Access "Vendor risk management and the CISO"
This article is part of the December 2010 issue of Inside the Data Accountability and Trust Act and what it means for security
Every business today depends to some extent on third parties -- it's a reality that's becoming even more pronounced as companies move to more cloud-based services. And in order to effectively provide a product or service, a certain percentage of those third parties will require access to confidential corporate and/or customer information. Obviously, it is incumbent on management to ensure that not only is the third party capable, but also in the course of its operations can ensure that the data entrusted to it remains secure. Traditional vendor management programs have tended to focus to a large degree on "ability to deliver" with data security being an almost secondary consideration. What managers often fail to fully appreciate, especially for large or very visible companies, is that while a third party's failure to deliver would in all likelihood be operationally disruptive, a massive data breach could be devastating. The challenge for companies is how to ensure protection when they often have little ability to monitor day-to-day operations, evaluate the ... Access >>>
Premium Content for Free.
Disaster recovery and contingency planning security considerations
Security must be included in disaster recovery planning to ensure sensitive data is protected.
Customized malware programs require new response, experts say
Cybercriminals are taking advantage of poorly deployed security software with customized malware designed to infiltrate systems and steal data without being detected.
- Disaster recovery and contingency planning security considerations
Understanding the Data Accountability and Trust Act
by Richard E. Mackey, Jr., Contributor
The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.
Vendor risk management and the CISO
by Eric Holmquist
The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.
- Understanding the Data Accountability and Trust Act by Richard E. Mackey, Jr., Contributor
Cloud computing technology: Don't get left behind
Cloud computing presents a lot of security issues but security professionals need to accept the challenge.
Career advantages of security professional certifications and advanced degrees
by Lee Kushner and Mike Murray
Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.
Internet privacy laws will get attention in the next Congress
by Judith Harris, Christopher Cwalina, and Amy Mushahwar
In the 112th Congress, enterprises can expect a heavy focus on Internet privacy issues on Capitol Hill.
- Cloud computing technology: Don't get left behind
More Premium Content Accessible For Free
For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...