Logical Security - Articles - Page 271

John "JT" Mendoza joins CGI as Director of Global Security

August 3, 2020

Congratulations to John "JT" Mendoza, one of our 2019 Most Influential People in Security awardees, who is retiring from federal government service after 22 years. He will be joining CGI as Director of Global Security, primarily responsible for establishing a global insider risk management program.

Creating the GSOC: 4 Leading Examples of Successful Security Operations Centers

The way forward with Risk Operations Centers

Atul Vashistha

July 31, 2020

In recent years, Enterprise Risk Management has become increasingly focused on cybersecurity risks. While this focus on cyber is understandable, the current COVID crisis has demonstrated that the unpredictable nature of cascading risks requires viewing risk through a much wider risk aperture. One way forward to successfully navigate this new risk frontier is the establishment of a Risk Operations Center (ROC). The ROC enables enterprise and technology leaders to have the continuous monitoring they require to proactively mitigate all cyber issues. Additionally, it fully supports the CISO/cybersecurity leader's principal responsibilities identified by the HBR survey.

Top 3 Misconceptions About Data After Death - Security Magazine

Salesforce policy change poses grave security implications

W. Curtis Preston

July 31, 2020

COVID-19 has completely changed our world from six months ago, as we continue to battle the grave health implications, face extended stay at home orders, and grapple with the insurmountable ramifications on our economy. The pandemic has also forever changed the cyber threat landscape, with our workforce becoming more dispersed, and potentially more vulnerable, than ever as organizations switch out of the confines of their offices and move entire data streams to their laptops and home offices. On top of this, Salesforce has announced it is ending its Data Recovery service on July 31st, which is putting all of the data protection responsibilities, and the dire consequences that comes along with it, on the backs of the customer.

The failing approach of managing cybersecurity

Mirza Asrar Baig

July 31, 2020

To address this current losing war with cyberattackers, the future of cybersecurity requires augmenting the current focus of “indicators of compromise” with “indicators of exposure & warning” in real-time. Where the measure would be to gauge the shift of incident management that would tilt on managing more incidents at warning stages than on compromise stages. It is imperative to build an AI engine to perform this very task as that would be the only way to perform in real-time, scale with the growing nature of cloud as well as to cover the evolving nature to attack scenarios.

Security services and PPP loans – What did you receive?

Tim Lozier

July 30, 2020

Here, we took a look to see what companies within the Security and Patrol Service industry took PPP Loans, and the impact on the industry.

How to enforce security protocols when your workforce has gone remote

Adam Glick

July 29, 2020

As the head of information security for a technology company with more than a thousand (now mostly-remote) employees, the COVID-19 pandemic has been — among other adjectives — an educational experience. And while it hasn’t been completely smooth sailing, I believe one of the reasons we were able to transition so quickly to remote work with relatively few hiccups is that we established practices to withstand precisely this type of scenario long before the virus swept through our community.

5 Minutes with James Carder, CSO of LogRhythm

July 29, 2020

Get to know James Carder, CSO at LogRhythm, who has more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company’s security governance model and risk strategies; protects the confidentiality, integrity and availability of information assets; and oversees both threat and vulnerability management as well as the security operations center (SOC). Carder previously led criminal and national security related investigations at the city, state and federal levels, including those involving the theft of credit card information and Advanced Persistent Threats (APT).

The Long and Winding Road to Cyber Recovery

A call for industry coordination around DLT security

Stephen Scharf

July 28, 2020

As the financial services industry moves toward an ever-greater dependence on technology, we must always keep an eye on the future to ensure that any new technological advancement or implementation delivers the same, if not better, benefits and risk management capabilities. One emerging area that has garnered a lot of attention in recent years is Distributed Ledger Technology (DLT). While DLT holds great promise, there is currently no clear path around how to implement the technology in a way that addresses documented and evolving security risks.

Heightened fraud and cyber risks threaten e-commerce merchants

Online merchants should be asking themselves three key questions related to their fraud defenses.

Bruno Spagnuolo

July 28, 2020

As consumers increasingly turn to online shopping for essential and non-essential goods while at home, fraudsters have adapted their technique to use more sophisticated tactics against consumers, banks and merchants.

EDPB issues guidance for cross-border data transfers in wake of Schrems II judgment

The EDPB’s FAQs resolve some open questions, such as whether there will be a grace period for companies relying on Privacy Shield, but raise other questions, such as what “supplementary measures” companies need to put in place to use Standard Contractual Clauses and Binding Corporate Rules.

David M. Stauss

July 28, 2020

In the wake of the Court of Justice of the European Union’s Schrems II judgment, on July 23, 2020, the European Data Protection Board (EDPB) adopted a Frequently Asked Questions document to “provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.” The EDPB stated that the document will be updated, and further guidance provided, as it continues to examine and consider the judgment. The six-page FAQs provides the following guidance.