Collaborate Disseminate
To protect their crown jewels from data thieves, organizations must determine the difference in risk levels between structured and unstructured data and prioritize accordingly.
The post Data Risk Management, Part 3: Assessing Risk Levels of Structured Versus Unstructured Data appeared first on Security Intelligence.
Department of Homeland Security officials detailed ongoing efforts to secure state election systems Wednesday, telling the Senate Committee on Homeland Security and Governmental Affairs they are on track to assess states’ risk of a cyberattack over the next few months. Speaking at the committee’s roundtable discussion on the agency’s reauthorization, Chris Krebs, acting Under Secretary for the National Protection and Programs Directorate, said that DHS officials have completed five security risk assessments of state election systems and would be working to complete another 11 by mid-April, running up against primary season for state and midterm elections. The assessments, offered to state election officials by request, include services like “scenario-based network penetration testing, web application testing, social engineering testing, wireless testing, configuration reviews of servers and databases and evaluation of an organization’s detection and response capabilities,” to determine the likelihood of a system breach. “The dependency here is whether we get […]
The post DHS steadily moving state-by-state on election security outreach appeared first on Cyberscoop.
Continue reading DHS steadily moving state-by-state on election security outreach
Department of Homeland Security officials detailed ongoing efforts to secure state election systems Wednesday, telling the Senate Committee on Homeland Security and Governmental Affairs they are on track to assess states’ risk of a cyberattack over the next few months. Speaking at the committee’s roundtable discussion on the agency’s reauthorization, Chris Krebs, acting Under Secretary for the National Protection and Programs Directorate, said that DHS officials have completed five security risk assessments of state election systems and would be working to complete another 11 by mid-April, running up against primary season for state and midterm elections. The assessments, offered to state election officials by request, include services like “scenario-based network penetration testing, web application testing, social engineering testing, wireless testing, configuration reviews of servers and databases and evaluation of an organization’s detection and response capabilities,” to determine the likelihood of a system breach. “The dependency here is whether we get […]
The post DHS steadily moving state-by-state on election security outreach appeared first on Cyberscoop.
Continue reading DHS steadily moving state-by-state on election security outreach
Digital transformation and the evolving threat landscape are having a significant impact on IT teams. Network professionals who were once masters of their IT domains are now being stretched to the breaking point with the adoption of multicloud infrastr… Continue reading Prioritizing Your Safety and Cyber Hygiene: Where Do You Even Begin?
A risk treatment plan (RTP) is one of the mandatory reports that you will need to produce for your ISO 27001 information security management system (ISMS). What is a risk treatment plan? An RTP provides a summary of each of the identified risks, the re… Continue reading How to create a risk treatment plan for your information security management system
Organizations that follow both the COSO enterprise risk management framework and the NIST CSF can vastly improve their cyber risk oversight and management.
The post Understanding the COSO 2017 Enterprise Risk Management Framework, Part 2: Combining Apples With Oranges appeared first on Security Intelligence.
The return on security investment is a crucial calculation to help CISOs demonstrate risks in business terms and gain executive buy-in for security tools.
The post Things to Consider When Calculating the Return on Security Investment appeared first on Security Intelligence.
Continue reading Things to Consider When Calculating the Return on Security Investment
Operational risk management can help organizations measure the cost of network security solutions versus the cost of a potential data breach.
The post The Benefits of Operational Risk Management appeared first on Security Intelligence.
Continue reading The Benefits of Operational Risk Management
The new COSO enterprise risk management framework offers business leaders a road map to more effectively assess, manage, review and report on cyber risks.
The post Understanding the COSO 2017 Enterprise Risk Management Framework, Part 1: An Introduction appeared first on Security Intelligence.
The Three Lines of Defense model enables board directors to be involved in the cyber risk management process without micromanaging the security team.
The post Take a Load Off: Delegate Cyber Risk Management Using the Three Lines of Defense Model appeared first on Security Intelligence.