Loading...

Follow Information Security Forum on Feedspot


Valid
or
Continue with Google
Continue with Facebook

The official deadline for General Data Protection Regulation (GDPR) preparations falls on the Memorial Day holiday weekend in the United States. As you’ve discovered if you’ve been wading through GDPR preparations for the past year or so, this is not a set-it-and-forget-it regulation.

GDPR, with its unprecedented international reach and focus on individual data privacy rights, represents an ongoing commitment to protecting sensitive data; providing data subjects with access and control over their information; and continuously monitoring and improving all parts of the data ecosystem.

Each of these tasks is enormous and endless, and the potential penalties for compliance failures are significant. Many companies won’t be completely compliant before the deadline and the executive team, including the CFO, will need to set priorities, conduct gap analyses, and get serious about meeting responsibilities.

The post GDPR: We’re just getting started appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

As the plague of cyber security attacks continue to grow in scale and complexity, experts such as Donald Toon from the UK’s National Crime Agency, warn that it’s not longer a matter of if, but when, the next significant cyber security attack will happen. Thus, he concludes, businesses need start building their resilience now, if they want to avoid, and mitigate the serious financial and reputational consequences it can bring.

We’ve taken a look at the cyber activities over the past 12 months that have impacted businesses around the globe, and concluded a few possible reasons why this is the time business like yours need to take an extra care.

The post Why it’s more important than ever to protect yourself from cyber security threats? appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Thanks to portable tools like smartphones and tablets, the working world has never been better connected. And that closeness has opened up opportunities for business across the globe. A recent survey found 62 percent of people have traveled to another state for work in the past 12 months. Out of those, 25 percent say they used their own device when traveling, rather than one supplied by their employer.

Technology has allowed workers more freedom, but with that freedom comes risk and a need to better understand how to safeguard sensitive information before it’s compromised. 

Bring Your Own Device (BYOD) policies are the best solution companies have to answer this need, and in most cases, employees are happy to comply in exchange for certain perks, like having their bills paid by the company. Nevertheless, many companies are overwhelmed by the prospect of putting such a policy in place. To let that discomfort get in the way of teaching best practices, though, could lead to catastrophic results. That’s why Steve Durbin, managing director of Information Security Forum, argues it’s best to stay ahead of the curve by taking a proactive approach.

The post Does your company have a BYOD policy? appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

As the European Union’s General Data Protection Regulation (GDPR) goes into effect in just a few short weeks, companies are in high preparation mode to make sure they’re current with the new regulation. How to remain GDPR compliant remains to be a bit fuzzy, and this new regulation is expected to impact companies across the globe. Even if your company doesn’t reside in the EU, if you’re working with EU customers, you are still expected to stay compliant.

In order to receive better insight into GDPR, we reached out to technology thought-leaders and experts. We approached them with this question:

What should we be most concerned about with GDPR?

The post GDPR regulation compliance concerns: The top experts speak appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

On Tuesday May 1, 2018 we hosted our second Breakfast Series workshop titled: “Resilient Cyber Security in an Era of Technological Change: How Threat Intelligence can be used to Create an Early Warning System.”

The workshop hosted esteemed guests and speakers: Vivek Khindria, Director of Information Security at Bell Canada; Serge Bertini, the Country Manager for Canada at CrowdStrike; Nart Villeneuve, Senior Manager at FireEye iSIGHT Intelligence; John Menezes, President & CEO of Stratejm Inc.; Northeastern University’s Jose Sierra and Aliza Lakhani; and moderator Danny Timmins, MNP’s National Cyber Security Lead.

The post Resilient cyber security in an era of technological change appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The media is full of stories describing the overwhelming effects new technology has on the way people live and work. Terms such as Artificial Intelligence (AI) and the Internet of Things (IoT) are becoming everyday verbiage and plans for their deployment will land high on the agenda of business leaders over the next few years.

Headlines warning of cyber-attacks and data breaches are just as frequent. Assailants are everywhere: on the outside are hackers, organized criminal groups and nation states, whose capabilities and ruthlessness grow by the day; on the inside are employees and contractors, causing incidents either maliciously or by accident.

Business leaders are left feeling uncertain about the way forward. The dilemma is often stark: should they rush to adopt new technology and risk major fallout if things go wrong, or wait and potentially lose ground to competitors?

New attacks will impact both business reputation and shareholder value, and cyber risk exists in every aspect of the enterprise. At the Information Security Forum, we recently released Threat Horizon 2020, the latest in an annual series of reports that provide businesses a forward-looking view of emerging threats in today’s always-on, interconnected world. In Threat Horizon 2020, we drew from our research to highlight the top nine threats to information security over the next two years.

Let’s take a look at these threats and what they mean for your organization:

The post Preparing for the future: looking across the horizon of information security threats appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to for strategic and practical guidance on information security and risk management, today released Industrial Control Systems: Securing the systems that control physical environments, the organization’s latest report which prepares information security managers and practitioners to evaluate Industrial Control Systems (ICS) information security problems and protect ICS environments.

In conjunction with the release of this report, the ISF is launching the ISF ICS Security Program, a flexible and collaborative program to help organizations address the problems they are facing and to make effective, sustainable improvements to information security arrangements in their ICS environments.

The significant concerns about cyber risk raised during research – along with well-publicized cyber security incidents and an increase in media coverage of ICS security vulnerabilities – clearly demonstrates the urgency that organizations should now attach to improving information security across both ICS environments and the Industrial Internet of Things (IIoT). With many organizations heavily reliant on ICS to support business operations, the potential impact of getting information security wrong can be catastrophic. Costs can be extensive, corporate reputation severely damaged and lives can be put at risk. However, many of these same organizations are grappling with fast-changing, interconnected and complex ICS environments. At a time of increasing yet unclear levels of risk, business leaders are questioning the effectiveness of ICS security arrangements.

“In today’s modern, interconnected world, the potential impact of inadequately securing ICS can be catastrophic, with lives at stake, extensive costs and corporate reputations on the line. As a result, senior business managers and boards are under growing pressure to improve and maintain the security of ICS environments,” said Steve Durbin, Managing Director, ISF. “To improve the effectiveness of ICS security, organizations should implement a tailored, collaborative and risk-based approach. The ICS Security Program detailed in Industrial Control Systems: Securing the systems that control physical environments presents a practical and structured method for enabling actions that deliver advantages over adversaries and competitors alike.”

The post Information Security Forum launches new report focusing on Industrial Control Systems appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

NEW YORK – May 9, 2018 –– The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to for strategic and practical guidance on information security and risk management, has released Industrial Control Systems: Securing the Systems That Control Physical Environments, the organization’s latest report which prepares information security managers and practitioners to evaluate Industrial Control Systems (ICS) information security problems and protect ICS environments. In conjunction with the release of this report, the ISF is launching the ISF ICS Security Program, a flexible and collaborative program to help organizations address the problems they are facing and to make effective, sustainable improvements to information security arrangements in their ICS environments.

The significant concerns about cyber risk raised during research – along with well-publicized cyber security incidents and an increase in media coverage of ICS security vulnerabilities – clearly demonstrates the urgency that organizations should now attach to improving information security across both ICS environments and the Industrial Internet of Things (IIoT). With many organizations heavily reliant on ICS to support business operations, the potential impact of getting information security wrong can be catastrophic. Costs can be extensive, corporate reputation severely damaged and lives can be put at risk. However, many of these same organizations are grappling with fast-changing, interconnected and complex ICS environments. At a time of increasing yet unclear levels of risk, business leaders are questioning the effectiveness of ICS security arrangements.

The post Information Security forum launches new report on Industrial Control Systems appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Any cyber dwell time is detrimental to an organisation’s security posture and can result in significant harm. Dwell time is the length of time that a cyber attacker enjoys undetected access to a network before being discovered and expelled from that environment.

According to the 2018 M-Trends report by FireEye, the global median dwell time for 2017 was 101 days, but actual dwell times across the globe ranged from less than a week to more than 2,000 days. The longer the cyber dwell time, the greater the opportunity for an attacker to move laterally, gain credentials and access sensitive areas.

For many cyber attackers, it is necessary to conceal their activities and stealthily traverse a network for a sustained period to find the data they seek and realise their malicious objective (for example, misappropriate trade secrets, launder money or disrupt and degrade infrastructure).

The post Security Think Tank: Prevention and detection are key to limit dwell time appeared first on Information Security Forum.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

With the continued focus on personal information and the privacy rights of individuals, the General Data Protection Regulation (GDPR) officially goes into effect this month and it will certainly have an international reach, affecting any organization that handles the personal data of European Union (EU) residents, regardless of where it is processed. The GDPR adds another layer of complexity, not to mention potential cost and associated resources, to the issue of critical information asset management.

The GDPR redefines the scope of EU data protection legislation, forcing organizations worldwide to comply with its requirements. The GDPR aims to establish the same data protection levels for all EU residents and will have a solid focus on how organizations handle personal data. The benefits of the GDPR will create several compliance requirements, from which few organizations will completely escape.

The post GDPR is upon us? Are you ready? appeared first on Information Security Forum.

Read Full Article
Visit website

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview