In today's risk landscape, third-party risk management (TPRM) programs are becoming increasingly critical for businesses. In fact, Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a Board-level initiative to mitigate brand and reputation risk. However, there are...
The level of integration that third-party vendors and services have in the enterprise environment is introducing risks vectors that are not well understood, says Trustwave's Edwin Lim.
Even though many organizations believe that supply chain cyber risk is a serious problem, very few organizations are vetting their suppliers, says CrowdStrike's Michael Sentonas.
"Our risk landscape has changed from protecting the things that we operate to protecting the things that we buy, and that's why third party risk management is the place where people are really focusing," says Joel de la Garza of the venture capital firm Andreessen Horowitz.
The Reserve Bank of India issued a notice to all cooperative banks advising them to apply caution while deploying third-party core banking applications and check for appropriate security standards. The move came after credential theft incidents at some banks. But will banks heed the advice?
Risk managers in particular have a vested interest in ensuring their organizations are in ongoing compliance with GDPR.
If you are concerned about your organization's GDPR compliance, download this guide and learn:
A history and background of the GDPR;
A number of noteworthy compliance indications;
Six...
To build out the business structure and technical functionality that enables your organization to deliver products and services quickly and efficiently, you have to know how you're doing compared to how your competitors and peers are doing.
In other words, CIOs today must be highly effective at...
Without fostering feelings of responsibility and accountability for cybersecurity among employees, security awareness training won't necessarily make an organization any safer or less vulnerable.
Download this eBook and learn:
Why current awareness practices don't work;
The value of evidence-based awareness;
How...
Big data and artificial intelligence have sparked a paradigm shift in risk management. From cybersecurity to PR to logistics, continuous monitoring is already making a major impact.
Download this eBook and learn how continuous monitoring technologies are transforming a range of risk areas such as:
Vendor...
How can security ratings help you identify, quantify, and mitigate cyber risk? Smart benchmarking requires objective, verifiable and actionable metrics on security performance.
Download this eBook and learn how:
To create a framework for effective cybersecurity benchmarking;
Security ratings can be used to...
Australian medical booking platform HealthEngine offered AU$25 (US$19) gift vouchers to dental patients who sent photos of their treatment invoices to the company, which it positioned to patients as "invaluable" research. Privacy experts say the company may have fallen afoul of Australian privacy guidelines.
A new initiative by the Cyber Readiness Institute aims to promote best cybersecurity and vendor risk management practices to smaller enterprises. RiskRecon founder and CEO Kelly White offers his perspective on converting standards to practices.
A coding mistake by an electronic health records vendor has resulted in a data breach impacting thousands of United Kingdom patients. But the incident also serves as a reminder to healthcare entities in the U.S. and elsewhere about the variety of data privacy and security risks vendors can pose.
Google says it closely vets third-party party applications that peek into Gmail boxes. But an investigation by the Wall Street Journal raises questions if consumers are fully aware of the consequences of granting access to third-party apps and the practices of email-scanning companies.
The difficulty in hiring new information security personnel and need to combat the ever-rising number of threats is driving many organizations to seek increased incident response automation, and in many cases to get it by working with managed security service providers, says AlienVault's Mike LaPeters.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
