Vulnerability assessment for compliance news, help and research

Vulnerability assessment for compliance News

December 20, 2018 20 Dec'18
Security, compliance standards help mitigate BIOS security vulnerabilities

Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications.
November 21, 2018 21 Nov'18
Risk assessments essential to secure third-party vendor management

Panelists at Infosec North America advised those charged with third-party vendor management to perform due diligence and assess the innate risk vendors create for business processes.
December 19, 2016 19 Dec'16
GRC news roundup: Russian hacking allegations persist

After the U.S. was allegedly plagued by Russian cyberattacks during the election, members of both the Democratic and Republican parties are now calling for investigations. Also in recent GRC news: ...
December 01, 2016 01 Dec'16
Trump presidency raises questions for regulatory compliance

The future of regulatory compliance is under scrutiny as President-elect Donald Trump's administration continues the transition process. Also in recent GRC news: Hackers demanded ransom after ...

Bring yourself up to speed with our introductory content

OPSEC (operations security)

OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines what is required to protect sensitive information and prevent it from getting into the wrong hands. Continue Reading
ethical hacker

An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit. Continue Reading
compliance risk

Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Why a CISO-CIO reporting structure undermines security

The CISO-CIO reporting structure comes with a serious conflict of interest, argues cybersecurity expert Tarah Wheeler. Here's why. Continue Reading
Private sector's national cybersecurity strategy contributions lacking

The private sector operates much of U.S. critical infrastructure, but is it doing enough to further national cybersecurity strategy efforts designed to protect these assets? Continue Reading
Information security regulations may target IoT, drones

Calls are growing louder for information security regulations to target consumer-centric technology such as the IoT and drones, but legislating their use could prove difficult. Continue Reading

Learn to apply best practices and optimize your operations.

5 steps to determine residual risk during the assessment process

Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment. Continue Reading
Regs create blueprint for industrial controls, IoT and IIoT

Protecting devices associated with industrial control systems, IoT and IIoT presents many challenges, but wide-ranging regulatory mandates can help guide cybersecurity processes. Continue Reading
Compliance rules usher in new era for personal data privacy policy

With the rollout of data privacy regulations, individual data rights and the right to be forgotten are forcing organizations to re-examine how they handle customer information. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Can a D-Link router vulnerability threaten bank customers?

A D-Link router vulnerability was used to send banking users to a fake site in order to steal their information. Learn more about this vulnerability with expert Judith Myerson. Continue Reading
How can companies implement ITSM compliance standards?

In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk. Continue Reading
How does SirenJack put emergency warning systems at risk?

Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works. Continue Reading