Kapersky Links Global Attacks To N Korea

//
Posted By
/
Comment0
/
ST. MAARTEN – SECURITY ANALYST SUMMIT – Just days after reports surfaced that U.S. prosecutors were preparing to point fingers at the North Korean government for directing the $81 million cyber heist from Bangladesh’s account at the New York Federal Reserve Bank in 2016, Kaspersky Lab unveiled new details on the hacking group believed to be conducting the attack and several...
Read More →

Risk Assessments Determine Cyber Insurance Needs

//
Posted By
/
Comment0
/
Firms considering cyber coverage should begin by assessing their risks and perils and considering whether these are already covered or excluded by other policies, says a report issued Thursday by the Risk & Insurance Management Society Inc. A company, for instance, that handles or stores significant amounts of third-party, personally identifiable information should consider coverage...
Read More →

Continuous IT Audits Are Needed

//
Posted By
/
Comment0
/
We find that many IT departments within our client’s organizations have very talented IT staff but all too often they don’t have an information security and compliance staff member on board. All too often this role is not in place. So the question is how can they meet compliance and maintain security of their vital...
Read More →

Most Android Devices Lack Latest Security Patches

//
Posted By
/
Comment0
/
Nearly three-quarters of Android devices on the five biggest U.S. carriers are running on security patches that are at least two months old, putting them at greater risk of being hacked. That finding was made in an analysis released Thursday by Skycure, a mobile threat defense vendor. The report also found that the city of Boston has had the...
Read More →

ISO 27001: How To Identify High Risk Suppliers

//
Posted By
/
Comment0
/
One aspect of risk management that is often overlooked is managing risks from suppliers and third parties. Too often organisations assess risks originating from external sources, script kiddies, hackers and even nation states, but third parties that are actually already on the network are overlooked as trusted parties. However, recent highly publicized data breaches such...
Read More →

Ethical Hacking : A Most Important Job

//
Posted By
/
Comment0
/
If your company doesn’t have an ethical hacker on the security team, it’s playing a one-sided game of defense against attackers. Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most...
Read More →

Reduced Confidence In Assessing IT Risk

//
Posted By
/
Comment0
/
Healthcare security professionals are finding their ability to assess IT security risks is lower now than ever before. This is one of the reasons the healthcare industry received an overall “D” grade on its 2017 Global Cybersecurity Assurance Report Card, conducted by network security firm Tenable. As cybercriminals become more sophisticated, and increasingly target the health...
Read More →

Updated HIPAA Compliance Audit Toolkit Issued

//
Posted By
/
Comment0
/
Phase 2 of the Department of Health and Human Services’ Office for Civil Rights HIPAA compliance audits are now well underway. Late last year, covered entities were selected for desk audits and the first round of audits have now been completed. Now OCR has moved on to auditing business associates of covered entities. At HIMSS17,...
Read More →

What Your SecOps Team Can (And Should) Do

//
Posted By
/
Comment0
/
If your organization has all of these pieces in place, congratulations! The security operations (SecOps) function takes many forms. For some organizations, it is simply a incident and event management device. Others have a more elaborate concept of their SecOps strategies and technologies. But most companies I’ve worked with, both small and global, lack adequate...
Read More →