Cyber Tactics Column

RSS

We just celebrated President’s Day. Folklore has it that during the American Revolution, George Washington was approached by an enquiring member of the press who asked: “George! George! What keeps you up at night?”

Each year’s ending is replete with predictions of what the year ahead portends. In this practice, the security sector is no stranger.

If your company relies upon third-party cloud providers to support or deliver core services, or to protect sensitive data, it’s crucial to understand that cloud security is a shared responsibility.

Your mission, should you decide to accept it, is to implement a sound data sanititization program.

Even at their most basic, information security programs are complex and include a seemingly endless combination of controls to detect, prevent and respond to data loss.

Want to proactively detect and resolve cyber vulnerabilities? Maybe it's time to crowdsource your intelligence through a bug bounty program…

After a data breach, regulators strive to evaluate if an enterprise fulfilled "reasonable" cybersecurity standards… without defining what "reasonable" looks like. 

When NIST recently updated its Cybersecurity Framework, it added only one new core category: Supply Chain Risk Management (SCRM). Placed within the Framework’s “Identify” function, SCRM encompasses, but typically extends beyond, traditional vendor management approaches. That’s because the supply chain typically extends beyond suppliers to include other external parties, such as integrators and even third-party communications providers.