Events

Events

What security functions should small medical providers outsource?

Strapped for cybersecurity resources, small and medium-size health care providers should outsource electronic medical record (EMR) maintenance, Payment Card Industry (PCI) compliance and threat intelligence gathering to third-party service providers, but risk assessment must still be handled internally, according to Mitchell Parker, CISO at Indiana University Health. Lamenting the recent scourge of ransomware and data…

‘We want to have more protection’: Arrested pen testers push for Good Samaritan law

Prosecutors dropped felony criminal charges against a pair of ethical pen testers arrested while assessing the security of an Iowa courthouse. But the the two men are not ready move on just yet. Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a…

IoT adds value, risk but management within reach

Along with the tremendous opportunity brought to the enterprise by the gadgets that hang off of the Internet of Things (IoT) comes sizable risk that organizations must assess and manage. “Value should be considered while determining risk,” said Paul Rohmeyer, associate industry professors at the Stevens Institute of Technology, who led the “Managing Cybersecurity and…

Union Pacific tracks cyber risk via its own probability modeling methodology

Rick Holmes, assistant VP and CISO at Union Pacific Railroad, detailed at InfoSec World 2020 how the transportation giant incorporates cybersecurity risk into its larger enterprise risk management process in order to help senior executives estimate losses caused by potential cyber incidents and make better decisions on where to invest in defenses. “We think that…

Ex-CIA exec: Covid-19 has created ideal ‘crisis’ conditions for malicious hackers

Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference. In essence, the coronavirus has created ideal…

Triangle of network security management requires formalized process, Rodrigue says

Why do we care about cyber hygiene? For starters, security pros want to ensure operating effectiveness of basic controls and put in a system of checks and balances between processes. Companies also want to offer a foundation for more advanced technical security mechanisms, their effectiveness becomes limited otherwise. They also want to detect blind spots…

Cracking the cyber liability code leads to better insurance coverage

The cyber insurance market continues to evolve and mature with coverage enhancements, along with an abundance of carriers. With so many carriers entering the market, it’s more important than ever for companies to take their time and read the fine print. In their session Tuesday at InfoSec World 2020, “Cracking the Cyber Liability Code,” two…

Risk assessments reveal businesses remain deficient in security compliance, training

InfoSec World 2020 – An analysis of more than 100 risk self-assessments conducted by business organizations across a cross-section of industries revealed that over 65 percent admitted to achieving zero-to-minimal compliance of U.S. state data privacy and security regulations, including myriad breach laws and the California Consumer Privacy Act. The discouraging findings show that business…

Lululemon’s Rex Sarabia works up a sweat building a security awareness program from scratch

At InfoSec World 2020 on Monday, Rex Sarabia, security awareness program manager at Lululemon, led the session “Building an Enterprise Security Awareness Program from the Ground Up.” SC Media interviewed Sarabia about his presentation to learn more about Sarabia’s biggest challenges, his tips for security professionals starting up their own programs, and how he “gamifies”…

Sapphire Software’s Nicholas Takacs asks: Is self-aware malware possible yet?

“Two can play at this game…” Cybersecurity is a non-stop arms race between white hats and malicious hackers, and the three “A’s” — automation, analytics and artificial intelligence — are among the more powerful defensive tools that CISOs can implement to defend their organizations. But cybercriminals can also potentially employ them to magnify their attacks…

Next post in InfoSec World 2020