Category Archives: Security audit

How to demonstrate trust in cybersecurity practices with organization leaders

Posted on by

Chief information security officers working at high-profile enterprises know their jobs are as much about guarding their organization’s brand reputation and trust as they are about IT security. But to ensure that trust, CISOs need to know whether their security investments are actually working, and that calls for having metrics that matter to senior management, according to a new report. “It’s all about measurement,” says Home Depot CISO Stephen Ward, in remarks quoted in “The 2019 Trust Report,” released by Synack. “CISOs need a way to present security to their executive team and board in a way that clearly demonstrates and measures business risk to the organization. The executive team doesn’t want to talk about security — they want to talk about risk.” The report provides CISOs with a framework for using data from their security programs to gain a clearer sense of their organization’s ability to withstand damaging cyberattacks […]

The post How to demonstrate trust in cybersecurity practices with organization leaders appeared first on CyberScoop.

Continue reading How to demonstrate trust in cybersecurity practices with organization leaders

Exposing the Culture of Compliance Cramming

Posted on by

Thursday, Feb. 1, marked the deadline for businesses to adopt the new industry standard, PCI DSS 3.2, aimed at reducing cyberattacks and promoting a better response to cyberattacks that result in payment data breaches. It was announced in 2016, giving … Continue reading Exposing the Culture of Compliance Cramming

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

Posted on by

Kaspersky Lab — We have nothing to hide!

Russia-based Antivirus firm hits back with what it calls a “comprehensive transparency initiative,” to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community.

Kaspersky launches this initiative days after it was accused of helping, knowingly or unknowingly, Russian

Continue reading Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

Sizing up risk management: Accountants issue guide for cyber audits

Posted on by

The largest professional organizations for qualified accountants issued guidance to its members this week about how to audit management claims about a company’s cybersecurity. The new guide, Reporting on an Entity’s Cybersecurity Risk Management Program and Controls, is part of the voluntary cybersecurity risk management reporting framework the American Institute of Certified Professional Accountants is producing this year. “Our intent is to establish a common, underlying language for cybersecurity risk management reporting — almost akin to U.S. [Generally Accepted Accounting Principles or] GAAP … for financial reporting,” AICPA says in a factsheet about its framework. Two other elements were published last month: Description criteria – A list of categories of information that management have to provide about their cybersecurity risk management program, in a consistent manner. Control criteria – The measures a CPA should use “to evaluate and report on the effectiveness of the controls within a client’s [cybersecurity] program.” Alongside the two sets of criteria, the […]

The post Sizing up risk management: Accountants issue guide for cyber audits appeared first on Cyberscoop.

Continue reading Sizing up risk management: Accountants issue guide for cyber audits