Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo


Planning for a DDoS Attack

Last week several prominent DDoS (distributed denial of service) attacks were in the news, specifically targeting the popular note-taking app Evernote and the RSS reader Feedly. These attacks, along with others over the years, should serve as a call to attention that if an organization provides services to internet users, they must be prepared for [...] Read more

Read more

Common Failures of Third-Party Risk Assessments

Third-party risk analysis – whether used to evaluate partners, service providers or suppliers – is a necessity in today’s business landscape. Assessing the services provided by external agencies is often as critical to an organization’s success as their own internal practices. However, many companies follow inconsistent approaches that don’t give an accurate picture of the [...] Read more

Read more

Reviewing Third-Party Security Controls

In our last blog post, we discussed how to secure your house against theft—that is, how to protect your organization against third-party risks. Luckily, you don’t have to put bars on all the windows and station guard dogs at every entrance. An intelligent review of the relative risk of each third party can help you assign [...] Read more

Read more

How Do You Measure Third-Party Risk?

How often do thieves use the front door to commit a robbery? I don’t know from experience, but I’ve been told that most go through a window or back door. Third parties can be the back door of a company, and increasingly the source of security failures, financial difficulties, and other problems that disrupt business [...] Read more

Read more

Managing Third-Party Risk

Today, most organizations are outsourcing critical business operations to third parties. While internal business activities present a level of risk, third-party relationships can significantly increase the level of risk an organization is facing.  The quantity, cost and difficulty of performing due diligence on third parties makes managing third-party risk especially challenging. Earlier today we published [...] Read more

Read more

Why Shift Information Risk Management Out of IT?

In my previous blog posts, I discussed how the role of the CISO is changing due to the additional responsibilities that come with managing the risk of information regardless of where it resides, and the shift in security strategies. It is important to understand this background information as it frames the discussion for moving the [...] Read more

Read more

The Evolution of Security Strategies

In my last blog post, I discussed how the role of the Chief Information Security Officer (CISO) has evolved into the Chief Information Risk Officer (CIRO), and the growing list of responsibilities associated with this evolution. This shift raises questions on how to structure reporting relationships that support open communication and collaboration between the CIRO [...] Read more

Read more

The Hard Cold Truth – Somebody Else’s Breach Could Become Your Problem

Did you read yesterday’s article in The New York Times about eBay’s breach? The piece stated that “Security experts warned that stolen information would make eBay customers easy targets for phishing attacks…” And then this morning, Businessweek reported that eBay assured users and stockholders that hackers gained no credit card numbers or other financial information. [...] Read more

Read more

Using Fusion Centers to Improve Situational Awareness

I have been having many discussions lately around the concept of threat intelligence fusion centers. If you haven’t heard of a fusion center, it is an idea originally created by the government to promote information sharing between federal agencies, the military, and state and local governments. According to the National Fusion Center Association, the goals [...] Read more

Read more
(131 Results)