Cybergovernance Journal Update – 7/29/16
One of the problems of cybersecurity is that any given assessment is a snapshot in time within a rapidly changing environment. This amplifies the weaknesses of certain tools and processes. This makes choosing a solid, reputable method of assessing your organization all the more important.
What’s the Half-Life of Cyber Risk Compliance?
LinkedIn Pulse, July 16
To understand the value of your organization’s cyber risk assessment, it’s important to understand how long it will remain accurate. Given their longer half-life, are measures of defense intelligence preferable to scoring threat vulnerability?
What’s Wrong with the FFIEC Cybersecurity Assessment Tool?
TechTarget, July 17
Some say the Financial Institutions Exam?ination Council’s Cybersecurity Assessment Tool that says it sets up enterprises for compliance failure. What are the issues with this tool, and what do tools like this one need in order to really help enterprises?
Audit: FBI's Threat Prioritization Process Too Subjective and Sluggish
SC Magazine, July 22
The good news is that FBI may have at least a partial solution in its Threat Examination and Scoping tool… TExAS uses algorithms to assign a score to a particular cyberthreat, based on the responses to 53 impartial, weighted questions about the nature of the threat…
FRC Report on Corporate Culture and the Role of Boards Relevant to All
Financial Reporting Council, July
A healthy culture both protects and generates value. It is therefore important to have a continuous focus on culture, rather than wait for a crisis. Strong governance underpins a healthy culture, and boards should demonstrate good practice in the boardroom and promote good governance throughout the business…
Ponemon Cybersecurity Study Shows Corporate Data Vulnerabilities
Law.com, July 21
U.S. data breach notification laws mandate that companies notify customers or related third parties if data that may cause injury can be compromised, typically customers’ financial and personal identifying information. The regulatory focus on this information can leave many companies’ most important “knowledge assets,” things like trade secrets and corporate strategy unprotected or undersecured…
Auto Industry ISAC Releases Best Practices For Connected Vehicle Cybersecurity
DarkReading, July 21
The best practices cover seven broad areas, including governance and accountability, risk assessment and management, secure design practices, threat detection and mitigation, and incident response. In each case the guidance has been adapted for the car industry from established cybersecurity standards like NIST’s cybersecurity framework and ISO…
Subscribe
Be notified of new Journal entries in your email box or Follow us on Twitter.