Governance Risk and Compliance

Container Security Image

Containers Complicate Compliance (And What To Do About It)

If you work within the security industry, compliance is seen almost as a dirty word. You have likely run into situations like that which @Nemesis09 describes below. Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes against its entire purpose. There are challenges when it comes to compliance, for sure. Organizations need to figure out whether to shape their efforts to the letter of an existing law or to base their activities in the spirit of a “law” that best suits their security needs—even if that law doesn’t exists. There’s also the assumption that a company can acquire ‘good enough’ security by implementing a checkbox exercise, never mind the confusion explained by @Nemesis09. Podcast Episode 141: Massive Data Breaches Just Keep Happening. We Talk about Why. However, there is truth behind why […]

Continue Reading

Episode 163: Cyber Risk has a Dunning-Kruger Problem also: Bad Password Habits start at Home

In this episode of Security Ledger Podcast (#163) sponsored by LastPass: companies are spending more than ever on cyber security, but feel less secure. Why? Kevin Richards of the insurer Marsh joins us to talk about that company’s Cyber Risk Perceptions Survey. Also Yaser Masoudnia of LastPass* joins us to talk about the blurry line between personal and professional is complicating enterprise security.

Continue Reading

RSA warns Digital Transformation is supercharging Digital Risk

“Digital transformation” is the buzz word du jour in industry. But executives at RSA Security warn that it is also magnifying digital risk in ways that are easy to miss.

Continue Reading

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In the first segment, we talk with Thomas Harvey of the firm RMS about the problem of “silent cyber” risk to insurers and how better modeling of cyber incidents is helping to address that threat. In part II, we invite Chip Block of the firm Evolver back into the studio to talk about the challenge that “converged” cyber physical systems pose to insurance carriers as they try to wrap their arms around their exposure to cyber risk. Editor’s note: as an experiment this week, we’re posting each interview as a separate download, to see if that makes it easier for listeners to jump to the content they’re most interested in. Use the comments section or Twitter (@securityledger) to let us know what you think or whether you prefer the single download! 

Continue Reading

How Digital Transformation is forcing GRC to evolve

As new risks emerge, security and risk management are converging and driving the development of integrated risk management, writes David Walter, the Vice President of RSA’s Archer division.

Continue Reading