by Lou Romero | Jul 10, 2018 | Third Party Risk Management
For the last 20 months or so, we’ve worked with nearly 200 government municipalities on cyber loss control projects, now largely completed. Based on the findings from this effort, we’ve identified those areas where many municipalities are most vulnerable and are...
by Chris Dorr | Aug 25, 2017 | Third Party Risk Management
An interesting and potentially troubling event happened in the information security world on Wednesday, August 16, 2017. It wasn’t a major hacking attack or a massive data breach. It wasn’t the release of a new security tool, or the failure of a critical...
by Chris Dorr | May 9, 2017 | Third Party Risk Management
As hacker monikers go, TheDarkOverlord (TDO) picked a pretty catchy one. Not much is known about this hacker yet (not even whether it’s an individual or a group, but I’m guessing the latter), but we do know a few things. They know what they’re doing. They’re an...
by John Verry | Apr 4, 2017 | Phishing
Sometimes information security involves taking two steps forward and one step back. Case in point, the recent evolution of many vendors from traditional Security Awareness Training to training with integrated anti-phishing services. With phishing being the source of a...
by Lauren Wilder | Feb 25, 2016 | ISO 27001 Certification
In a recent gap assessment with a client, the topic of “what’s missing” in their supplier agreements came up. For many organizations, such agreements are considered sufficient if they adequately specify terms of service, vendor and supplier...
