Category Archives: IT Risk Management and Risk Assessments

Incorporating Cloud Security into Your IT Risk Assessment, Penetration Testing and Vendor Risk Management Processes

Posted on January 8, 2016 by lexi

Wes Withrow, cprlorca Cybersecurity Expert 

Information security teams have exhausted a great deal of time and political capital waging an interdepartmental war against a department that doesn’t even officially exist – the Shadow IT department. Historically, the battle with Shadow IT has focused on the unauthorized use of on-premise IT equipment, and now that battle has shifted to the cloud.

So what exactly is Shadow IT and how big of a problem is it? More importantly, how can

Read More...

Posted in IT Risk Management and Risk Assessments, Vendor Risk Management, Vulnerability Management

The Superfish Vulnerability – It’s Superfishy

Posted on March 30, 2015 by lexi

Daniel Brown, Information Security Analyst                                                                                            

As technology develops and advances, so do the methods hackers use to gain access to our sensitive information. Sometimes hackers gain access through a user's insecure password or by accessing user information. Just as often, however, hackers access our information by taking advantage of vulnerabilities that are beyond our control, such as exploiting cracks in

Read More...

Posted in Cybersecurity, Information Security, IT Risk Management and Risk Assessments, Vulnerability Management

Free Self-Service OWASP Web Application Risk Assessment

Posted on January 30, 2015 by ashley

After the recent influx of large-scale data breaches, application security has quickly made its way to the forefront of IT security topics, and a web application risk assessment is used to determine what types of controls are required to protect an application from threats – allowing organizations to reduce exposure and maintain an acceptable risk tolerance.

cprlorca’s self-service risk assessment guides users through three easy steps to attest to controls already in place, discover any

Read More...

Posted in IT Risk Management and Risk Assessments

Your First Look into Trends and Topics at the 2015 RSA Conference (RSAC)

Posted on December 18, 2014 by ashley

RSAC 2015 Word Cloud

This word cloud was provided by the RSA Conference during its December 15th, 2014 webinar and reflects the most frequent terms used across more than 1700 speaking submissions. The largest words are those most commonly cited in conference session titles that were submitted for consideration to be included in this year’s RSA Conference agenda. 

During this December 15th RSAC webinar, Britta Glade, Senior Content Manager and Hugh Thompson, Program Committee Chair, for RSA Conferences shared

Read More...

Posted in Incident Response Management, IT Audit Management, IT Compliance and Regulatory Change Management, IT GRC, IT Risk Management and Risk Assessments, Policy Management, Security Awareness Training, Social Engineering, Vendor Risk Management, Vulnerability Management

Calculating the Cost of a Data Breach Today

Posted on November 10, 2014 by ashley

In the wake of recent high-profile retail breaches, you are likely feeling the pressure to help keep your company’s name out of the headlines. In order to obtain approval and funding for security improvements, technologists often have to make their case by pointing to losses from recent security breaches; however, calculating those losses can be tricky. This article leverages recent statistics to help you best estimate the direct and indirect costs of a data breach.

Filling in the Blanks with

Read More...

Posted in IT Risk Management and Risk Assessments

Evaluate Cyber Liability Insurance in 3 Easy Steps

Posted on October 23, 2014 by ashley

Brent Hobby, IT GRC Subject Matter Expert

We are often asked about the role that cyber liability insurance plays when an organization is developing a comprehensive information security program. We recommend cyber liability insurance be thought about in the context of an organization’s complete risk management program and as part of a company’s overall insurance package, rather than as part of an organization’s information security and compliance management program.

Step One: A Risk Assessment

Read More...

Posted in IT Risk Management and Risk Assessments

Integrating Risk Assessment into Lifecycle Management

Posted on September 15, 2014 by ashley

Jerry Beasley, CISM, Information Security Analyst and Security Services Manager

Perceptions Today

Working as an information security consultant, I visit many diverse organizations, ranging from government agencies and financial institutions to private corporations, but they all have things in common. For example, they all manage information systems, and they are all subject to regulatory requirements and/or oversight. Given these similarities, the subject of risk assessment often arises.

During

Read More...

Posted in IT Risk Management and Risk Assessments

Identity Theft Armageddon is Coming

Posted on March 5, 2014 by ashley

Jim Stickley, Chief Technology Officer

Recently, there has been a lot of press regarding the Target credit card breach, and this has lead to many questions regarding just how vulnerable the entire credit card payment system really is. Now, in case you are unaware of how Target was breached, the basic facts are this. Hackers were able to load malware onto the Point of Sale (POS) servers on Target’s network. This malware was specifically designed to monitor the payment processing software loaded

Read More...

Posted in Cybersecurity, IT Compliance and Regulatory Change Management, IT Risk Management and Risk Assessments, Security Awareness Training, Social Engineering, Vendor Risk Management, Vulnerability Management

The Current Threat Model to Information Security

Posted on January 30, 2014 by ashley

Josh Stone, Director of Product Management and Information Security Expert

The security industry is a sea of constant change, with the last two decades providing lots of waves. The end-user and workstations are the next key attack vector. We believe this transition to be a result of operating system (OS) and infrastructure vendors figuring out protection. For example, there hasn’t been a “juicy” Windows vulnerability since 2008.

Java, browsers and document viewers are the next layer of software

Read More...

Posted in Cybersecurity, IT Compliance and Regulatory Change Management, IT Risk Management and Risk Assessments, Vulnerability Management

SANS 20 Critical Security Controls – Simplifying the security standard

Posted on November 18, 2013 by ashley

Josh Stone, Director of Product Management

 
New standards and compliance requirements are always coming out. But, once in a great while, one of these strikes a chord with the right industry representatives and gains immediate ascendancy among the various standards and best practices already available. One you may have heard a little about already is the SANS 20 Critical  Security Controls. This is an excellent standard that should receive immediate attention in your organization. Why is that?

Read More...

Posted in IT Compliance and Regulatory Change Management, IT Risk Management and Risk Assessments

Test de Penetrare, Scanare de Vulnerabilitati, MoldovaTeste de Penetrare, Scanari de Vulnerabilitati, MoldovaPenetration Testing Moldova, Penetration Test Moldova, LogicalPoint