Of all the areas under his direction - business continuity, GRC, data governance - third-party risk is the most challenging, says Peter Gregory, senior director of cyber GRC at GCI General Communications Inc. "Their breach is my breach," he says, offering mitigation advice.
Accreditation organization CREST has concluded an investigation into whether NCC Group employees cheated on its penetration-testing exams, finding that the cybersecurity business's training materials violated its rules. It says NCC Group has agreed to overhaul its processes and demonstrate compliance.
As an international bank, Barclays needed to invest more in its information security training in order to minimize risk and ensure business continuity. The goal was learn and teach the modern way to minimize a security breach posed by the latest advanced threats.
Cyber sieges immerse teams in real-world cyberattack...
The cybersecurity sector has made strides in growing its workforce and improving diversity. But significant hurdles remain, and Clar Rosso, CEO of (ISC)², says the keys to clearing them include training and refining current hiring practices.
A recent study showed that even though 82% of cybersecurity professionals are familiar with the MITRE ATT&CK framework, only 8% said they used it regularly. This led to development of the new MITRE ATT&CK Defender training and certification. Rick Gordon of MITRE Engenuity explains.
CIO. Consulting CISO. Mentor. Activist on behalf of recruiting more women for cybersecurity and leadership. Jo Stewart-Rattray has filled many roles, and she has great insights to share with those who are starting or changing careers.
The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.
The shortage of trained cybersecurity workers has substantially declined this year as many more individuals entered the field, says Clar Rosso, CEO of (ISC)², the U.S.-based nonprofit association that offers training to cybersecurity professionals.
Cyberattacks have become a
common hazard for individuals and businesses. The World Economic Forum Global Risks
Report 2020 ranks them as the seventh most likely and eighth most impactful risk, and the
second most concerning risk for doing business globally over the next 10 years.
The need for strong...
Students are increasingly turning to online universities as part of their educational experience. To keep students engaged, these platforms must provide positive user experiences, be consistently available, and remain secure. Cloudflare provides a scalable, easy-to-use, unified product stack to deliver security,...
Udacity is an online education company focused on making entry-level tech jobs more accessible through "Nanodegree" educational programs. Students from hundreds of different countries have gone through Udacity's programs, and some have been hired by top tech companies including Google, Amazon, and Facebook....
From the days of Rosie the Riveter, women have been closing the ranks in the disparity in gender in the workplace. Why, then, do women in the tech sector lag woefully behind?
Ann Sung Ruckstahl, senior vice president and chief marketing officer for Unisys, recently discussed the challenges "We're still in the middle...
Security awareness training helps educate organizations and prepare its people to defend against today's most threatening cyberattacks. But, sometimes well-intentioned strategies can have unintended consequences. Leveraging a "one-size-fits-all" solution may work for maintaining compliance, but what happens when a...