CBI
CBI

CBI Blog

Tips for Surviving the LinkedIn Breach

Posted by John Beeskow on May 24, 2016 9:13:59 AM

Recently, LinkedIn pointed out that their data breach from 2012 was much larger than first thought. In 2012, it was reported that a hacker compromised 6.5 million passwords. However, this week the new total of weakly encrypted passwords totals more than 117 million, after it was confirmed that the information was being sold on a dark web marketplace.

Read More

Topics: data breaches, passwords, two-factor authentication

The Vendor Risk Management Storm is Here: Practical Tips for Weathering It

Posted by John Beeskow on May 3, 2016 3:00:36 PM

Earlier this month Jivika Govil wrote a blog that covered the expanding reach of the financial services regulators and the growing challenges with vendor risk management. Looking beyond the financial sector, the tidal wave of cloud services, the continued proliferation of ‘shadow IT’, and the general ease with which non-IT business leaders can solve their own business problems with lightweight, mobile, or cloud applications is putting more and more of the risk burden on vendor management.

Read More

Topics: Risk Management, CISO, Vendor Management

The Perfect Storm: Managing the Vendor Risk Management Beast in Financial Institutions

Posted by Jivika Govil on Apr 4, 2016 1:13:34 PM

The rising movement of audit and regulatory screening of financial institutions – which was triggered by global financial crisis in the past – has now reached beyond insurance companies, commercial banks and investment trusts. The tide of major bank agencies (Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, Federal Deposit Insurance Corp. and Federal Reserve) have required banks to increase the oversight of vendors which are deemed crucial to their operations.

Read More

Topics: Compliance, cybersecurity, Risk Management, Vendor Management

Building it In – The importance of a data-centric security program

Posted by Mark Painter on Mar 30, 2016 5:04:42 PM

Author: Mark Painter
Originally Published: HPE Security Blog 2/27/2016

We started this series of blog posts talking about protecting your digital assets by building security into the very fabric of your enterprise. Let’s expand on implementing a data-centric security program, and specifically on encryption. Encryption in one form or another has existed for thousands of years for one reason – it works. However, scytales and transposition cyphers are no longer sufficient when data is fluid and flows freely not only across your network but also mobile devices and the cloud alike. This is complicated by the fact that intruders have likely already breached your defenses.  

Read More

Topics: Data Security, CBI, Data Centric Security, Ransomware, HPE

Good morning, your CEO cares about Ransomware (and what to do about it).

Posted by Karsten Abata on Mar 10, 2016 4:21:28 PM

 
Author: Karsten Abata
Originally Published: LinkedIn 2/19/2016

The coverage and ensuing public fascination with the outage at Hollywood Presbyterian did as much to showcase the capabilities of well-written malicious software as it did to highlight the vulnerabilities of healthcare technology. By the end of the week, maybe your CEO had heard enough to wonder if the methods used to attack the Hollywood organization could be used to wreak havoc at yours.  

Read More

Topics: Symantec, healthcare, Data Security, HIPAA, APT, Ransomware, advanced persistent threats

Would you like to Contact Us?

Subscribe to CBI Blog Notifications


Connect with an IT Risk Management Expert