AICPA Issues Cyber Reporting Framework

//
Posted By
/
Comment0
/
The accounting profession is getting some new tools to deploy in their growing involvement with addressing cyber-risk. The American Institute of Certified Public Accountants has finalized and issued for use a cyber-security risk management reporting framework that is meant to help companies articulate what they are doing to address cyber-risk. The focus of the framework is not...
Read More →

Security Awareness : Phishing Still A Primary Attack

//
Posted By
/
Comment0
/
The 2017 Verizon Data Breach Investigations Report (DBIR) was released late last week. Perhaps not surprisingly, the DBIR noted that ransomware is on the rise and, with a 50 percent increase, is now the most common specific malware variety. Cyberespionage, however, is not as expected. The DBIR found that cyberespionage is the most common type of attack seen in...
Read More →

Third Party Connections In Your Network

//
Posted By
/
Comment0
/
Just when you think you have your network under control, there’s always something — or someone — creating a bit more complexity than you thought you had to deal with. One thing that’s often overlooked is third-party vendor connections into network environments. Whether you know about them or not, such connections likely exist today, and...
Read More →

Auditors Hack Arizona DES During Review

//
Posted By
/
Comment0
/
State auditors were able to access confidential information when testing cybersecurity at the Arizona Department of Economic Security, revealing vulnerabilities that could have put residents’ personal information at risk. More than 2 million Arizonans have submitted information such as Social Security numbers, health information and federal tax information to the department, which oversees more than 40 programs such...
Read More →

Cybersecurity Skills Shortage Threatens Mid-Market

//
Posted By
/
Comment0
/
Organizations with 100 to 999 employees remain understaffed and under-skilled in cybersecurity—and an easy mark for hackers Each year, respondents ESG’s annual global survey of IT and cybersecurity professionals are asked to identify the area where their organizations have a problematic shortage of skills. For the sixth year in a row, cybersecurity skills topped the...
Read More →

Why Third Party Cyber Security Matters

//
Posted By
/
Comment0
/
Many organizations that have long focused on building their own cybersecurity defenses have come to realize they’re vulnerable to a form of “friendly fire.” If an organization’s third-party vendors have inadequate or lax security controls, hackers can exploit these “trusted” associates and tunnel into systems and networks. In recent years, 63 percent of breaches were...
Read More →

PCI DSS Beware What Lurks Below

//
Posted By
/
Comment0
/
The increasing frequency and sophistication of security breaches expose organisations to wide ranging external and internal risks and key among these is the liability that can be imposed under the Payment Card Industry Data Security Standard (PCI DSS). In this article, we explore the PCI DSS and its requirements in order to achieve compliance, as...
Read More →

After Dallas Siren Attack, More Testing Needed

//
Posted By
/
Comment0
/
After 156 emergency sirens were hacked late Friday night, sounding the alarms for several hours, the city would be best to do a “top-to-bottom” detailed review of all its emergency systems and infrastructure controls, says a Richardson cybersecurity expert. “Threat actors are never happy with a single outcome,” said Jeff Schilling, the chief security officer for Armor, which is...
Read More →

Doing Cybersecurity Risk Measurement Wrong

//
Posted By
/
Comment0
/
Broadly speaking, cybersecurity is risk identification and risk mitigation in the cyber domain.  Measuring risk quantitatively is good because it helps security teams measure their capabilities somewhat objectively, which helps everyone make better decisions. For example, when deciding whether to upgrade all your firewalls or invest in organization-wide two-factor authentication, that decision should be based,...
Read More →

Senior IT Auditor And Other In-Demand Cyber Security Jobs

//
Posted By
/
Comment0
/
Data and system breaches are damaging, costly, and deleterious to a company’s reputation. Every year millions of online accounts, networks and emails get hacked, and data worth millions of dollars stolen or destroyed by hackers. However, there aren’t enough professionals to fill the available cyber security positions in the market. Cyber security job listings have gone up...
Read More →