Cybersecurity
Collection

Cyber resilience is an organization’s ability to detect, prevent, respond, recover and learn from cybersecurity disruptions. Our cybersecurity collection explores common issues, trends and what organizations must do to prepare proactive and reactive solutions to and keep your assets safe.

Featured Insights

How Will Upcoming Transportation Security Administration Regulations Impact the Aviation Industry?
On March 7, 2023, the Transportation Security Administration (TSA) announced new cybersecurity regulations for certain TSA-regulated airport and...

ISO 27001: 2022 - Key Changes and Approaches to Transition
This article will address the changes and updates to ISO 27001 standard published on October 25, 2022, and the approaches organizations can take to...

Achieving Diversity’s Benefits in Cybersecurity
This post is the first in a series about diversity in cybersecurity. In future posts, we will explore similar topics around diversity, equity and...

Muddy Footprints – Every Contact Leaves a Trace
Imagine a murder scene: a broken window, muddy footprints, a knife and a body.
Now imagine a computer incident: Hundreds of encrypted files. A...
Managed Security Services

Common Frameworks for Maturing Security Programs
Every cybersecurity organization, through its program maturity journey, grapples with the challenge of choosing and aligning with a security framework...

Risk and the Board of Directors: From Bordeaux to Today, What’s Old Is New
On January 25, 2022, Gary Gensler, chairman of the U.S. Securities and Exchange Commission (SEC), on his YouTube channel “Office Hours with Gary...

Vulnerability Management: We’ve Been Doing It All Wrong
Vulnerability management is a discipline that many organizations struggle with due to one simple factor: complexity. Today, organizations manage...

5 Considerations for Purchasing ‘Cyber Insurance 2.0’ Policies
Organizations attempting to buy or renew cyber insurance policies confront an imposing mix of challenges, changes and value-added services. A volatile...
Data Protection

Security Due Diligence in M&A: How Much Is Enough?
Hardly any merger or acquisition (M&A) transaction takes place without proper due diligence; so much so that the importance and challenge of this...

For $62.59, the 8 Character Password is Still Dead
Five years ago, we wrote a post called "The 8 Character Password is Dead,” which was an in-depth look at password cracking in 2017 and how eight...

Building a Successful Data Protection Program
With an ever-expanding collection of corporate data, organizations face more challenges than ever before in protecting their data. Data of all types...

PCI Security Standards Council Publishes New Versions of Self-Assessment Questionnaires
On April 29, 2022, the PCI Security Standards Council (PCI SSC) released new versions of the PCI DSS Self-Assessment Questionnaires (SAQs) ahead of...
Security Resilience

Metrics’ Role in Cyber Transformation
We’ve all heard the saying, “what gets measured gets done,” meaning that regular measurement and reporting helps to keep organizations focused on the...

Enhancing Cyber Capabilities Using a Threat-Driven Strategy
Senior leaders focused on cybersecurity recognize there is considerable guidance, best practices, frameworks, regulations and varied opinions on how...

Creating a Resilient Cybersecurity Strategy, Part 3: Role of the Board
This is the last of a three-part series about developing a cybersecurity governance lifecycle that provides coverage, balance, effectiveness,...

Creating a Resilient Cybersecurity Strategy, Part 2: The Role of Senior Leaders in Governance
This is part two of a three-part series about developing a cybersecurity governance lifecycle that provides coverage, balance, effectiveness,...
Security Architecture

Zero Trust Architecture: Removing the Buzz
In the current digital age, traditional security approaches are no longer adequate to protect organizations against threats. With an increasingly...

API Security: Key to Interoperability or Key to an Organization?
Most applications built today leverage Application Programming Interfaces (APIs), code that makes it possible for digital devices, applications and...

Cybersecurity Risk Assessments vs. Gap Assessments: Why Both Matter
As cybersecurity incidents continue to make headlines, whether involving the breach of sensitive information or the halting of an enterprise’s...

A House Divided: Key Differences in Cybersecurity Implementation for IT and OT
Anyone who has spent a significant amount of time in any U.S. state where college football is popular, has likely seen a “house divided” bumper...