by Lou Romero | Jul 10, 2018 | Third Party Risk Management
For the last 20 months or so, we’ve worked with nearly 200 government municipalities on cyber loss control projects, now largely completed. Based on the findings from this effort, we’ve identified those areas where many municipalities are most vulnerable and are...
by John Verry | Sep 19, 2017 | InfoSec Strategies
I have written a couple of blog posts in recent months that touched on keys to avoiding ransomware and I stand by the recommendations that I’ve made regarding ISO 27001 scoping, security awareness training, and more. That being said, the...
by Chris Dorr | Aug 25, 2017 | Third Party Risk Management
An interesting and potentially troubling event happened in the information security world on Wednesday, August 16, 2017. It wasn’t a major hacking attack or a massive data breach. It wasn’t the release of a new security tool, or the failure of a critical...
by Chris Dorr | May 9, 2017 | Third Party Risk Management
As hacker monikers go, TheDarkOverlord (TDO) picked a pretty catchy one. Not much is known about this hacker yet (not even whether it’s an individual or a group, but I’m guessing the latter), but we do know a few things. They know what they’re doing. They’re an...
by Michael Walsh | Apr 6, 2017 | ISO 27001 Certification, Third Party Risk Management
Because I have both an audit background and an IT security background, I’m frequently involved in helping clients address contract issues. The activities vendors perform for your organization under contract are an extension of your internal processes. Thus your...
