Is Your Vendor a Security Risk? A Look at Vendor Risk Management

What if the biggest security risk your company faced was from an employee at a trusted vendor company?  Third party risk management, or vendor risk management, is an emerging cybersecurity practice that larger companies are using to mitigate the risk that smaller, network connected third party and vendor companies can represent.

The classic example of the dangers a vendor can bring to another company ...

Continue Reading →
0

Do You Accept Credit Cards? How Credit Card Breaches Happen

If your business accepts credit cards for payment, then your a subject to the regulations of the Payment Card Industry.  This is known as PCI-DSS Compliance.  PCI compliance company Security Metrics recently released an infographic that shows the main compliance failures that lead to credit card breaches in 2017.  Here are some of the startling take-aways:

  • Businesses that took credit cards ...
Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


 Top 9 Free Phishing Simulators

Looking to run a phishing attack against your team?  Here’s a article from Infosec institute on the top 9 free phishing simulation products.


Your Nigerian Prince is a 67 year old from Louisiana

Sure looks like a prince to me.  Like Prince Charles.  (Those ...

Continue Reading →
0

NIST Warns Against Lack of Security in Critical Infrastructure

NIST (National Institute for Standards and Technology) released Special Publication 800-53 version 4 recently, and it covers the shortcomings in privacy and security in the national power grid, water control systems, dams, oil and gas utilities and similar computer controlled systems.  There are no coherent or enforceable standards for Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that ...

Continue Reading →
0

Compliance is not Security

I am often asked to explain the difference between a security compliance audit, a vulnerability assessment, and a penetration test.  These exercises do many of the same things, but to a different degree.  A security compliance audit is like a 5K fun run, where a vulnerabilty assessment is more like a marathon.  A penetration test is an iron man competition.

In the course of ...

Continue Reading →
0