After a data breach, regulators strive to evaluate if an enterprise fulfilled "reasonable" cybersecurity standards… without defining what "reasonable" looks like.
When NIST recently updated its Cybersecurity Framework, it added only one new core category: Supply Chain Risk Management (SCRM). Placed within the Framework’s “Identify” function, SCRM encompasses, but typically extends beyond, traditional vendor management approaches. That’s because the supply chain typically extends beyond suppliers to include other external parties, such as integrators and even third-party communications providers.
Companies remain on the hook for ensuring their vendors are up to task when it comes to cybersecurity, privacy compliance and continuity of operations. This checklist can help determine the maturity of your vendor risk management program.
Some of the most basic tenets of password account management have failed, leaving us with a dreadful combination of poor user experience and inadequate security.
How difficult is it for a computer (or a complete stranger) to validate the true identity of a person they don’t know? Very difficult, it turns out, especially when others may be trying to imitate them.
Traveling abroad with technology brings with it certain risks and may subject you to government surveillance in ways that are different from domestic travel. According to the FBI, you shouldn’t expect privacy in most countries outside the United States. Your data is less secure when you travel.
Taking advantage of technology and digitization involves more than business strategy. It requires strong data governance principles which, among other things, must align the functional demands of an organization’s cybersecurity, privacy and information management teams.