infoedge blog

Insights, information and viewpoints from an infoedge perspective.

Comparing the ROI of Cybercrime and Effective Responses: Part 2 - Understanding the tradeoffs and making the best choices.

Posted by Steven Zafonte on May 10, 2019 9:26:00 AM
In Part 1, we saw the data shows that cybercriminals are heavily influenced by the rules of economics.
What does this mean for IT governance and policy?
Read More

Topics: cybersecurity, GRC

Criminal Actions and Motivations, the ROI of Cybercrime: Part 1 - Three Reference Scenarios

Posted by Steven Zafonte on May 2, 2019 9:39:13 AM

Symantec just released its 2019 Internet Security Threat Report (ISTR). It is largely a comparison of malware trends and cybercriminal activity over the last 1-3 years. A quick look into the data reveals that many of the report’s findings are aimed at the end user or environments with a small IT footprint. Despite this, there are valuable insights can be taken from it about enterprise IT governance and IT risk modeling. This two-part series talks about the economic motivations of cybercriminals and how their actions change as a result. It then talks about how these should influence your IT risk modeling efforts.

Read More

Topics: cybersecurity, GRC

Two Birds with One Stone: Tackling the California Consumer Privacy Law & GDPR at the Same Time Part 2

Posted by Justin Suissa on Jan 8, 2019 12:22:00 PM

In our last post, we compared how the CCPA and GDPR differ conceptually. Today, we’ll look a the two systems in light of How CCPA compares to GDPR.

Read More

Topics: GDPR, Data Regulation, cybersecurity, personaldata, CCPA

two birds with one stone: Tackling the california consumer privacy law & GDPR at the same time

Posted by Justin Suissa on Jan 4, 2019 11:40:00 AM

2018’s new consumer data privacy laws are business critical. Unfortunately, just when you thought you had the European Union's General Data Protection Regulation (GDPR) figured out, along comes the California Consumer Privacy Act (CCPA) to open up Pandora's box again. Well, we're here to help you sort out both laws. We decided to kill two birds with one stone: tackling the California Consumer Privacy Act & GDPR at the same time.  

Read More

Topics: GDPR, Data Regulation, data, cybersecurity, personaldata, CCPA

Another day another data breach notification

Posted by Joe Knape on Dec 13, 2018 9:04:00 AM

Last week Starwood resorts, a recently acquired subsidiary of Marriott, reported that the information for approximately 350M customers was breached.

Read More

Topics: data breach, data protection, data, data footprint, cybersecurity

Incorporating an MSSP into your Information Security Program: A Tactical and a Strategic POV - part 2

Posted by Steven Zafonte on Oct 11, 2018 9:30:00 AM


Read More

Topics: data protection, digital security, cybersecurity, threat intelligence

Focus on Integration: Measuring the maturity of your cyber security architecture

Posted by Robert Miller on Sep 28, 2018 1:00:00 PM

One of the key focal points of your enterprise architecture efforts must be security. With all the flexibility and business enablement offered by cloud services and agile development activities, implementing and managing security concerns becomes more challenging every day. Building and enabling security management services that are consumed and integrated into your business flow as functional capabilities is now a foundational requirement.

Read More

Topics: infosec, digital security, cybersecurity, security controls, automation, governance

Incorporating an MSSP into your information security program: A Tactical and a Strategic POV - part 1

Posted by Steven Zafonte on Sep 14, 2018 11:30:00 AM

Whether you are just evolving an information security program, or are redesigning from the ground up, one pivotal question you should be asking is: “Should I be incorporating a Managed Security Services Provider (MSSP)?” There are a great many strengths to this approach, and it can enhance your team in many ways, including:

Read More

Topics: data protection, cybersecurity, threat intelligence