Cybersecurity and Risk Management

Earlier this week I discussed the three top mistakes that companies make when assessing cybersecurity insurance. Now it’s time to take a look at what to consider when assessing insurance coverage. As noted previously, the best way to conduct this review is for the CISO and...

We are witnessing a transformation in information technology that will have a profound impact on how business and technology teams work together. The MIS teams of the 1960s and ‘70s focused narrowly on back-office systems and then transformed into IT, which expanded to include all...

Executive Summary Cyber attacks on businesses and governments are more common than ever before, and are likely to increase. The precipitous rise in breaches over the last decade has created a market for specialized liability policies aimed at mitigating the effects of a breach. Nemertes’ 2016...

The New York State Department of Financial Services (NYS DFS) recently issued proposed regulations for financial services firms in New York State to go into effect in January 2017, with demonstrated compliance required by affected firms (“covered entities”) by January 2018. The regulations are groundbreaking...

For years, it seemed as though AT&T and Amazon viewed each other as competition. Despite depending on the network for its very existence, Amazon treated the network as a commodity: Users only needed cheapest-possible Internet services to connect to Amazon--including to its market-leading Amazon Web...

Executive Summary IT organizations are moving toward a risk-management approach to information security. But what does that mean, and how can infosec professionals actually implement such an approach? What does it mean to take a “risk-based” approach to security budgeting? Nemertes outlines our Business Risk Portfolio...

In our 2016/2017 Security and Risk Management Benchmark and Maturity Model, we highlighted a set of "bellwether technologies": Technologies that, we believed, would characterize the most sophisticated security organiztions. By and large, the technologies we selected were, in fact, considerably more likely to be deployed...

Unless you've been living under a rock for the past 8 years, you've been exposed to the concept of IoT. For enterprise organizations, it's a key component of Digital Transformation (DT), primarily because it enables companies to capture huge amounts of data. And "data has value" is one...

If you're active in the cybersecurity field, chances are you've seen, heard, talked about or experienced the paucity in trained cybersecurity professionals. Predictions vary, but Cisco estimates there will be a global skills shortfall of around 2 million by 2019; other estimates are even highter...

My morning cybersecurity alert scan uncovered this gem by CPA Joel Lanz on how to budget for cybersecurity. He makes a lot of excellent points. My favorite is being able to document that you've deployed, used, and benefitted from your previous investments in cybersecurity technology. Many...

I recently read an extremely provocative article on the topic of what information major providers--including Microsoft, McAfee, and others--are routinely capturing from their customers. Some of it may appear benign, and the article is focused on consumers, who bear the brunt of the information exposures. The companies...