Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
On November 20th, Bitsight CEO Shaun McConnon was published by the Risk Management Monitor. His article, "Looking Beyond Compliance When Assessing Security" explores how risk managers can take a more comprehensive approach to mitigating security risk by augmenting traditional audits, questionnaires, tests and assessments with a continuous evaluation of security effectiveness.
This post is contributed by guest blogger Michael Duffy, a member of Bitsight's Board of Directors.
I was in graduate school when I first heard the well-known quote by statistician George Box: “Essentially, all models are wrong, but some are useful."
In a world of evolving threats, executives are faced with the challenge of deciding whether to allocate scarce security resources in proactive investments that may prevent attacks or in reactive investments in response to security failures. Some researchers have argued that the most effective security investments are those based on lessons from past attacks, particularly when defending against similar incidents.
Partner security risk is an important topic in the minds of risk officers today. With the number of companies being breached via third parties on the rise (New York Times, Bank of America, Twitter), this is clearly a big area of concern. In a survey conducted by Ponemon in February 2013, 65% of participants said their organization had a breach involving the loss or theft of their organization’s information when it was outsourced to a third party. In April 2013, the Information Security Forum (ISF) wrote "Of all the supply chain risks, information risk is the least well managed."