How can organizations get the most out of partnering with managed security services providers and avoid common pitfalls? Cybersecurity consultant Vito Sardanopoli, an experienced CISO, offers top tips.
As ransomware and other cyberattacks continues to proliferate, organizations must improve vendor risk management so they have a plan in place in case a business associate falls victim, says Mitch Parker, CISO of Indiana University Health System, who will speak at ISMG's Healthcare Security Summit in New York.
Malicious bots and botnets are becoming increasingly common and sophisticated, and enterprises need to address them in their risk assessments and security frameworks, says Akamai's Aseem Ahmed.
Many third-party risk management (TPRM) programs rely on tools and processes that are expensive, non-scalable, and ineffective at reducing risk. Additionally, some TPRM professionals (and the individuals who approve their budgets) are relying on subjective, outdated information to make decisions - and that information...
With growing numbers of data breaches being traced to third parties with lax security controls and processes, organizations need to implement "always-on" vendor risk management programs.
Download this report and learn why:
Third-party data breaches are so common and damaging;
Third-party risk management programs...
Organizations must carefully monitor that their business associates are adequately addressing data security to help guard against breaches, says Mark Eggleston, CISO at Health Partners Plans, who will speak on vendor risk management at ISMG's Healthcare Security Summit, to be held Nov. 13-14 in New York.
Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Security, who formerly was CISO at Vanderbilt University and Medical Center.
Because business associates have been culprits in heath data breaches impacting millions of individuals, healthcare entities need to be diligent in taking steps to reduce the persistent risks these vendors pose, says privacy and security expert Susan Lucci.
Your organization's risk surface is larger than you think. How can you get a handle on what risks exist, where they reside, and which ones are most important to resolve immediately? By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your organization's...
Security ratings are increasingly popular as a means of selecting cybersecurity vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses.
In today's risk landscape, third-party risk management (TPRM) programs are becoming increasingly critical for businesses. In fact, Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a Board-level initiative to mitigate brand and reputation risk. However, there are...
Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority.
Compliance regulations such as SWIFT and GDPR can be challenging to understand and implement. Many of these regulations have cybersecurity requirements that are focused on protecting critical banking infrastructure with aggressive timelines - and without disrupting the very business-critical systems you're trying to...
A new council of healthcare CISOs hopes to work together toward improving uniformity and efficiency in the way organizations review the security controls and practices of third-party vendors that handle sensitive patient data.
Philips and Becton Dickinson have each issued multiple alerts this year regarding cybersecurity flaws in some of their medical devices. Some security experts say the two companies' transparency about cybersecurity issues - including new alerts issued last week - should be emulated by other manufacturers.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.