Blog

The OCC released its “Semiannual Risk Perspective” and, perhaps as anticipated, banks continue to struggle plugging gaps in information technology practices.

Among the risks highlighted in the study, as reported by Joe Mont at Compliance Week:

• Evolving cyber-threats and information technology vulnerabilities require heightened awareness and appropriate controls.
• The high volumes and frequency of changes to information systems to address regulatory requirements, enhance risk monitoring reporting, an

What’s going on this September? National Preparedness Month. This will be the time to increase your awareness of the safety of your business, family, pets and community. During disasters, communication is key. National Preparedness Month concludes on September 30 with the National PrepareAthon! Day.

It would be like a science fiction movie: You go to pull up the file detailing the records of your last quarter’s profit and loss statement, and instead you get a flashing notice: “Your computer has b

An in-depth investigation by the non-profit analysis organization RAND reveals that hackers and their attacks are maturing at a much more rapid pace than organizations’ cybersecurity programs. Hackers now regularly and successfully plan sophisticated attacks to gain valuable information from large, well established organizations. In June 2015, Tony Scott, the CIO of the federal government, stated that organizations need “an architectural model that is secure by design rather than security slappe

News last week broke that a CNA Financial Corp. unit is seeking a judicial ruling that would waive its obligation to pay a $4.1 million settlement to Cottage Health System, on the grounds that the health system failed to meet the “minimum required practices” for cybersecurity risk management.

Cottage Health System, a Santa Barbara based non-profit organizations, suffered a breach of over 30,000 medical records in the fall of 2013. The breach was caused by a third party vendor that housed personal

Sally Beauty Holdings confirmed last week that its payment card systems had been compromised, but did not disclose the extent to which data had been breached.

The Texas based retailer is the next in a string of security incidents that include Target and Sony Pictures, and comes a year following the company disclosing a breach of 25,000 customer records.

If the risk is high, and best practices of organizations like NIST, ISO, and SANS are known, then where are the gaps in these organization’s gover

Online media outlet TechTarget recently visited the 2014 Advanced Cyber Security Center (ACSC) conference right in our hometown of Boston, MA. Their findings? A successful cybersecurity risk management framework must be built around “Coordination. Cooperation. Collaboration.”

"You are not going to eliminate the risk of attacks, you are going to manage the risk," said Michael Chertoff, former secretary of the U.S. Department of Homeland Security. Chertoff directed organizations to focus on threat