
Feb 18, 2021
5 min read
What is SYSC 8 and Mitigating Third-Party Security Risk
Technological advancements in the financial sector have made life easier for everyone, but convenience often comes at a price. Cybercriminals are constantly looking for opportunities for exploitation. Businesses in the financial sector are prime targets for data breaches and other damaging cyberattacks. Cybercriminals that target financial businesses are usually looking to steal financial information they can use for identity theft....

Feb 11, 2021
6 min read
What is the CIA Triad and How Can You Apply It to…
When most people hear the three letters CIA in succession, they think about the U.S.’s Central Intelligence Agency. But the CIA Triad actually has nothing to do with the United States government. It does, however, have everything to do with security. What is the CIA Triad? CIA is an acronym that stands for confidentiality, integrity and availability. And in the...

Feb 02, 2021
6 min read
What is Residual Risk and How It Helps You Evaluate Your Third…
While there will always be inherent risk any time you enter into a new relationship with a vendor and their products, you can’t ignore or skip over the residual risk. Failure to acknowledge and account for such risks could potentially jeopardize your organization. What is Residual Risk? In the world of IT and network security, we often discuss risk in...

Jan 27, 2021
6 min read
What Is Integrated Risk Management and How Does It Work with Third-Party…
Integrated Risk Management (IRM) is a set of processes and practices that relies on risk-aware culture and risk-conscious technologies. It includes a number of important principles for improving security within an organization. IRM combines elements of corporate governance, cyber risk management and compliance into a singular, comprehensive approach. It’s designed to be streamlined and efficient, introducing automation, cross-departmental solutions and...

Jan 20, 2021
5 min read
What Is the Common Vulnerabilities and Exposures (CVE) System and How Does…
The Common Vulnerabilities and Exposures (CVE) System, launched in 1999, is a system that provides publicly recognized information related to vulnerabilities and exposures. It is operated by the MITRE Corporation and funded by the United States Department of Homeland Security. CVE Identification Numbers Within MITRE Corporation’s system, there are defined CVE Identifiers. These unique, common identifiers serve as ID numbers...

Jan 12, 2021
6 min read
What Is GLBA and How Do You Know Your Third Parties Are…
The Gramm-Leach-Bliley Act (GLBA) is one of the most common regulatory compliance acts in the business world. And if you’re involved in providing financial products or services to consumers and utilize the services of third-party vendors, it’s something you need to be aware of. What is the GLBA? Also known as the Financial Modernization Act of 1999, the Gramm-Leach-Bliley Act...

Jan 07, 2021
6 min read
The National Vulnerability Database & Third Party Security Risk
The National Vulnerability Database is a US government-run system that records a wide range of security and compliance information and protocols. Originally developed in 2000, it’s grown into a powerful tool that helps businesses close major security gaps and protect their data—but it’s far from perfect. Ultimately, someone had to have discovered the recorded vulnerabilities before they could be logged,...

Dec 24, 2020
5 min read
What is OCC and How Does It Affect Third Parties?
There are many different regulatory groups that oversee finance-related bodies and transactions, and the Office of the Comptroller of the Currency (OCC) is one of the most important of these groups. Founded in 1863, the OCC is an independent bureau within the US Department of the Treasury and its job is to oversee issues relating to national banks. In particular,...

Dec 14, 2020
6 min read
What is the NY SHIELD Act and How Can You Be Sure…
In light of concerns over a growing number of cybersecurity threats and data breaches, New York State recently passed stricter cybersecurity laws under the NY SHIELD Act. These data security requirements took effect on March 21, 2020. What are these new laws and how do you ensure your third parties are compliant? What is the NY SHIELD Act? At a...

Dec 13, 2020
5 min read
What is PCI-DSS Compliance and How Does It Affect Your Third-Party Vendors?
PCI-DSS regulations aren’t law; they are a set of security regulations credit card companies voluntarily agree to uphold. As a result, any merchant that stores, processes, and/or transmits cardholder data through the major credit card networks must also agree to uphold these security standards. Third-party vendors may or may not be required to comply, depending on the function they provide...
Popular Posts

Nov 26, 2019
3 min read
3 Key Points About CCPA
What is CCPA? The California Consumer Privacy Act (AB 375), which will go into effect on January 1, 2020, is expected to significantly strengthen data collection and privacy in the USA. Similar to the way the General Data Protection Regulation (GDPR) defined data privacy in Europe, the CCPA regulation is expected to set the standard for data privacy in...

May 08, 2019
3 min read
3 Reasons Why Enterprises Hate Security Questionnaires
It’s not hard to understand why security questionnaires are necessary. Because regulations like GDPR and NYDFS are holding businesses accountable for their third parties’ cybersecurity, it’s important for enterprises to assess and continuously monitor all vendors, suppliers and business partners. And the initial vetting of any third parties typically begins with a comprehensive security questionnaire to evaluate cyber posture. (more…)