Cybersecurity and information security may sound like two different terms for the same idea. But while they’re related, they’re actually different concepts. What is cybersecurity? What is information security? And what’s the actual difference between them? What is cybersecurity? Let’s start with a definition of cybersecurity. You’ll get a different definition for this depending on which organization you’re consulting. For...

A third-party security risk assessment template could be useful in helping your organization plan for and coordinate efforts to reduce cyber risk. But what is a third-party security risk assessment template, exactly? What makes a third-party security risk assessment template effective? And how can you design one from scratch? What Is a Cyber Risk Assessment? Let’s start with the basics....

The Center for Internet Security (CIS) is a nonprofit organization that seeks to “identify, develop, validate, promote and sustain best practice solutions for cyber defense.” But what exactly is this organization? How does it work? And how does it relate to third-party security? The CIS Model CIS uses a closed crowdsourcing model to suggest ingenious new security measures and perfect...

Cybersecurity risk management identifies an organization’s potential vulnerabilities and implements a system to detect, deflect, isolate and analyze threats. It’s like setting up a high-security door that prevents unauthorized access to company networks, accounts, servers and web-based assets. Third-party vendor cybersecurity risk management specifically focuses on the management of risks involved in doing business with other companies and contractors. Third-party...

What Are MSSPs? MSSPs are managed security service providers that offer monitoring and management services related to cybersecurity.  Many IT experts have partnered with MSSPs in the past, or plan to work with them in the future. As organizations understand more and more about the importance of risk mitigation, MSSPs are adding third-party security risk management services to their portfolios....

Technological advancements in the financial sector have made life easier for everyone, but convenience often comes at a price. Cybercriminals are constantly looking for opportunities for exploitation. Businesses in the financial sector are prime targets for data breaches and other damaging cyberattacks. Cybercriminals that target financial businesses are usually looking to steal financial information they can use for identity theft....

When most people hear the three letters CIA in succession, they think about the U.S.’s Central Intelligence Agency. But the CIA Triad actually has nothing to do with the United States government. It does, however, have everything to do with security.  What is the CIA Triad? CIA is an acronym that stands for confidentiality, integrity and availability. And in the...

While there will always be inherent risk any time you enter into a new relationship with a vendor and their products, you can’t ignore or skip over the residual risk. Failure to acknowledge and account for such risks could potentially jeopardize your organization. What is Residual Risk? In the world of IT and network security, we often discuss risk in...

Integrated Risk Management (IRM) is a set of processes and practices that relies on risk-aware culture and risk-conscious technologies. It includes a number of important principles for improving security within an organization. IRM combines elements of corporate governance, cyber risk management and compliance into a singular, comprehensive approach. It’s designed to be streamlined and efficient, introducing automation, cross-departmental solutions and...

The Common Vulnerabilities and Exposures (CVE) System, launched in 1999, is a system that provides publicly recognized information related to vulnerabilities and exposures. It is operated by the MITRE Corporation and funded by the United States Department of Homeland Security. CVE Identification Numbers Within MITRE Corporation’s system, there are defined CVE Identifiers. These unique, common identifiers serve as ID numbers...