All Chief Information Security Officer articles
-
ArticleInternal audit’s role in cyber-security testing: Where to start
Nathan Anderson, senior director of internal audit at McDonald’s, discusses ways internal audit can better answer management questions about cyber-risks and become a more independent cyber-security testing function overall.
-
Article
NYDFS regulation a best-practices model for cyber-security training
Companies must make cyber-security a continuous priority as threats evolve, often more quickly than the technology and regulations to counter them. That’s why the New York Department of Financial Services, under Maria Vullo, developed a policy that should act as a model for organizations.
-
Article
Cyber-Risk Summit: Compliance should view cyber-security through prism of risk
What’s most important for compliance officers is to understand the risks breaches and hacks pose to their organizations, not the technical manner of how those breaches occur, according to an expert panel at CW’s virtual Cyber-Risk Data Privacy Summit.
-
Article
Learning from SolarWinds: Five steps to fortify your cloud supply chain
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
-
Article
Best practices for M&A cyber-security due diligence in a virtual world
The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.
-
Article
NIST seeks comment on ransomware, cyber-attack guidance
The National Institute of Standards and Technology is seeking input on a trio of draft guidance published in the past week. Two of the drafts address ransomware attacks, and the third addresses protecting against cyber-attacks in the supply chain.
