In our increasingly global and interconnected world, businesses’ workforces and networks become more mobile and diverse every day. Whereas outsourcing various tasks related to management and security was seldom seen years ago, it is now the norm. That’s why, in today’s climate, third-party risk management solutions are a must for every business.
Blog
-
Canada’s PIPEDA vs. EU’s GDPR: What’s the Difference?
Canada’s PIPEDA vs. EU’s GDPR: what are they, and why should companies heed then?
Simply put, they are in place to protect consumers’ privacy. The laws are so similar that the EU has decided that the practices in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) are ‘adequate’ by their standards.While the EU may agree with Canada’s privacy policies, it does not mean that if a U.S. company is compliant with one, it automatically meets the requirements of the other. The General Data Protection Regulation (GDPR) and PIPEDA do have some differences, and if your company does business in Canada and Europe it must be compliant with both.
-
Security Operations as a Service Explained
A security operation center (SOC) is a centralized information security management team charged with managing intensive security operations for another organization. They’re responsible for externally monitoring, analyzing, and mitigating threats within an organization’s IT environment as well as strengthening their overall security posture on a regular basis.
-
What is an Information Security Program Plan?
Modern day IT ecosystems are complex. Vast swaths of data need to seamlessly move throughout the networks’ applications, databases, and servers in a fast and secure manner. That data—especially the sensitive data—must be protected at all costs. This is what information security program plans are designed to accomplish.
-
Top 5 Types of Penetration Testing
The escalating threat of hackers grows more serious each day. A TechRepublic survey of more than 400 IT security professionals found that 71% of them had seen an increase in security threats or attacks since the start of the COVID-19 outbreak. Should a hacker successfully breach your defenses, the damages—to your reputation, bottom line, and operational capabilities—could be catastrophic.To gauge your cybersecurity defenses and spot vulnerabilities in your critical IT systems, you need to consider different types of penetration testing.
-
Implementing a Zero Trust Network Security Strategy
There’s been a paradigm shift over the past decade and a half in the world of cybersecurity. Whereas older models and systems prioritized perimeter defense, the definition of “perimeter” itself has changed over time. Today, businesses are increasingly mobile and remote, utilizing cloud servers to extend the workforce far outside the office or headquarters.
These changes are all the more necessary in our current environment of pandemic response. Our mandated practices of social distancing and work from home (WFH) have created an environment in which every company is rethinking its perimeters in real time. These challenging times call for new practices, and zero trust framework is the future of cybersecurity.
-
Identity and Access Management Best Practices
Identity and access management (IAM) best practices seek to clearly define, and oversee the access privileges granted to network users, and ensure that access is only granted to those within the organization.
Think of identity and access management best practices and tools as gatekeepers, tasked to either allow or deny entry, depending on who or what is trying to enter the “premises”, as well as closely monitor all visitors’ movements within the designated “area”.
-
Step-by-step Guide to External Penetration Testing
One of the measures that organizations have undertaken in recent years to ensure the integrity of their information networks is to undergo a procedure called an external penetration testing.
An external vulnerability scan, which also goes by the names penetration testing or ethical hacking, is an authorized concerted cyber attack on any number of application systems that are visible on the internet, such as a company website, and email and domain servers.
The purpose of external vulnerability scanning is to identify, evaluate, and address any potential or existing security issues, which cyber criminals may use to gain access to a company’s information systems and illegally obtain proprietary information.
-
What is the NIST Third-Party Risk Management Framework?
Integrating cybersecurity best practices has become an essential aspect of the information and communication technology (ICT) supply chain. There is a growing cyber risk associated with dealing with vendors that are not adequately vetted or audited for their cybersecurity capabilities. The National Institute of Standard and Technology (NIST) have devised a series of frameworks for cybersecurity best practice.
-
Monthly Webinar Recap – A 360 Degree View of CCPA Compliance – Ft. Darktrace & Procopio
The California Consumer Privacy Act (CCPA) went into effect on January 1st, 2020. Any merchant or company doing business in California – the world’s fifth-largest economy – should be CCPA compliant.
However, many businesses are finding it difficult to navigate through the requirements necessary to be compliant.
To help clear up the confusion companies are feeling about another set of privacy regulations, on June 25th, 2020, experts from RSI Security, Darktrace, and Procopio Legal, hosted an information webinar.