Security risks come in all shapes and sizes and affect all manner of companies. For small businesses, like a local computer repair shop, security is important, but requires only a small-scale operation. In contrast, large corporations, like many banks, turn to third-party contracts to better delegate resources and improve efficiency. However, implementing and maintaining security measures for external companies is challenging. Managing them takes significant time and human resources, as well as organization. Learn about third-party risk management regulations and guidelines with our complete guide below.
Blog
-
What Is The Purpose Of An Enterprise Information Security Policy?
Information security policy is an extremely important topic of discussion that is often not discussed at all due to a number of reasons. Organizations often find that after they create and implement their Enterprise Information Security Policy (EISP) security architecture, they tend to put it on the back burner until the time comes to update it for compliance purposes. This shouldn’t be the case though.
Ponemon detailed in a 2018 report that a single ransomware attack costs companies an average of roughly $5 million, with $1.25 million being attributed to system downtime, and another $1.5 million to IT and end-user productivity loss. Sure, ransomware attacks can happen in a myriad of unique ways, but when an organization is collectively on the same page, it can help drive growth while protecting critical information within your network. Let’s discuss how to configure a comprehensive, yet easy to understand EISP that can be regularly updated as your company continues to successfully scale.
-
DFARS Compliance Checklist
What is the DFARS Checklist?
DFARS stands for Defense Federal Acquisition Regulation Supplement. Despite its best intentions, the acronym doesn’t give the layman much of a hint to its actual purpose. In simpler terms, the DFARS checklist is a security standard set forth by the Department of Defense (DoD).
Any business or entity that holds Controlled Unclassified Information (CUI) is required to meet the DFARS minimum security standards or runs the risk of losing all of their DoD contracts. This supplemental regulation summary comes from NIST Handbook 162. A complete breakdown of cybersecurity requirements and a step-by-step guide is available for your perusal. Be forewarned that the NIST handbook 162 is not the easiest read. However, it is very useful.
Companies with defense contracts may be interested to know that within NIST Handbook 162 is also information regarding NIST SP 800-171. NIST SP 800-171 and DFARS compliance are closely related but have separate requirements that all must be met in order to maintain DoD contracts.
The most recent DFARS compliance update deadline was the last day of 2017. Due to the nature of digital security, continual updates of DFARS are to be expected every few years.
DFARS are complicated security requirements that involve following some confusing instructions. RSI Security has been helping businesses of all sizes with all types of security obligations. Read on to learn how you can cross off the DFARS checklist or contact us today for more personal help.
-
Third Party Risk Management Best Practices
Understanding and managing the risk that third-party service providers or suppliers pose to your operations should be an essential component of any comprehensive cybersecurity risk program. The risk that third-party vendors pose organizations is often not well understood. This leads to organizations exposing themselves to unnecessary risk that is otherwise avoidable.
Third-party entities can pose risks in a variety of ways. From the poor implementation of required security protocols to a lack of in-depth personnel vetting, there are many ways that security vulnerabilities with third-party vendors can translate to a security incident for your organization. Understanding the scope of security risk and cyber risk that you face from third-party providers can help you make calculated organizational and operational decisions that are fully informed. The creation of a third party risk management policy should be a necessary component of your cybersecurity strategy and should be fully backed by senior management.
-
What Is the NYDFS Cybersecurity Regulation?
While breaches revealing public information (like pictures or emails) are concerning, the prospect of a financial breach tends to instill a higher level of panic. Additionally, accountability becomes even more important as more of these breaches occur. People want guarantees that their financial information is protected to the greatest extent possible.
Consequently, New York took a step toward greater security by enacting the 23 NYCRR 500 regulation, which focuses on cybersecurity for financial institutions. Do you know about the NYDFS cybersecurity regulations or how they affect you? Find out now with our comprehensive blog post.
-
What Role Does A Managed Security Service Provider Play In Your Company?
Managed Security Service Provider (MSSP) is a mouthful, kind of like NECCO (New England Confectionery Company) but way more useful. Despite the practicality of managed security service providers, many people don’t actually know what they do or how much easier they could make your life. Thankfully, at RSI Security, we are security experts of all things complicated, especially relating to security and technology.
In this article we will take you through what MSSP programs do, how remote IT security or managed IT services function and whether or not your company would be improved by utilizing such services. In 2019, cybersecurity services can no longer be overlooked. The damage done by cyber attacks to companies, big and small, can be catastrophic, even fatal to a business.
However, that doesn’t mean that every managed security service provider or remote IT security services are worthy investments. Understanding what their role is and how they can best advance your agenda is the key to getting the most out of your MSSP program.
-
What is the Mobile Security Framework?
Technology moves at a rapid pace. In 2008, a bold prediction proclaimed, “Mobile to overtake fixed Internet access by 2014.” Well, in 2019 we can unequivocally say that Mary Meeker, a technology analyst and source of that quote, was absolutely right. Today, there are whole countries whose mobile internet usage, in terms of time, is more than double that of fixed internet. Among that list of countries is the United States of America, according to ComScore.
Therefore, if you are a business without a mobile application or an effective mobile website, you are missing out on, literally, millions and millions of customers who are on the internet entirely through mobile.
Yet, with great opportunity also comes potential risk. Understanding the mobile security framework and how to protect yourself is key to maximizing profits and minimizing risk.
-
Best Practices for Implementing Strong Cloud Security
While many organizations still use on-premises models for network access and management, migration to cloud computing continues to grow as companies leverage the benefits of cloud computing to fit their organization’s unique needs.
-
Do I Need To Appoint A Data Protection Officer?
Breaches in the confidentiality of personal information gathered in the regular course of commercial or business activities have been in the news for many years with little to no compliance action until recently.
The implementation of the General Data Protection Regulation (GDPR) on May 4th, 2016 was put into motion on May 25th, 2018 and has since been an integral part in keeping personal and sensitive data safe from those who wish to use it maliciously.
GDPR has evolved through the first full year of application, making it much more difficult for many companies to stay compliant and stave off colossal fines within GDPR regulations (Google included).
Many American-based companies feel that since the original terms of GDPR were drawn up for the European data market that they do not apply to their company. Unfortunately, many organizations’ digital operations exist in a globally manufactured web of platforms that fall under the jurisdiction of this data protection regulation, GDPR.
A plethora of global companies are searching high and low for sustainable solutions, to realize that the key to data protection compliance has been baked into GDPR all along. That solution lies with a company’s Data Protection Officer (DPO). This article will serve as a high-level understanding of a DPO’s role as it pertains to a data protection officer GDPR requirements and responsibilities, how to hire a good DPO, and which organizations and legal entities are required to appoint a DPO.
