Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bitsight

SEC Regulations: What is a "Material" Cybersecurity Incident?

Oct 3, 2023 By Jake Olcott In BitSight
In one of the most important cybersecurity regulatory developments in recent memory, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity disclosure requirements for publicly traded companies, including a requirement to publicly disclose a “material” cybersecurity incident in Form 8-K within four business days of determining that it is material.
Read Post
SecurityScorecard

What CIS Controls are Effective for Successful Cyber Defense?

Oct 3, 2023 By SecurityScorecard In SecurityScorecard

Critical Security Controls are a set of cybersecurity principles and actions that list defense tactics and best practices to mitigate against popular cyber-attack methods. But what makes them so valuable is that the framework prioritizes a small number of actions that all work to significantly reduce cybersecurity risk across your network. Keep reading to learn more about CIS controls, as well as which controls are essential for successful cyber defense.

Read Post
bitsight

Bitsight identifies nearly 100,000 exposed industrial control systems

Oct 2, 2023 By Noah Stone | Research by Pedro Umbelino In BitSight
Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) owned by organizations around the world, potentially allowing an attacker to access and control physical infrastructure such as power grids, traffic light systems, security and water systems, and more. ICSs — a subset of operational technology (OT) — are used to manage industrial processes like water flow in municipal water systems, electricity transmission via power grids, and other critical processes.
Read Post
SecurityScorecard

Understanding GDPR Vendor Management and Compliance for your Business

Oct 2, 2023 By SecurityScorecard In SecurityScorecard

General Data Protection Regulation (GDPR) is a framework for data protection that gives strict obligations for organizations within the European Union. For many businesses, understanding and implementing GDPR vendor management is a daunting task. That’s why we are going to break down what GDPR vendor management is, who is involved in it, and what the requirements are.

Read Post
bitsight

How to Discover and Secure Open Port Vulnerabilities

Oct 1, 2023 By Sabrina Pagnotta In BitSight
Open port vulnerabilities pose a significant security risk to your organization. If left exposed, ports are a gateway for hackers to breach your network and steal your data. But what are open ports, why are they a security risk, and what can you do to close open port vulnerabilities? Let’s answer your open port questions.
Read Post
upguard

Effective Risk Management: The COSO ERM Framework

Sep 29, 2023 By Leah Sadoian In UpGuard
Enterprise risk management (ERM) frameworks allow organizations to identify, assess, manage, and monitor risks across all levels of an organization. One of the most well-known approaches to ERM is the COSO ERM framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The framework offers guidelines and best practices for organizations seeking to achieve a balanced perspective on risk.
Read Post
SecurityScorecard

Qualitative vs. Quantitative Cybersecurity Risk Assessment

Sep 28, 2023 By SecurityScorecard In SecurityScorecard

Risk mitigation is at the heart of cybersecurity. By connecting to the Internet, implementing upgraded IT systems, or adding a new vendor to your organization, you are automatically exposing your business to some level of cyber risk. With outsourcing on the rise and a growing reliance on vendors who are processing, storing, and transmitting sensitive data, assessing and mitigating risk is becoming increasingly important.

Read Post
SecurityScorecard

GDPR Compliance Guide: A 9-Step Checklist

Sep 27, 2023 By SecurityScorecard In SecurityScorecard

With many nuances to consider, adhering to the General Data Protection Regulation (GDPR) requirements can be a daunting task. After all, the entirety of the GDPR consists of a whopping 99 Articles. Fortunately, by following a GDPR security checklist, you can help your organization ensure that all required facets of data security are covered without sifting through pages and pages of legalese.

Read Post

A Deep Dive into the Exploit Prediction Scoring System EPSS

Sep 27, 2023 By Nucleus In Nucleus
The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS’s goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data.
View Video
bitsight

Overcoming Cybersecurity Headwinds Part 2: Automation and Repurposing Time Savings

Sep 27, 2023 By Vanessa Jankowski In BitSight
Welcome back to our Overcoming Cybersecurity Headwinds blog series—inspired by my latest webinar about third party risk with Marc Crudginton, CISO at Howard Hughes Corporation. In our last blog, we explored the wisdom of centrally managing cyber risk efforts across your organization and your third-party supply chain—a strategy that helps you do more with less in an era of budget constraints. Today, we dive deeper into the core of efficient Third Party Risk Management (TPRM): Automation.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.