In this CyberTangent episode, we are joined by Vicky Ames, Director of Information Security at Marriott International. At Nehemiah Security, our podcast host is Landon Johnson.
Today's topic is The "R" in GRC. Let's jump in!
The Cyber Traffic Light…If Only It Were That Easy. Red means Stop. Yellow means Caution. Green means Go.
To millions of commuters, these definitions are obvious. I wish it were this simple in Cybersecurity, but it’s just not. Yet there are still a number of companies that are attempting to direct the traffic of their cyber messages to their Board of Directors using Red, [...]Keep Reading
In this CyberTangent episode, we are joined by a very special guest, Kevin McLaughlin, an expert with over 35 years of Law Enforcement, Corporate & Cyber Security experiences. At Nehemiah Security, our podcast host is Landon Johnson.
Today's topic is The Problem with Vulnerability Patching. Let's jump in!
The DCRO (Directors and Chief Risk Officers group) recently published their Guiding Principles for Cyber Risk Governance. Their goal is to help assess the practices boards and C-level leaders use to manage cybersecurity. The article in PRWeb represents a valiant and important start to advance the commentary about this critical topic, one that is near and dear to our hearts. W [...]Keep Reading
Below is a compilation of news articles covering some of the notable data breaches that occurred in June 2018. Doesn't this really put things into perspective?
SS7 routing-protocol breach of US cellular carrier exposed customer data - June 1
MyHeritage Genealogy Site Announces Mega Breach Affecting 92 Million Accounts - June 5
Security consultants mop up after PageUp [...]Keep Reading
A recent survey of Directors by NACD revealed the second most significant issue that will undermine their companies’ strategic objectives is a cyber-attack. As both a security executive, and active advisory board member, my only surprise is that it’s not number one.
I’m encouraged by the increased focus CISOs and Boards have been putting toward viewing cyber risk as [...]Keep Reading
Technology risk is straightforward, and well-understood. Cyber risk is elusive, confounding, and NOT well-understood. I could end my blog here, but I’ll add a bit more context.
Technology risks tend to be easy to get our minds around. These are relatively easy to identify and are typically immediately apparent when the risk is manifested as realities such as; power fluctua [...]Keep Reading
When you combine “Cyber” and “crucial,” automatically industries like Defense, Financial Services, and Airline Operations come to mind. However, when we shift our focus to Cyber Risk Analytics, things change a bit. Prepare to be surprised by these 3 industries where cyber risk analytics is top of mind for day-to-day operations.
Cyber is part of retail, no d [...]Keep Reading
This blog is the last in a three part series discussing how to solve the security risk puzzle. In this final blog, we will outline the critical capabilities required to solve the security risk puzzle.
Before we can define the critical capabilities required for solving the security risk puzzle, we first must define the key domains (or areas) that need to [...]Keep Reading
Below is a compilation of news articles covering some of the notable data breaches that occurred in May 2018. Doesn't this really put things into perspective?
Commonwealth Bank under fire again for data breach of 19m accounts - May 3
8.7 Billion Raw Identity Records on Surface, Deep and Dark Web in 2017 According to 4iQ 2018 Identity Breach Report - May 8
Card Breach [...]Keep Reading