We are currently looking for an Official SelfGrowth.com Guide to "Risk Management". If you have expertise in Risk Management and your own website and/or product for this topic, please reviewthis formfor complete details. The Official Guide Position is part of ourPremium Placement Package
You would never pay $1,000 upfront and $30/month for a security system to protect a shed containing $100 worth of lawn equipment. However, you wouldn’t hesitate to spend that much or more to protect your home and family. The same concept applies in information security. Different kinds of data ... Views:999
If your organization processes, stores, or transmits cardholder data for the major credit card brands, you are required to be compliant with PCI DSS. While PCI DSS is not required by U.S. federal law — it is an industry standard mandated by the credit card companies — but some states have laws ... Views:1037
Outsourcing IT services to service organizations has become a normal part of doing business, even for small companies. However, there are risks to using service providers, and these continue to evolve and change. In this dynamic environment, the American Institute of Certified Public Accountants ... Views:990
The Federal Risk and Authorization Management Program (FedRAMP) was designed to support the federal government’s “cloud-first” initiative by providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All cloud service ... Views:1021
A FedRAMP SSP (System Security Plan) is the bedrock of a FedRAMP assessment and the primary document of the security package in which a cloud service provider (CSP) details their system architecture, data flows and authorization boundaries, and all security controls and their ... Views:1069
Following a record year for HIPAA settlements that saw the U.S. Department of Health and Human Services (HHS) collect $28.7 million in HIPAA fines, HHS has reduced the maximum annual HIPAA fine in three out of the four penalty tiers. However, HHS’ move doesn’t mean that healthcare organizations ... Views:1025
According to an official email sent to users, hackers gained access to Docker Hub, the official repository for Docker container images, “for a brief period.” However, during that “brief period,” approximately 190,000 user accounts were compromised, containing data such as usernames, hashed ... Views:1026
As individuals become more savvy about avoiding phishing emails, and enterprises get better at filtering them out before they ever reach employees’ inboxes, it’s become more difficult for hackers to infect enterprise systems with ransomware and cryptojacking malware. Companies are also becoming ... Views:1141
A newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera has discovered. Because the malware would not alter the protected health information (PHI) contained ... Views:1074
Last year, the Wi-Fi Alliance announced the launch of the WPA3 WiFi security standard, which was developed to eliminate a number of security problems with WPA2. One of the major defense measures in WPA3 is the Simultaneous Authentication of Equals (SAE) handshake, which replaced the Pre-Shared ... Views:1002
What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks later, halted ... Views:1043
Last year, the FBI reported that incidents of business email compromise (BEC), also known as spear phishing, CEO fraud, and invoice fraud, had been reported in all 50 states and 150 countries, with global losses exceeding $12 billion. BEC scams are continuing to explode in popularity among cyber ... Views:1007
Lightweight cloud containers are fast replacing resource-sucking virtual machines, and Kubernetes is fast becoming the de facto standard for container orchestration. Kubernetes adoption doubled in 2018. Unfortunately, as with any popular technology, it was only a matter of time before hackers ... Views:985
There was a time when things were simple. We would work in the job places and were personally paid in hard cash and so was true for business transactions. But with the passage of times, everything has undergone a great deal of sophistication and so has the mode of payments. Besides, worsening ... Views:966
6 Important Small Business Cyber Security Tips
Chances are, you think twice before entering your credit card information online to buy something, watch out for malicious links in emails and keep your PC updated against viruses, spyware and hackers.
However, how much thought do you put ... Views:1092
Everyone already knew that Navy cybersecurity had big problems. Last fall, a Wall Street Journal report on Navy cybersecurity revealed that Chinese nation-state hackers had successfully breached a number of third-party Navy contractors over an 18-month period, stealing highly classified ... Views:993
Email breaches can be just as destructive to organizations as customer data breaches; just ask Sony Pictures and the Democratic National Committee. A breach of a federal government agency’s email system may not just be embarrassing or scandalous to the agency; it could put national security at ... Views:981
Nearly everyone knows that reusing passwords across multiple sites and systems is a security risk, but most people continue to do it anyway. As a result, credential stuffing attacks abound, especially among retailers. Dunkin’ Donuts has been victimized twice in the past three months by hackers ... Views:992
For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft Azure, or Google Cloud while isolating their critical workloads ... Views:1010
In this episode of Trial Lawyer Nation, Michael Cowen sits down with Cowen | Rodriguez | Peacock partner, Malorie Peacock, for another installment of TLN Table Talk to answer the questions of our listeners. Today’s topic focuses on storytelling in trial and identifying the “characters” in your ... Views:958
Does Your Business Need a Website Maintenance Plan?
What Can Happen if You Neglect Your Newly-Built Site
So, your new site is complete – congratulations! There are a lot of moving parts to a build, from coding to design to content.
However, if you want to attract and retain customers, ... Views:996
Preventing a scenario in which hazardous materials put at risk people, animals, vegetation and environment, should always be a number one priority. Even if we are talking about chemicals or materials that are just sitting there for ages in some dark corner, without causing any real damage, they ... Views:1068
Third-party vendor hacks, where hackers attack a company by compromising one of their business associates, have been a problem for a while. Now, the hackers behind GandCrab ransomware have gotten into the act, exploiting a year-old SQL injection vulnerability in a common remote IT support ... Views:1022
Cost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses (SMBs). SMBs are aware of the need to secure their systems and data, but when presented with a solution, the costs may give them pause. Some of them think that hackers are interested ... Views:950
Ransomware isn’t a new threat. It first rose to prominence back in 2016, when Hollywood Presbyterian Medical Center shelled out $17,000 in bitcoin after an attack took the hospital offline. Since then, ransomware has only become more popular, especially for hackers targeting the healthcare ... Views:860
Yes it’s time to hedge your risk, but don’t wait for that perfect moment. Both the economy and stock market are showing signs of stress. Here's what you need to know.
Here are some of the excuses we hear from professional money managers and risk managers for not having a hedging program ... Views:738
From blocking ads and coin miners to saving news stories for later reading, browser extensions allow users to customize their web browsers for convenience, efficiency, and even privacy and security — usually for free. However, browser extensions need a wealth of access permissions to operate, ... Views:951
As cyber threats present greater risks to enterprises of all sizes and in all industries, more are requiring that their SaaS providers and other cloud services vendors have an SOC 2 certification. Let’s examine what an SOC 2 certification is and why your cloud services business should get ... Views:820
The financial impact of cyber attacks can be devastating, especially to small organizations. The HHS points out that the healthcare industry has the highest data breach cost of any industry, at an average of $408 per record and $2.2 million per organization. In 2016, the healthcare industry as a ... Views:1406
Owning a home comes with a ton of responsibilities, and topping this list is ensuring that it is well protected. After all, it is among your most significant investments. While there are many ways to safeguard your home such as having a dog or joining a neighborhood watch group, a home security ... Views:772
Noting that cyber security is “the responsibility of every health care professional, from data entry specialists to physicians to board members,” the U.S. Department of Health and Human Services (HHS) has published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ... Views:928
With an estimated 90% of cyber attacks caused by human error or behavior, it’s important to understand the most common cyber security mistakes your employees are probably making and know how to mitigate them.
Becoming victims of phishing schemes
Stolen login credentials are the most common ... Views:902
The Federal Risk and Authorization Management Program, or FedRAMP, was designed to support the federal government’s “cloud-first” initiative by making it easier for federal agencies to contract with vendors that provide SaaS solutions and other cloud services. Unlike FISMA, which requires ... Views:880
The years-long Marriott Starwood database breach was almost certainly the work of nation-state hackers sponsored by China, likely as part of a larger campaign by Chinese hackers to breach health insurers and government security clearance files, The New York Times reports. Why would foreign spies ... Views:923
The Marriott Starwood breach, which exposed the personal data of 500 million guests, was not the largest data breach in terms of size; Yahoo still holds that dubious honor. However, because of the nature of the data stolen, it has the potential for a very long reach and highlights multiple cyber ... Views:923
Like other criminals, hackers take advantage of people’s misconceptions regarding their risk of being victimized. Here are six common cyber security myths that could be putting your enterprise at risk.
Security Myth #1: Compliance Equals Cyber Security
Compliance with regulatory and ... Views:985
A guide to advanced persistent threats (APTs), a highly sophisticated, highly destructive form of cyber attack.
What is an Advanced Persistent Threat (APT)?
“Advanced persistent threat” is a broad term used to describe a cyber attack where hackers covertly gain access to a system and ... Views:892
As California goes, so does the rest of the country. While the California Consumer Privacy Act (CCPA), which was passed this summer and goes into effect in 2020, falls short of being an “American GDPR,” it clearly tore many pages from the far-reaching European data privacy law. Similar to the ... Views:908
The cyber threat environment is becoming more dangerous every day. A recent survey by the World Economic Forum revealed that cyber-attacks were the number-one concern of executives in Europe and other advanced economies.
As we approach the winter holidays and the end of the year, let’s ... Views:1272
While digital currencies, particularly bitcoin, are the most common and well-known application of blockchain technology, they are far from being the sole or even the most important use. Blockchain is one of the most important technological advancements of the digital age, and its full potential ... Views:1225
Des Moines-based Voya Financial Advisors (VFA) has agreed to pay the U.S. Securities and Exchange Commission a $1 million penalty in the wake of an April 2016 breach that affected several thousand VFA customers. The SEC cyber enforcement action charged VFA with not having sufficient written ... Views:860
The holiday season is fast approaching, but hackers don’t take vacations. Whether you’re planning to go home for the holidays or travel for business on a regular basis, make sure to protect yourself from cyber crime with these cyber security travel tips.
Update Your OS & Software
Before ... Views:1066
Shadow IT is a very serious and growing threat to IT compliance and cyber security, and most organizations have no idea how common it really is. This article will examine some of the risks of shadow IT and discuss ways in which organizations can curb it.
What Is Shadow IT?
Shadow IT refers ... Views:772
If your company is part of the federal supply chain, you likely need to comply with NIST 800–171. NIST 800–171 compliance applies to contractors for the DoD, GSA, NASA, and other federal and state agencies; universities and research institutions that accept federal grants; consulting firms with ... Views:785
Citing the success of its cybersecurity framework and the advent of IoT devices, artificial intelligence, and other technologies that are making it more challenging than ever for enterprises to protect their customers’ privacy, NIST has launched a collaborative project to develop a voluntary ... Views:766
PCI DSS compliance is mandatory for any organization that accepts or processes payment cards, yet shockingly, a recent study by SecurityScorecard found that over 90% of U.S. retailers fail to meet four or more PCI DSS requirements.
Compliance with PCI DSS is not something to be taken lightly. ... Views:869
The difference between penetration tests and vulnerability scans is a common source of confusion. While both are important tools for cyber risk analysis and are mandated under PCI DSS, HIPAA, and other security standards and frameworks, they are quite different. Let’s examine the similarities ... Views:738
We are living in a cloud-first world; cloud services, including storage services and SaaS providers, are wildly popular. Unfortunately, third-party vendor breaches are at epidemic levels, and new regulations such as the EU GDPR are seeking to hold organizations accountable if third-party ... Views:770
Investment Outlook , Published Jan 18, 2018
Contact
The opportunity cost of choosing risk aversion – investing in FDs for instance – has been high over the past two decades. Staying invested is clearly the right choice. Time and again investors have chosen risk aversion, and the opportunity ... Views:638
There are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity. Smart medical devices allow ... Views:821