Cyber Risk Blog | Nehemiah Security™

CyberTangent – The “R” in GRC with Vicky Ames

In this CyberTangent episode, we are joined by Vicky Ames, Director of Information Security at Marriott International. At Nehemiah Security, our podcast host is Landon Johnson. Today's topic is The "R" in GRC. Let's jump in!

Keep Reading

Shifting cyber risk measurement from red, yellow, green to financially-quantified

The Cyber Traffic Light…If Only It Were That Easy. Red means Stop. Yellow means Caution. Green means Go. To millions of commuters, these definitions are obvious. I wish it were this simple in Cybersecurity, but it’s just not. Yet there are still a number of companies that are attempting to direct the traffic of their cyber messages to their Board of Directors using Red, [...]

Keep Reading

CyberTangent – The Problem with Vulnerability Patching with Kevin McLaughlin

In this CyberTangent episode, we are joined by a very special guest, Kevin McLaughlin, an expert with over 35 years of Law Enforcement, Corporate & Cyber Security experiences. At Nehemiah Security, our podcast host is Landon Johnson. Today's topic is The Problem with Vulnerability Patching. Let's jump in!

Keep Reading

DCRO Cyber Risk Governance—3 Things They Got Right, 2 Things Likely to Change Over Time

The DCRO (Directors and Chief Risk Officers group) recently published their Guiding Principles for Cyber Risk Governance. Their goal is to help assess the practices boards and C-level leaders use to manage cybersecurity. The article in PRWeb represents a valiant and important start to advance the commentary about this critical topic, one that is near and dear to our hearts.  W [...]

Keep Reading

Data Breach Report: June 2018

Below is a compilation of news articles covering some of the notable data breaches that occurred in June 2018. Doesn't this really put things into perspective? SS7 routing-protocol breach of US cellular carrier exposed customer data - June 1 MyHeritage Genealogy Site Announces Mega Breach Affecting 92 Million Accounts - June 5 Security consultants mop up after PageUp [...]

Keep Reading

In times of crisis, are the CISO and Board ready to deal?

A recent survey of Directors by NACD revealed the second most significant issue that will undermine their companies’ strategic objectives is a cyber-attack.  As both a security executive, and active advisory board member, my only surprise is that it’s not number one. I’m encouraged by the increased focus CISOs and Boards have been putting toward viewing cyber risk as [...]

Keep Reading

Cybersecurity Risk vs. Technology Risk

Technology risk is straightforward, and well-understood. Cyber risk is elusive, confounding, and NOT well-understood. I could end my blog here, but I’ll add a bit more context. Technology risks tend to be easy to get our minds around. These are relatively easy to identify and are typically immediately apparent when the risk is manifested as realities such as; power fluctua [...]

Keep Reading

Top 3 industries (that you may not have thought of) where cyber risk analytics is crucial

When you combine “Cyber” and “crucial,” automatically industries like Defense, Financial Services, and Airline Operations come to mind. However, when we shift our focus to Cyber Risk Analytics, things change a bit. Prepare to be surprised by these 3 industries where cyber risk analytics is top of mind for day-to-day operations. Retail Cyber is part of retail, no d [...]

Keep Reading

Guest Post: Solving the Security Risk Puzzle, Critical Capabilities

This blog is the last in a three part series discussing how to solve the security risk puzzle. In this final blog, we will outline the critical capabilities required to solve the security risk puzzle. Key Domains   Before we can define the critical capabilities required for solving the security risk puzzle, we first must define the key domains (or areas) that need to [...]

Keep Reading

Data Breach Report: May 2018

Below is a compilation of news articles covering some of the notable data breaches that occurred in May 2018. Doesn't this really put things into perspective? Commonwealth Bank under fire again for data breach of 19m accounts - May 3 8.7 Billion Raw Identity Records on Surface, Deep and Dark Web in 2017 According to 4iQ 2018 Identity Breach Report - May 8 Card Breach [...]

Keep Reading