more about 2024 Bitsight Ratings Algorithm Update: Purpose, Observations, and Impact

Strategic Risk Management for CISOs: A Holistic and Consolidated Approach

Jun 26, 2024 By Sohail Iqbal In Veracode

As Chief Information Security Officers (CISOs), it's crucial to manage risks in a holistic and consolidated manner as the landscape of threats, particularly those targeting applications, continues to evolve and expand. With the increasing reliance on digital technologies, artificial intelligence (AI), and cloud-based services, the attack surface for potential cyber threats is growing and changing.

Read Post

Veracode

Read more about Strategic Risk Management for CISOs: A Holistic and Consolidated Approach

PIPEDA Compliance Guide

Jun 26, 2024 By Kyle Chin In UpGuard

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian data privacy law that governs how private sector organizations collect, use, and disclose personal information when conducting commercial activities. By setting strict requirements for private businesses, PIPEDA ensures that individuals and customers have control over how their data is managed.

Read Post

UpGuard

Read more about PIPEDA Compliance Guide

Veracode's Application Risk Management Platform

Jun 26, 2024 By Veracode In Veracode

Build and scale secure software from code to cloud with speed and trust. Veracode’s Platform allows you to start fast and scale, enable real-time flaw remediation, and gain actionable visibility into your application risk.

View Video

Veracode

Read more about Veracode's Application Risk Management Platform

Top Remote Work Security Risks Every Organization Should Know

Jun 26, 2024 By Lookout In Lookout

Remote work has become the new normal for many organizations worldwide. According to USA Today, approximately 14% of Americans now work from home, and around a third of all people who can work remotely choose to. Hybrid work is also increasing, with 41% of people splitting time between home and the office.

Read Post