Your mission, should you decide to accept it, is to implement a sound data sanititization program.

Even at their most basic, information security programs are complex and include a seemingly endless combination of controls to detect, prevent and respond to data loss.

Want to proactively detect and resolve cyber vulnerabilities? Maybe it's time to crowdsource your intelligence through a bug bounty program…

After a data breach, regulators strive to evaluate if an enterprise fulfilled "reasonable" cybersecurity standards… without defining what "reasonable" looks like. 

When NIST recently updated its Cybersecurity Framework, it added only one new core category: Supply Chain Risk Management (SCRM). Placed within the Framework’s “Identify” function, SCRM encompasses, but typically extends beyond, traditional vendor management approaches. That’s because the supply chain typically extends beyond suppliers to include other external parties, such as integrators and even third-party communications providers.

Version 1.0 of the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF) celebrated its fourth birthday in February. The CSF is a “risk-based approach to managing cybersecurity risk... designed to complement existing business and cybersecurity operations.” I recently spoke with Matthew Barrett, NIST program manager for the CSF, and he provided me with a great deal of insight into using the framework.

Looking to implement the NIST Cybersecurity Framework in your organization this year? Take stock of your organization's current cyber maturity level and the path forward with these five steps.

The US House of Representatives passed a bill that would provide cybersecurity guidance to the nation’s small businesses.