Among other things, cybersecurity is a primary focus on the BitSight blog. The following is a list of BitSight’s most-read cybersecurity articles and resources on the topic over the past couple of years, along with a description of what you’ll find in each.
Cybersecurity and information security are often used interchangeably—but there are important differences between the two concepts. This informative article explains what each term really means and how they came to be.
Did you know that “99% of computer users are vulnerable to exploit kits (software vulnerabilities),” or that “59% of employees steal proprietary corporate data when they quit or are fired,” according to Heimdal Security? These and 26 other staggering data breach statistics are listed in this intriguing article.
Building out a comprehensive vendor risk management (VRM) program isn’t an easy task—but it’s certainly simpler when you use one (or all) of these three vendor risk assessment templates offered in this blog post. Get the templates and detailed information on how to use them (and how not to!) here.
Questionnaires are a critical part of a comprehensive VRM program. If you’re just beginning to put your program together, you may be asking, “When should I go on-site to meet with my vendor?” or “Aren’t my vendors legally obligated to share security information with me?” These are great questions—be sure to check out the in-depth responses to these and eight other questions in this article.
Information risk management (IRM) includes the policies, procedures, and technology one adopts to reduce the threats, vulnerabilities, and consequences that could arise if data is not protected. This article gives you a straightforward look at IRM, insight into the risk equation, and details on properly managing your risk.
Ten years ago, cybersecurity wasn’t given much thought in the C-suite. Today it’s a critical part of boardroom presentations. If you’re a CIO or CISO looking to fine-tune your cybersecurity presentation to the board of directors, you’ll want to consider the comprehensive list of topics suggested in this article.
CISOs and CIOs collect a number of performance metrics to understand the effectiveness of their programs—but only a handful of those are weighty enough to be presented to the board of directors. You may want to consider reporting on company vs. peer performance, the time it takes for you to identify and respond to incidents, any outstanding high-risk findings from a previous audit or assessment, and patching cadence. You can read more about these four metrics in this article.
What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by the...
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...