See: China hacked a Navy contractor and secured a trove of highly sensitive data on submarine warfare Third-party risk (or nth-party risk) is a hot topic in cybersecurity. While it can mean many things, at its core third-party risk describes a situation in which an organization that does a good job of protecting its own…
Tag: third-party risk
Third-Party Risk in Cybersecurity Exemplified by North Korea’s Stealing of US War Plans
Third-party risk (or nth-party risk) is a hot topic in cybersecurity. While it can mean many things, at its core third-party risk describes a situation in which an organization that does a good job of protecting its own network and data, within its environment, works with other organizations that do not do such a good…
Checklist: Managing Third-Party Risk in #Cybersecurity
If I timed this right, when this post publishes, I will be about to present at the ISACA CSX 2017 North America Cybersecurity Nexus Conference in Washington, DC. My talk is titled Legal Issues Associated with Third-Party Risk. I am publishing this post with the #CSXNA and #CyberAware hashtags in the title so that conference attendees can…
Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs
The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber’s data breach of more than 100,000 individuals’ PII despite its promises that their data was “securely stored within our databases.” The FTC found this promise was misleading when compared with the actions the company was…
Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom
New York’s Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think — including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your…
3 Critical Cybersecurity Steps Your Company Must Take
I have presented at several cybersecurity conferences over the last few weeks and have had an opportunity to listen to and talk with some of the most highly regarded experts in this field. This includes experts from the FBI, Secret Service, private industry experts and many others. The message I have heard over and over…
Practical ways your company’s contracts can help improve its cybersecurity odds
I am sharing two articles with you because, as you well know, cybersecurity is a really hot topic right now due to the threat it poses to virtually all businesses. I hope you find these helpful. I was recently interviewed by CSO Magazine and asked to give one suggestion that companies could do to…
The Art of Cybersecurity: How Sun Tzu Masterminded the Home Depot Data Breach
Sun Tzu taught that, when it comes to the art of cybersecurity, you must be wary of your business associates and other third parties. Why? Have you heard that Home Depot had a data breach? That hackers were able to exfiltrate 56 million payment cards and 53 million customer email addresses from its systems? Did…
What did Sun Tzu teach about cybersecurity?
Sun Tzu taught that, when it comes to cybersecurity, you must be wary of your business associates and other third parties. Why? Have you heard of the national retailer that what was hit with a perfectly timed cyber attack on Black Friday ’13 that resulted in credit card data from roughly 110 million customers being taken? That…
Is Your Business Following the 3 Steps the FTC is Requiring for Using Data Service Providers?
The Federal Trade Commission now requires businesses to take the following 3 steps when contracting with data service providers: Investigate. Obligate. Verify. Is your business following these steps? Investigate. Businesses are required to investigate by exercising due diligence before hiring data service providers. Obligate. Businesses are required to obligate their data service providers to adhere…
You must be logged in to post a comment.