Cybersecurity-Management

The 2024 State of Operational Technology and Cybersecurity Report reveals a significant rise in cybersecurity incidents, with nearly one-third of respondents experiencing six or more intrusions, up from 11% last year. This increase is notable in organizations with advanced maturity levels, with phishing and compromised business email being the most common intrusion types. … [Read more...] about 2024 State of Operational Technology and Cybersecurity Report

Data governance involves managing a company's data throughout its lifecycle through established principles and processes. It determines who can access data, under what circumstances, and using which methods. The primary goal is to ensure data is secure, high-quality, and aligned with business objectives.Key components include data quality, data privacy, data security, data … [Read more...] about Data Governance: What Is It and Why Is It Important?

Security information and event management (SIEM) combines security information management (SIM) and security event management (SEM) into a single system. It aggregates data from multiple sources, identifies deviations, and takes action by logging information, generating alerts, and instructing security controls. Initially driven by compliance needs, SIEM has become valuable for … [Read more...] about What is security information and event management (SIEM)?

Ineffective segregation of duties (SoD) in enterprise applications can lead to operational losses, financial misstatements, and fraud. The rapid addition of users to enterprise applications increases the risk of SoD violations, especially when default roles are not well-configured to prevent such violations. Business managers often struggle to obtain accurate security … [Read more...] about An Audit Handbook for Segregation of Duties

SecAware's "ISMS Implementation Guidelines" provide a fairly comprehensive, pragmatic approach to applying ISO/IEC 27001 in practice for information risk and security professionals. The document offers detailed guidance on constructing and implementing an Information Security Management System (ISMS) that aligns with the standard’s formal specifications and an organization’s … [Read more...] about Pragmatic ISMS Implementation Guidelines

Researchers are addressing the increasing need for robust cybersecurity measures among Small and Medium Enterprises (SMEs) in the face of evolving cyber threats. Given the budgetary constraints and limited cybersecurity expertise in SMEs, their study focuses on the potential of open-source Security Information and Event Management (SIEM) systems as cost-effective solutions. The … [Read more...] about Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions

The "CNIL Practice Guide: Security of Personal Data 2024" provides comprehensive guidelines for organizations to implement security measures ensuring personal data protection as mandated by the GDPR. The guide targets data protection officers (DPOs), chief information security officers (CISOs), IT professionals, and privacy lawyers, offering practical advice and … [Read more...] about CNIL Practice Guide to Security of Personal Data in 2024

In today's digital era, cybersecurity has emerged as a fundamental component of corporate strategy and risk management, necessitating a strategic approach in its communication, especially to board members. Cybersecurity is no longer just a technical issue but a crucial part of boardroom discussions due to the increasing frequency of cyber threats, which can disrupt business … [Read more...] about Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

The Payment Card Industry Data Security Standard (PCI DSS) has evolved to version 4.0, presenting new challenges and requirements for organizations handling credit card information. This version, which must be complied with by March 31, 2025, aims to foster continuous security posture monitoring and more closely integrates cybersecurity efforts with fraud management practices. … [Read more...] about Understanding and Preparing for Payment Card Industry Data Security Standard (PCI DSS) 4.0

In today's digital age, where almost every aspect of a business is connected to technology, organizations face the constant threat of cyberattacks that can disrupt their critical IT ecosystem. To mitigate such threats and ensure digital resilience, businesses must have comprehensive plans for business continuity, disaster recovery, and incident response. Business continuity … [Read more...] about Business continuity vs. disaster recovery vs. incident response

This article sheds light on the significance of ISO 27701 in data privacy management. ISO 27701, in particular, extends the principles of ISO 27001, which concentrates on information security, to include data privacy aspects. This standard is designed to help organizations manage and protect personally identifiable information (PII) effectively, ensuring compliance with privacy … [Read more...] about Demystifying ISO 27701: A Comprehensive Guide for Data Privacy Management

This NIST publication addresses the critical challenge of patch management in cybersecurity. Authored by experts from the National Cybersecurity Center of Excellence (NCCoE) at NIST and collaborators from various organizations, including Microsoft and The MITRE Corporation, the publication provides practical guidance for enhancing patching practices within IT systems.The … [Read more...] about Improving Enterprise Patching for General IT Systems