What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.
With record breaches, regulatory action and GDPR fines in the news almost weekly now, security needs to be at the forefront of all digital business projects. However, a recent IDG study found that only 42% of CISOs are involved in those projects from the very beginning.
Register for this live webinar and learn...
Your organization is only as secure as your least secure supplier. You must continuously monitor your suppliers' security posture and have a shared governance model for operationalizing policies to remove blind spots on your suppliers' networks that could expose your organization to business disruption or a...
Digital transformation continues to reshape the modern enterprise. Savvy organizations that understand and drive forward digital innovation ultimately win the within an organization. However, securing the technologies that enable digital transformation becomes its own challenge.
This panel brings together three...
Not that long ago, many infosec leaders were asking, "What is zero trust and why should I care?" Today, it's more often, "How do I get my business owners to properly support and resource our transition to a zero trust architecture/posture?"
Media production, marketing and delivery is a complex journey that...
For financial institutions, every new customer heralds an opportunity - but if the organization doesn't know enough about that customer there may be risks as well. Using know your client (KYC) and customer due diligence (CDD) checks as an initial first line of defense in reducing the risk of money laundering and...
When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on rethinking that dynamic.
Really good third-party cybersecurity risk management is essential to enterprise success. Done well it enables an organization to realize at the speed of business the benefits of outsourced systems and services. Done poorly it results in the business missing out on strategically important opportunities or, even worse,...
Multi-sourcing gives an organization access to the innovations offered by different best-of-breed providers, or the value of 'as-a-service' solutions, within a tightly connected and integrated IT model.
However, organizations must understand that their IT service providers can introduce risks into their carefully...
The old demarcation lines of cybersecurity responsibility have been erased. In this new landscape, risk surface is the unforeseen undercurrent of high velocity digital business.
"Risk Surface Management" is a revolutionary shift in third-party risk management. It's an approach to self-reporting on third-party risk...
One important outcome of digital transformation is an explosion of interconnectivity between organizations and the wide availability of third-party capabilities.
But this transformation is not completely without cost. Third parties (and even fourth parties) can become dependencies for critical business functions....
"How secure is your supply chain?" It's a question that can strike terror into the heart of a CISO - even one who's in charge of a mature security organization.
Download this guide on assessing third-party risk and learn how to:
Be realistic about who chooses who you do business with;
Create a questionnaire and...
More than ever before, companies are investing heavily in their organization's security. But as the threat landscape changes, how do you know that these investments in security are paying off - and how can you determine that you are investing the appropriate amount of security spending in the areas that matter most to...
As of March 1, 2019, the two-year transition comes to an end, and covered entities are required to be in compliance with the New York Department of Financial Services Cybersecurity Regulation Section 500.11, the Third Party Service Provider Security Policy. What are the key requirements of this section, and how might...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing securityintelligence.inforisktoday.com, you agree to our use of cookies.
