Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo

ACCUVANT BLOG

Android Hacker’s Handbook Crowd Sourced Q & A Session

Recently I participated in a live crowd sourced question and answer session on a popular user-submitted content website. Along with my fellow authors of “Android Hacker’s Handbook”, we fielded questions from users about everything from our writing process to the most interesting mobile bug we’ve come across in our research. Because threats are constantly changing, [...] Read more

Read more

Planning for a DDoS Attack

Last week several prominent DDoS (distributed denial of service) attacks were in the news, specifically targeting the popular note-taking app Evernote and the RSS reader Feedly. These attacks, along with others over the years, should serve as a call to attention that if an organization provides services to internet users, they must be prepared for [...] Read more

Read more

Common Failures of Third-Party Risk Assessments

Third-party risk analysis – whether used to evaluate partners, service providers or suppliers – is a necessity in today’s business landscape. Assessing the services provided by external agencies is often as critical to an organization’s success as their own internal practices. However, many companies follow inconsistent approaches that don’t give an accurate picture of the [...] Read more

Read more

Reviewing Third-Party Security Controls

In our last blog post, we discussed how to secure your house against theft—that is, how to protect your organization against third-party risks. Luckily, you don’t have to put bars on all the windows and station guard dogs at every entrance. An intelligent review of the relative risk of each third party can help you assign [...] Read more

Read more

How Do You Measure Third-Party Risk?

How often do thieves use the front door to commit a robbery? I don’t know from experience, but I’ve been told that most go through a window or back door. Third parties can be the back door of a company, and increasingly the source of security failures, financial difficulties, and other problems that disrupt business [...] Read more

Read more

Managing Third-Party Risk

Today, most organizations are outsourcing critical business operations to third parties. While internal business activities present a level of risk, third-party relationships can significantly increase the level of risk an organization is facing.  The quantity, cost and difficulty of performing due diligence on third parties makes managing third-party risk especially challenging. Earlier today we published [...] Read more

Read more

Why Shift Information Risk Management Out of IT?

In my previous blog posts, I discussed how the role of the CISO is changing due to the additional responsibilities that come with managing the risk of information regardless of where it resides, and the shift in security strategies. It is important to understand this background information as it frames the discussion for moving the [...] Read more

Read more

The Evolution of Security Strategies

In my last blog post, I discussed how the role of the Chief Information Security Officer (CISO) has evolved into the Chief Information Risk Officer (CIRO), and the growing list of responsibilities associated with this evolution. This shift raises questions on how to structure reporting relationships that support open communication and collaboration between the CIRO [...] Read more

Read more
(133 Results)