Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.
Among other things, cybersecurity is a primary focus on the BitSight blog. The following is a list of BitSight’s most-read cybersecurity articles and resources on the topic over the past couple of years, along with a description of what you’ll find in each.
Cybersecurity and information security are often used interchangeably—but there are important differences between the two concepts. This informative article explains what each term really means and how they came to be.
Did you know that “99% of computer users are vulnerable to exploit kits (software vulnerabilities),” or that “59% of employees steal proprietary corporate data when they quit or are fired,” according to Heimdal Security? These and 26 other staggering data breach statistics are listed in this intriguing article.
Building out a comprehensive vendor risk management (VRM) program isn’t an easy task—but it’s certainly simpler when you use one (or all) of these three vendor risk assessment templates offered in this blog post. Get the templates and detailed information on how to use them (and how not to!) here.
Questionnaires are a critical part of a comprehensive VRM program. If you’re just beginning to put your program together, you may be asking, “When should I go on-site to meet with my vendor?” or “Aren’t my vendors legally obligated to share security information with me?” These are great questions—be sure to check out the in-depth responses to these and eight other questions in this article.
Information risk management (IRM) includes the policies, procedures, and technology one adopts to reduce the threats, vulnerabilities, and consequences that could arise if data is not protected. This article gives you a straightforward look at IRM, insight into the risk equation, and details on properly managing your risk.
Ten years ago, cybersecurity wasn’t given much thought in the C-suite. Today it’s a critical part of boardroom presentations. If you’re a CIO or CISO looking to fine-tune your cybersecurity presentation to the board of directors, you’ll want to consider the comprehensive list of topics suggested in this article.
Not only does this article describe what an IT risk assessment is and why it’s critical, but also provides a free downloadable guide with 40 questions you should ask your vendors, such as:
- Have you participated in a cybersecurity exercise with your senior executives?
- When was last time you had a cybersecurity assessment performed by a third-party organization? What were the results?
- Do you have automated tools that continuously monitor to ensure malicious software is not deployed?
CISOs and CIOs collect a number of performance metrics to understand the effectiveness of their programs—but only a handful of those are weighty enough to be presented to the board of directors. You may want to consider reporting on company vs. peer performance, the time it takes for you to identify and respond to incidents, any outstanding high-risk findings from a previous audit or assessment, and patching cadence. You can read more about these four metrics in this article.