Among other things, cybersecurity is a primary focus on the BitSight blog. The following is a list of BitSight’s most-read cybersecurity articles and resources on the topic over the past couple of years, along with a description of what you’ll find in each.
1. Cybersecurity Vs. Information Security: Is There A Difference?
Cybersecurity and information security are often used interchangeably—but there are important differences between the two concepts. This informative article explains what each term really means and how they came to be.
2. 28 Data Breach Statistics That Will Inspire You (To Protect Yourself)
Did you know that “99% of computer users are vulnerable to exploit kits (software vulnerabilities),” or that “59% of employees steal proprietary corporate data when they quit or are fired,” according to Heimdal Security? These and 26 other staggering data breach statistics are listed in this intriguing article.
3. 3 Information Security Risk Assessment Templates 
Building out a comprehensive vendor risk management (VRM) program isn’t an easy task—but it’s certainly simpler when you use one (or all) of these three vendor risk assessment templates offered in this blog post. Get the templates and detailed information on how to use them (and how not to!) here.
4. A Vendor Risk Management Questionnaire (With 10 Questions You Might Be Afraid To Ask)
Questionnaires are a critical part of a comprehensive VRM program. If you’re just beginning to put your program together, you may be asking, “When should I go on-site to meet with my vendor?” or “Aren’t my vendors legally obligated to share security information with me?” These are great questions—be sure to check out the in-depth responses to these and eight other questions in this article.
5. What Is Information Risk Management?
Information risk management (IRM) includes the policies, procedures, and technology one adopts to reduce the threats, vulnerabilities, and consequences that could arise if data is not protected. This article gives you a straightforward look at IRM, insight into the risk equation, and details on properly managing your risk.
6. What To Include In Your Cybersecurity Board Of Directors Presentation
Ten years ago, cybersecurity wasn’t given much thought in the C-suite. Today it’s a critical part of boardroom presentations. If you’re a CIO or CISO looking to fine-tune your cybersecurity presentation to the board of directors, you’ll want to consider the comprehensive list of topics suggested in this article.
7. IT Risk Management Assessment Template: 40 Questions To Ask Your Vendors
Not only does this article describe what an IT risk assessment is and why it’s critical, but also provides a free downloadable guide with 40 questions you should ask your vendors, such as:
- Have you participated in a cybersecurity exercise with your senior executives?
- When was last time you had a cybersecurity assessment performed by a third-party organization? What were the results?
- Do you have automated tools that continuously monitor to ensure malicious software is not deployed?
8. 4 Cybersecurity & Information Security Metrics To Report To The Board
CISOs and CIOs collect a number of performance metrics to understand the effectiveness of their programs—but only a handful of those are weighty enough to be presented to the board of directors. You may want to consider reporting on company vs. peer performance, the time it takes for you to identify and respond to incidents, any outstanding high-risk findings from a previous audit or assessment, and patching cadence. You can read more about these four metrics in this article.
