Midwest Leads Country In Cybersecurity Standardization

As predicted, 2019 has seen the expansion of more state-specific legislation relating to cybersecurity and data protection. What started with Ohio’s safe harbor law has rapidly spread to more states, especially in the midwest. Some industries are moving faster than others - what we’ve seen in New York with 23 ... Read More
Map Your Cyber Risks To Business Outcomes With KRI's

Map Your Cyber Risks To Business Outcomes With KRI’s

It is the greatest challenge for a technically minded leader like a CISO to be able to map the cyber risks that they know face the enterprise to the business outcomes such that business-side leaders can understand them. Dating back to the origin of the position, CISO’s have been charged ... Read More

Contextualize Quantified Cyber Risk With A Risk Appetite Statement

Now more than ever, CISO’s are being tasked with delivering hard metrics around an enterprise’s technology and digital risk. While this is nothing new for seasoned IT professionals, the challenge here lies in providing these metrics in a way that is applicable and meaningful to the rest of the C-suite, ... Read More

NYDFS Implementation Grace Period Marks Strengthening Of Vendor Security

Following the Equifax breach and growing concerns about the posture of the financial industry, New York State Department of Financial Services (NYDFS) released the initial proposal for what would become 23 NYCRR 500. 23 NYCRR 500 is designed to foster and standardize cybersecurity across the financial services industry in New ... Read More

Carbon Black Report Indicates Industries Most Targeted For Cyber Attack

In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning new trends that faces business regardless of industry ... Read More

What To Expect From The Imminent Revisions To Two Of NIST’s Most Popular Frameworks

While the NIST Privacy Framework may be the headliner for the most anticipated new publication from the National Institute of Standards and Technology, there are two imminent revisions that security teams are expecting that could have a greater impact: SP 800-171 Rev 2, and SP 800-53 Rev 5 ... Read More

The Tale Of Three CISOs And The Skills They Bring

As with any position, there will be different types of people that hold the CISO position. During our conversation with Rick Lemieux, CRO of itSM, we dove deep into the three archetypes of CISO that have emerged: the Visionary, the Teacher, and the Technician ... Read More

What To Expect From The NIST Privacy Framework

In September 2018, the National Institute of Standards and Technology (NIST) announced their plan to develop a data privacy framework using the same process as their incredibly successful cybersecurity framework (CSF). Since then, NIST has hosted multiple workshops and webinars soliciting both public and private sector feedback in the same ... Read More

The Two Keys to Changing Organizational Culture

“Digital transformation may come in many forms, but the result is always the same - organizational change.” Rick Lemieux, CRO of itSM solutions, began our conversation with CyberSaint CRO, Jerry Layden, with the crux of what has become a beleaguered buzzword. The result of many digitization initiatives is, as Rick ... Read More
Cybersecurity Dashboards That Empower Decision Making

Cybersecurity Dashboards That Empower Decision Making

Data is only as good as what you are able to do with it. In a cybersecurity program, the audits and vendor risk assessments that we conduct are only as good as their ability to empower us to make decisions. Too often, risk and compliance solutions visualize data for the ... Read More