Cybersecurity pillars: Prevention, protection, mitigation, governance
By 
Jeff Dale2023-02-21T19:27:00
The former superintendent of the New York State Department of Financial Services explained how the structure of a cybersecurity program is like a compliance program and can be divided into four buckets during a panel discussion at Compliance Week’s virtual Cyber Risk & Data Privacy Summit.
Maria Vullo, now an adjunct professor of law at Fordham University, said a strong cybersecurity program is structured with prevention, protection, mitigation, and governance as the core pillars.
Vullo advised starting with a risk assessment, stressing prevention is a “foundational requirement” of any good cybersecurity framework but not necessarily something companies should set and forget.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumRisk assessment fundamentals: Flexibility, accountability, more
Tailoring your risk assessments to guidance from your relevant regulators is a good idea, a panel of compliance practitioners speaking at Compliance Week’s 2023 National Conference agreed. But it certainly isn’t the place to start.
-
PremiumAsk a CCO: Company investment in data privacy efforts
Four senior compliance practitioners discuss how their respective companies invest in compliance with varying data privacy requirements.
-
PremiumCloud ‘not a silver bullet’ for security
A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.
More from Cybersecurity
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumFinancial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.