Home/Cyber Risk Management

Asking Vendors the Right Questions

How is your company managing the security of your vendors? According to the 2018 Ponemon Institute Data Risk in the Third-Party Ecosystem study: 59% of companies have experienced a data breach caused by one of their vendors or third parties. Do you know how much is at stake if one of your vendors or fourth parties is breached? Security questionnaires are opportunities [...]

Business Continuity Awareness Week (2020)

Business Continuity Awareness Week is an annual global event that is facilitated by the Business Continuity Institute. From May 18th through May 22nd, business continuity professionals, organizations, and industries at large will be participating in an annual event known as Business Continuity Awareness Week, or BCAW. BCAW was started and continues to be hosted by The Business Continuity Institute, a not-for-profit [...]

By |2020-05-15T00:52:31+00:00May 15th, 2020|Cyber Risk Management|0 Comments

Webinar: Conquering the Cloud: Defense-in-Depth Strategies for Amazon Web Services

At the end of March, Shane Peden, Director of Cyber Risk and CISO Advisory at risk3sixty, spoke at BSides Atlanta 2020 about strategies for implementing "defense-in-depth" within Amazon Web Services, the most widely used of the cloud Infrastructure-as-a-Service providers. You can watch it at the link below! https://youtu.be/JuQj9uczqn8 Let’s Get Started Are you interested in the services of a red [...]

Annual Security Training – Phase 3: Deliver

Are you looking to create the best security training environment for your organization? This is a recurring need across all organizations that we will guide you through in this series, “Annual Security Training – Design, Develop, and Deliver”. If you’re wondering why you should focus resources on developing security training programs, or missed the first part of the series, go ahead [...]

Securing the Work-from-Home Environment During COVID-19

Tips for security administrators during the COVID-19 pandemic We have seen a massive increase in the number of employees working from home due to the COVID-19 pandemic. System administrators must ensure that employees can still securely access corporate resources. The transition to the cloud both for corporate activities (Office 365, G Suite) and for service hosting (AWS, Azure) has relieved some [...]

By |2020-05-26T14:05:29+00:00April 7th, 2020|Cyber Risk Management, News and Events|0 Comments

Why You Should Consider an Intangible Asset Inventory (and the Risks of Not Having One)

IT security professionals can get caught up in the physical asset world. But what intangible assets should we be tracking? An important part of IT security is maintaining an asset inventory. The inventory should document owners, data classification and other pertinent information. Consider cost and metrics associated with the asset's lifetime. A physical asset inventory enables an IT department to have [...]

By |2020-03-26T13:04:51+00:00March 30th, 2020|Cyber Risk Management, ISO 27001 Compliance|0 Comments

Coronavirus: A Test Of Global Resiliency

Over the last few days, we have had dozens of clients ask our team for insight into how other clients are reacting to the recent Coronavirus (COVID-19) pandemic. As a matter of information sharing, we thought it might be useful to summarize how your peers in the market are reacting. Hopefully this information can be used to inform your own decision-making [...]

By |2020-03-23T12:33:25+00:00March 13th, 2020|CISO Discussions, Cyber Risk Management|0 Comments

Performing Effective User Access Reviews

Correcting mistakes that arise in the day-to-day management of access control.   Organizations can take many steps to manage access, such as adopting documented registration and de-registration processes, maintaining a list of service accounts, and segmenting networks. While all are effective ways of managing access, they occasionally fail.   For example, a step may be missed in the on-boarding process. A [...]

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.   People often regard information security policy as a "check-the-box" compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, and then forget about it.   But, an information security policy that directs the organization is as crucial to a security program as [...]

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today. On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and Maersk [...]

By |2020-01-23T19:22:30+00:00November 25th, 2019|Cyber Risk Management, Penetration Testing|1 Comment