Vulnerability assessment for compliance news, help and research

Vulnerability assessment for compliance News

December 20, 2018 20 Dec'18
Security, compliance standards help mitigate BIOS security vulnerabilities

Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications.
November 21, 2018 21 Nov'18
Risk assessments essential to secure third-party vendor management

Panelists at Infosec North America advised those charged with third-party vendor management to perform due diligence and assess the innate risk vendors create for business processes.
December 19, 2016 19 Dec'16
GRC news roundup: Russian hacking allegations persist

After the U.S. was allegedly plagued by Russian cyberattacks during the election, members of both the Democratic and Republican parties are now calling for investigations. Also in recent GRC news: ...
December 01, 2016 01 Dec'16
Trump presidency raises questions for regulatory compliance

The future of regulatory compliance is under scrutiny as President-elect Donald Trump's administration continues the transition process. Also in recent GRC news: Hackers demanded ransom after ...

Bring yourself up to speed with our introductory content

vulnerability disclosure

Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware. Continue Reading
pure risk

Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain. Continue Reading
risk assessment

Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Why a CISO-CIO reporting structure undermines security

The CISO-CIO reporting structure comes with a serious conflict of interest, argues cybersecurity expert Tarah Wheeler. Here's why. Continue Reading
Private sector's national cybersecurity strategy contributions lacking

The private sector operates much of U.S. critical infrastructure, but is it doing enough to further national cybersecurity strategy efforts designed to protect these assets? Continue Reading
Information security regulations may target IoT, drones

Calls are growing louder for information security regulations to target consumer-centric technology such as the IoT and drones, but legislating their use could prove difficult. Continue Reading

Learn to apply best practices and optimize your operations.

Use ISO 22332 to improve business continuity plans

Standards offer guidance on business continuity and disaster recovery plans. ISO 22332 is no exception, providing great detail on how to prepare and execute a BC plan. Continue Reading
5 steps to determine residual risk during the assessment process

Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment. Continue Reading
Regs create blueprint for industrial controls, IoT and IIoT

Protecting devices associated with industrial control systems, IoT and IIoT presents many challenges, but wide-ranging regulatory mandates can help guide cybersecurity processes. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Can a D-Link router vulnerability threaten bank customers?

A D-Link router vulnerability was used to send banking users to a fake site in order to steal their information. Learn more about this vulnerability with expert Judith Myerson. Continue Reading
How can companies implement ITSM compliance standards?

In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk. Continue Reading
How does SirenJack put emergency warning systems at risk?

Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works. Continue Reading