Comparing the ROI of Cybercrime and Effective Responses: Part 2 - Understanding the tradeoffs and making the best choices.
What does this mean for IT governance and policy?
Topics: cybersecurity, GRC
Criminal Actions and Motivations, the ROI of Cybercrime: Part 1 - Three Reference Scenarios
Symantec just released its 2019 Internet Security Threat Report (ISTR). It is largely a comparison of malware trends and cybercriminal activity over the last 1-3 years. A quick look into the data reveals that many of the report’s findings are aimed at the end user or environments with a small IT footprint. Despite this, there are valuable insights can be taken from it about enterprise IT governance and IT risk modeling. This two-part series talks about the economic motivations of cybercriminals and how their actions change as a result. It then talks about how these should influence your IT risk modeling efforts.
Topics: cybersecurity, GRC
Two Birds with One Stone: Tackling the California Consumer Privacy Law & GDPR at the Same Time Part 2
In our last post, we compared how the CCPA and GDPR differ conceptually. Today, we’ll look a the two systems in light of How CCPA compares to GDPR.
Topics: GDPR, Data Regulation, cybersecurity, personaldata, CCPA
two birds with one stone: Tackling the california consumer privacy law & GDPR at the same time
2018’s new consumer data privacy laws are business critical. Unfortunately, just when you thought you had the European Union's General Data Protection Regulation (GDPR) figured out, along comes the California Consumer Privacy Act (CCPA) to open up Pandora's box again. Well, we're here to help you sort out both laws. We decided to kill two birds with one stone: tackling the California Consumer Privacy Act & GDPR at the same time.
Topics: GDPR, Data Regulation, data, cybersecurity, personaldata, CCPA
Last week Starwood resorts, a recently acquired subsidiary of Marriott, reported that the information for approximately 350M customers was breached.
Topics: data breach, data protection, data, data footprint, cybersecurity
Incorporating an MSSP into your Information Security Program: A Tactical and a Strategic POV - part 2
Topics: data protection, digital security, cybersecurity, threat intelligence
Focus on Integration: Measuring the maturity of your cyber security architecture
One of the key focal points of your enterprise architecture efforts must be security. With all the flexibility and business enablement offered by cloud services and agile development activities, implementing and managing security concerns becomes more challenging every day. Building and enabling security management services that are consumed and integrated into your business flow as functional capabilities is now a foundational requirement.
Topics: infosec, digital security, cybersecurity, security controls, automation, governance
Incorporating an MSSP into your information security program: A Tactical and a Strategic POV - part 1
Whether you are just evolving an information security program, or are redesigning from the ground up, one pivotal question you should be asking is: “Should I be incorporating a Managed Security Services Provider (MSSP)?” There are a great many strengths to this approach, and it can enhance your team in many ways, including:
Topics: data protection, cybersecurity, threat intelligence