It is not possible to swing a stick in the cybersecurity world without hitting the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).… Read More »FAIR and NIST CSF: The Chocolate in your Peanut Butter
Another group of organizations with decades — if not centuries — of combined cybersecurity experience has promulgated a simple, straightforward set of actionable cybersecurity best… Read More »A Cyber Checklist with an Emphasis on Risk Management
Every company is (or should) be spending on cybersecurity to protect its information but does spending more actually correlate to a more secure system? There… Read More »Does Spending More on Cyber Mean Less Risk?
Buying a cyber insurance policy may be a norm for businesses, but having a clear sense of the specific assets you are trying to cover… Read More »Insurance May Not Be the Answer to Cyber Risk Concerns
When Big Tech CEOs testified on Capitol Hill last year, plenty of senior members became memes for their seeming failure to grasp the basics of… Read More »The Techlash Has Arrived (And With It, More Scrutiny For Cyber)
Everyone knows due diligence for an M&A deal must include a review of the acquired company’s cybersecurity systems. But checking systems and controls isn’t enough:… Read More »If You Aren’t Considering Cost, You Are Failing At Cyber Due Diligence
You can’t find every attacker but you can indemnify against the worst outcomes Marriott surely did some cybersecurity due diligence when it acquired Starwood Hotels… Read More »Marriott Data Breach and Cyber Due Diligence
In an earlier post, I offered some advice on what you should do to protect yourself from the Equifax breach. Today, I’m going to tackle what… Read More »The Equifax Breach Should Result in Legislation, But Not What You Think
A week after it was announced, the whole world is still buzzing about the breach of Equifax that compromised sensitive data of 143 million Americans… Read More »What Does the Equifax Breach Mean for You?
To paraphrase Shakespeare, I did not come here to vilify Equifax for its incompetence and malfeasance but to bury, hopefully, the model that has led… Read More »Explaining How the Equifax Breach Highlights Policy and Legislative Gaps