InSights Blog

The Digital Operational Resilience Act is set to go into action in early 2022. Learn how BitSight can help your organization meet the compliance requirements.

What does your organization consider an acceptable level of inherent cyber risk in its vendor portfolio? Learn how to establish that threshold and focus resources where they’re needed most.

What is a cybersecurity risk taxonomy and how can you use it to guide your organization’s security program and investments?

As cyber threats evolve and business models change, maintaining a mature cybersecurity program can be challenging. You need to be confident that your organization’s current security tools and techniques are effective.

If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand your organization's regulatory environment and the standards and controls they stipulate, let's break down key cyber compliance regulations by industry.

BitSight, the Standard in Security Ratings, has established itself as not only a clear leader in security ratings but now also in the burgeoning field of data privacy.

In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, BitSight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.

In order to receive this designation, BitSight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.

The European Union (EU) will soon launch a new regulation that will require banks and firms in the global financial industry to mature their third-party risk management programs to include set cybersecurity requirements – which will also apply to the critical Information and Communication Technology (ICT) service providers they are working with. 

The European Union (EU) will soon launch a new regulation that will require banks and firms in the global financial industry to mature their third-party risk management programs to include set cybersecurity requirements – which will also apply to the critical Information and Communication Technology (ICT) service providers they are working with. 

In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.

Overall, the EO starts to fill in some critical gaps in US government cybersecurity capabilities. The EO is designed primarily to protect Federal infrastructure, but will also have significant impact on private sector service providers (e.g. software providers) who will now be required to meet new security requirements in order to do business with the U.S. government.

Security risk managers often face a lot of the same roadblocks, even if they’re managing programs of different sizes or in different industries. Basing security practices on well-known, and sometimes government-regulated cybersecurity models will mature your program to overcome process inefficiencies.

Government agencies in the United States are yet again suffering from a widespread data hack, this time originating from Microsoft Exchange servers. This breach comes less than five months after the SolarWinds breach exposed vulnerabilities across dozens of industries, including government agencies. How is the government pivoting to protect their network from these increasingly widespread attacks?

While security ratings are a great way to demonstrate that you’re paying attention to the cyber health of the organization you also need to show that you’re adhering to industry and regulatory best practices for IT security and making informed decisions for the long-term. A cybersecurity framework can help.

In the upcoming months, the Cybersecurity Maturity Model Certification (CMMC) will go live. Thousands of third party assessors will begin cybersecurity assessments of hundreds of thousands of U.S. Defense contractors.  What will the assessors find? 

In November 2019, the Federal Financial Institutions Examination Council (FFIEC) released an update to the Information Technology Examination Handbook (IT Handbook). This handbook is a guide for examiners at its member agencies, which include the FRB, FDIC, NCUA, OCC, and CFPB.

Early in 2019, unknown threat actors attempted to hack the Australian federal Parliament’s computer network and the servers used by every politician, staffer, and security officer in Parliament House. Authorities believe there is a strong chance this could have been executed by a state-based actor.