The answer depends upon whether the goal is security management vs. threat deterrence.

View this email in your browser.

We want to hear you

This monthly IT security newsletter comes from Conformance1, your IT-security systems services provider. We offer a number of free compliance and training tools including an interactive ISO 27001 certification checklist, pricing estimators, grouped discounted product/service purchasing, and more.

In this issue

The salary of a Chief Security Officer

The 22nd annual Security and Compliance Compensation report, produced by The Foushée Group, found that, from 2018 to 2023, the average base pay for a CSO increased by 1.3% to $345,266 annually. When including bonuses, the total compensation rose by 5.3% to $471,638 annually….Read more

What Security Breach Notification Laws Exist for Every U.S. State

Every U.S. state, including the District of Columbia, has established laws that mandate private businesses, and in most cases, government entities, to inform individuals about security breaches involving their personally identifiable information….Read more

ISO 27001
How to Implement ISO 27001 Clause 8 Operation: A Step-by-Step Guide

In this YouTube tutorial, Stuart Barker provides an in-depth guide to Clause 8 (Operation) of ISO 27001, focusing on operational planning and control. He emphasizes the significance of documentation in achieving ISO 27001 certification and explains how to navigate this clause successfully….Read more

Cybersecurity Risk Management: Frameworks, Plans, & Best Practices

This article by Mark Knowles discusses the complexities and challenges of managing cybersecurity risks in today’s digital environment. The article acknowledges the increasing difficulty of maintaining secure and compliant architectures and systems while offering recommendations on the best frameworks, plans, and practices….Read more

Risk Management
Security Assessment for an IoT-Based System

This article from QASource highlights the critical importance of security in the rapidly growing Internet of Things (IoT) market. With projections indicating significant growth in the IoT sector, the need for comprehensive security measures to protect data and services managed by IoT devices has become paramount….Read more

Risk Management
IBM’s Cost of a Data Breach Report 2023 finds the average cost of a data breach at $4.45 million

Key findings of the report reveal that the average cost of a data breach reached an all-time high in 2023 at USD 4.45 million, marking a 2.3% increase from the 2022 cost of USD 4.35 million. The report analyzed data from 553 organizations across 16 countries and regions and 17 industries over one year….Read more

Mastering NIST Penetration Testing: Your Essential Guide to Robust Cybersecurity

NIST’s penetration testing framework comprises four key stages: Planning, Discovery, Attack, and Reporting. Collectively, these stages aim to identify system vulnerabilities and suggest remediation strategies to fortify cybersecurity….Read more

IANS’ 2023 Security Budget Benchmark Summary Report finds cybersecurity budgets have continued to grow

Cybersecurity budgets have continued to grow, albeit at a slower pace than in 2020 and 2021. In 2023, cybersecurity budgets grew by 6% compared to double-digit growth in 2020 and 2021. The average security budget as a percentage of the total IT budget also rose to 11.6% in 2023, continuing a four-year upward trend….Read more

Risk Management
“Lions and tigers and bears, oh my!” Global legal risks in cybersecurity investigations

Drawing an analogy to the fears expressed in “The Wizard of Oz,” the article underscores how companies grapple with varied and sometimes conflicting legal obligations across different jurisdictions….Read more

Getting Started With Passkeys, One Service at a Time

Major technology companies like Apple, Google, Microsoft, and third-party password providers such as 1Password and Bitwarden have embraced passkeys. This widespread adoption is in response to the recognition that passwords pose a significant security risk online….Read more

Improving Enterprise Patching for General IT Systems

The report highlights the long-standing issue of cybersecurity attacks due to unpatched software. Despite widespread awareness of this vulnerability, many organizations struggle to update their software. A successful patching strategy must balance security with business objectives and mission impact….Read more

Risk Management
Data Protection and Recovery: A Foundation to a Cyber Readiness Plan
The document highlights the need for a new approach to cybersecurity, particularly in protecting information management systems and data. A comprehensive approach to intelligent data management should be distinguished from traditional disaster recovery strategies…Read more

Demystifying ISO 27701: A Comprehensive Guide for Data Privacy Management

ISO 27701 is designed to help organizations manage and protect personally identifiable information (PII) effectively, ensuring compliance with privacy laws and bolstering customer trust. This article sheds light on the significance of ISO 27701 in data privacy management….Read more

Risk Management
Key reasons third-party risk management programs fail

According to a Gartner report, over 80% of organizations have encountered business disruptions due to third-party issues in the past two years, highlighting the importance yet difficulty of managing such risks. John P. Mello Jr.’s article discusses organizations’ prevalent challenges in managing third-party cybersecurity risks….Read more

We want to hear you