Conversations in Risk-Based Security

Case Study: Nuclear Industry

Posted by Teresa Maugeri on Aug 9, 2018 10:25:10 AM

Background:
The nuclear industry is struggling to meet compliance deadlines and find dedicated, knowledgeable resources who can be embedded into the existing workforce and function as a cohesive team. A typical nuclear plant contains thousands of Critical Digital Assets (CDAs) that need identified attributes collected and assessments conducted. With many plants identifying over 80 required attributes for each of thousands of devices, these projects can quickly become overwhelming.

Read More

Strategic Compromise Will Allow Attackers To Undermine Your Supply Chain

Posted by Doug Yarabinetz on Jul 9, 2018 2:24:51 PM

One-Fifth Of Enterprise Respondents Reported A Third-Party Breach according to Forrester's Top Cybersecurity Threats of 2018.

Strategic Compromise Will Allow Attackers To Undermine Your Supply Chain

Your partners are also under threat: 21% of global enterprise network security decision makers have experienced a security incident involving a third party . Third-party risk is frequently discussed as an exposure due to data shared with partner companies and data processors. This type of downstream risk can sometimes put people in mortal danger as with the TigerSwan breach, where a third party leaked resume information for foreign nationals that included admissions of their complicity with US forces and home contact information.  Too frequently, supply chain issues that are upstream to your organization are ignored and incidents go unnoticed and unpublicized.
Read More

Topics: cybersecurity

Practice Cyber Combat on a Cyber Range

Posted by Joseph Wilson on Jun 28, 2018 11:38:36 AM

Cyber security is a skill based occupation.  The only way to improve a cybersecurity expert skill set, is by accumulating hands-on experience.  Similar to fighter pilots, who don’t often face the challenges and threats of the real world , training cybersecurity experts can be effective only  by simulating hyper-realistic scenarios which allows cybersecurity individuals and teams to face a real threat, and improve their skills based on the experiences.

Read More

Topics: cybersecurity, cyber range

Don’t be an information hoarder - A chat with Larry Newfield VP Systems, Engineering, and Compliance

Posted by Joseph Wilson on May 24, 2018 10:27:23 AM

What are the most important principles in information security?
Data Minimization and Frictionless Security. Data minimization is a real key. You can’t lose, nor hurt clients’ privacy if you are not maintaining things someone wants to steal. This also makes it easier to protect what data you do have. If you have fewer categories of data, it is easier to sort out what you need to protect to the highest level versus elements that are not quite as sensitive, or about clients. In thinking about data minimization, you must always be asking: Why was this sent to us? Why should we be storing it? Are there govt regulations that force me to store it for a minimum timeframe?

Read More

Europe Privacy Law That’s Changing the Landscape, the General Data Protection Regulation (GDPR)

Posted by Doug Yarabinetz on May 16, 2018 11:11:05 AM

For those of you with a keen eye or a particular attention to detail, you may have noticed privacy policy changes over the last few months on many popular websites. This is all part of the preparation for the General Data Protection Regulation (GDPR) that goes into effect May 25th, 2018. This affects all companies around the globe that deal with the data from citizen’s in any of the 28 countries in the European Union (EU). From the smallest online retailer to global behemoths, no one is given an exemption from the GDPR. This means many businesses are faced with the choice to comply or stop dealings with EU citizens, which isn’t an option for most.

Read More

Why Cybersecurity Should Be A Top Priority For Small Businesses

Posted by Doug Yarabinetz on May 10, 2018 3:34:04 PM

Every year, far too many businesses are compromised by cybercriminals, and each time, important data and sensitive information are accessed and exploited. In all situations, cybercriminals will use their best technology to steal data and even the finances of big businesses.

Read More

Topics: cybersecurity

Why should I care about GDPR? There are at least 24 million reasons!

Posted by Joseph Wilson on May 1, 2018 11:10:49 AM

Just what are the new GDPR Regulations?

The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located.

Read More

Calling all Security and Risk professionals! Research Report by Forrester Analyst, Josh Zelonis

Posted by Kayla Badini on Apr 19, 2018 11:20:19 AM

Get your copy of the Top Cybersecurity Threats In 2018!
By Josh Zelonis with Stephanie Balaouras , Bill Barringham , Peggy Dostie

Don’t let it be a challenging task to protect your business from every possible attack type.

Companies are under attack: 58% of global enterprise respondents say their firms have experienced at least one breach during the past 12 months. Of these, 50% say their firm suffered at least one internal incident, and 36% suffered at least one attack or incident involving a business partner or third-party supplier.

Read More

Those who’ve been hacked and those that don’t know it yet: The Lynx team recently caught up with Bruce Brown, CTO-CIO with Whytechs Consulting to get his thoughts on security today and tomorrow.

Posted by Joseph Wilson on Apr 10, 2018 11:23:49 AM

When you were educated, prior to moving into the professional workforce, what sort of training did you get on cyber security?

Zero, other than password management! When I started in the IT space, Cyber Security wasn’t even a known term. If you said those words together, you would get puzzled looks. Less than two decades ago our biggest concern was getting ready for Y2K. However, continually learning has always been part of being a technologist. Learning to focus on security has certainly been a learned behavior. Almost every professional consultancy has developed a security practice and they have been a tremendous resource for security expertise and learning. In fact, now we obsess about protecting our critical information assets.

Read More

CISO - Which Tribe Is Yours?

Posted by Joseph Wilson on Apr 6, 2018 12:13:38 PM

Do you ever wonder: How am I stacking up against my peers? What is everyone else doing? Am I missing something obvious? How do I improve my performance?

Read More

Subscribe to Email Updates

Forward Thinking Security

In this blog, we hope to uncover solutions and hear from leaders about how they are solving real-world cybersecurity and IT GRC problems. We invite you to join the conversation. We're ready to Listen.

Join us as a guest on our upcoming Lynx Listening Sessions. 

Recent Posts