You know the risk of a cyber incident when it comes to finances or operations. But what happens if your company's reputation suffers?
In today's cyber risk environment-especially with the rapid spread of information over social media-companies are becoming more and more concerned about how a cyber incident could...
Traditional third party risk management solutions and techniques are no longer effective. Organizations must move beyond trust based exercises and canned IT infrastructure evidence to evaluate areas of compromise. There are several discrete security areas that must be continuously evaluated for vendors, partners, and...
Looking to streamline your vendor risk management process? Take a look at these tools and techniques.
Organizations today aren't just single entities - they are networks of partners, vendors, and third parties. While interconnected networks are critical for success in most businesses, they also leave data more...
Effective breach response in today's fast-paced and threat-filled environment means juggling several priorities at once, with organizations needing to work well with a pool of trusted forensic advisors, public relations professionals and law enforcement, just to name a few. In this session, Jim Harvey, founder and...
SANS, NIST and other industry standard methodologies offer thousands of potential questions you could ask your vendor about security. How can you determine which of them are the most important?
Security questionnaires and assessments are integral parts of comprehensive vendor
risk management (VRM) programs. But...
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
Blue Coat CTO Dr. Hugh Thompson speaks about the future of security, the constants that need attention, and lessons to be learned from the U.S. when it comes to writing meaningful breach notification laws.
Retailers cannot avoid innovation. Yet, cybercriminals thrive when retailers innovate. What, then, can retailers do to stop cybercriminals from breaching their defenses? Here are three key questions to answer.
A dispute involving an EHR vendor that allegedly locked out a small clinic's access to patient data illustrates why healthcare organizations need to carefully scrutinize the HIPAA-related fine print in their business associate contracts.
To help prevent data breaches involving business associates, healthcare organizations need to develop vendor management programs with razor-sharp requirements, says risk management expert Rocco Grillo.
Mobility has driven the rise of containerization as a security strategy for employee-owned devices. But what about for contractors? Kimber Spradlin of Moka 5 discusses how to mitigate third-party risks.
To ensure their business associates have conducted a thorough risk assessment and other HIPAA compliance tasks, covered entities must have a solid vendor management program in place, says security expert Mac McMillan.
An important aspect of HIPAA Omnibus Rule compliance for covered entities as well as business associates and their subcontractors is policing what privacy attorney Gerard Stegmaier calls "the data supply chain."
How can covered entities, such as hospitals and physician groups, help their business associates meet their new HIPAA compliance obligations?
Under the HIPAA Omnibus Rule, which will be enforced beginning in September, business associates and their subcontractors that receive, create, transmit or maintain...