Part 4: Third Party Risk Management (TPRM) – A Series in Program Development

Part 4: – “Full Engagement” – Bringing Value to Partnerships This is the third of a four part series. To read part one of this report click here. This series has been designed to help CISOs and other risk management practitioners examine their programs from a unique perspective – one in which the objective problem your…

Details

Part 3: Third Party Risk Management (TPRM) – A Series in Program Development

Part 3: – “Strengthening Your Strategy” – How Do You Make the Most of Continuous Monitoring? This is the third of a four part series. To read part one of this report click here. This series has been designed to help CISOs and other risk management practitioners examine their programs from a unique perspective – one…

Details

Part 2: Third Party Risk Management (TPRM) – A Series in Program Development

Part 2: – “Knowing Your Ground” – What Conditions Create Third Party Risk? This is the second of a four part series. To read part one of this report click here. This series has been designed to help CISOs and other risk management practitioners examine their programs from a unique perspective – one in which the…

Details

Don’t look for talent. Create it instead.

Some people establish organizations because they want to build something big, or want recognition. But in 2013 when I established the Philippine Institute of Cybersecurity Professionals, I was coming from a different place: Disappointment and anger. At that time I had just come back home from a security consulting stint in Spain. When I got…

Details

OD in cybersecurity

CISO, Delta Dental Plans Association Cybersecurity is so much about users and the vigilance of people in the organization. Understanding the underlying psychology of the organization, its culture and mindset, gives me an amazing insight that is priceless in developing cybersecurity strategies. The most useful concepts that help me at my job as CISO of…

Details

A Modest Proposal to Eliminate (or Modify) Breach Disclosure Laws

by Mark Rasch Google recently disclosed the fact that a vulnerability in its Google Plus configuration could have been used by hackers to expose personal information about users of the Google Plus service. (https://www.nytimes.com/2018/10/08/technology/google-plus-security-disclosure.html) Indeed, Google announced that it was shutting down the service as a result of the hack. That’s not what outraged the…

Details

Darren Death: Developing a business continuity plan – and sticking to it

It is standard business practice for organizations to have a contingency plan after acknowledging the various threats and risks that it faces. Having a plan in place, however, is not enough. The organization must periodically update the plan, test how well it works, communicate it to stakeholders, and ensure that people have the capability to…

Details