BITSIGHT SECURITY RATINGS BLOG

Any seasoned vendor risk manager will tell you that determining whether a particular third party’s cybersecurity is up to your standards—and deciding how much risk to assume through your relations with your vendors—is not a simple task....

Dridex is a banking trojan that uses an affiliate system for its botnets. We have documented the Dridex communication and P2P protocols in the past. In this post we want to shed some light about all the known botnets, their respective...

Over the past couple of weeks, a major issue has surfaced affecting numerous companies that use MongoDB to store their data. Those who install MongoDB on a server and use default settings are exposing their data to the internet and...

Anyone in the security space can agree that a solid cybersecurity policy goes a long way. But not everyone in your organization is a security expert. In fact, many employees may not know the first thing about firewalls or viruses—which is...

On February 12, 2013, President Barack Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for collaboration between government and the private sector to create a set of standards for...

This post was updated on January 27, 2020.

In the world of risk management, risk is commonly defined as threat times vulnerability times consequence. The objective of risk management is to mitigate vulnerabilities to threats and the...