Risk Management & Compliance.

Nov 26th, 2020 - Ticketmaster UK, a leading ticketing company and part of Ticketmaster, has been fined £ 1.25 million by the Information Commissioner’s Office (ICO) as it failed to protect customer data during the infamous February 2018 data breach. The company is still not taking ownership of the breach, caused by a third-party application exploit! So what really went down in 2018 and who is responsible? Let’s break it down. Although Ticketmaster UK is not an eCommerce entity, online transactions are happening everywhere and opening up millions of attack options for hackers. This development has come at ... [Read More]

Nov 26th, 2020 - Webcor, a provider of commercial construction services throughout California needed a way to find and mitigate threats, and reduce the company’s cyber risk profile. Early in 2020, Webcor knew it needed to investigate potential threats across the organization’s endpoints and devices, including laptops, desktops and servers. The company ultimately decided that it would turn to a managed services partner to augment Webcor's existing IT staff and help increase its security expertise. Webcor turned to OpenText Professional Services team to help evaluate the company's current security ... [Read More]

Nov 25th, 2020 - Reducing the risks of remote work starts with updating the access policies of yesterday. For close to two decades, organizations have allowed privileged employees to work remotely by offering remote access solutions as a part of the daily work environment. But until recently, working remotely was more of a luxury than a necessity. With the rise of COVID-19, many organizations moved their entire workforces home overnight. That emergency shift could remain the norm now that many organizations have discovered how seamless the transition was — on paper. They point to benefits like employee ... [Read More]

Nov 25th, 2020 - Those familiar with the world of software and application development are probably aware of the concept of DevOps . But what about DevSecOps? DevSecOps essentially adds another layer to the process by combining security and DevOps . Often, software developers leave security testing to the very end. However, following this approach leads to applications running with a host of potential security issues that’ll delay your time to market. Today, DevSecOps forms the foundation of your software quality and delivery process. But before we get ahead of ourselves, let’s define it. What Is ... [Read More]

Nov 25th, 2020 - KYND Limited “I am delighted to further develop our relationship with the team at Howden Specialty. KYND has one focus and that is to make simple and effective cyber risk management available to every business. We are here to help our partners support their customers to overcome the challenges they face when it comes to understanding and reducing their business’ cyber exposure.” In a world where cyber risk firmly remains a significant challenge for businesses globally, it’s critical that we support our clients in navigating the ever-changing threat landscape. KYND’s powerful, yet ... [Read More]

Nov 24th, 2020 - [author: Dr. French Caldwell*] I'm often asked, "How did you go from submarining into integrated risk management and compliance space?" I know most risk majors come from either a direct risk management background or an IT security background or financial management background, insurance background. Why submarine? Well, as a submariner, risk management is part of your everyday job. You're faced with an unimaginable amount You have a 3000-pound hydraulics and a nuclear reactor. Many submarines carry nuclear weapons, 450-volt electricity. You're surrounded, you live in a hazardous environment. ... [Read More]

Nov 23rd, 2020 - IT general controls are among the most important elements of effective compliance and IT security. So it’s a bit strange that many businesses — and compliance professionals, for that matter — struggle to understand exactly how “ITGCs” support compliance and the many ways they can fail. So today let’s take a deep dive into IT general controls, and how organizations should govern their ITGCs to prevent those failures. What Are IT General Controls? In the simplest definition, ITGCs are controls that govern how technology is designed, implemented, and used in your organization. ITGCs ... [Read More]

Nov 23rd, 2020 - While the nation was preoccupied with the presidential race, California voted "YES" on the California Privacy Rights Act ("CPRA"), which amends and expands on the CCPA. Our sets forth the highlights of the balloted Proposition 24 , but in a nutshell, the CPRA was designed to close a number of loopholes in the CCPA, strengthen consumer privacy protections, and establish the California Privacy Protection Agency as the primary enforcement authority. Some dates to keep in mind – The CPRA amendments become effective on January 1, 2023, and will apply to personal information ("PI") collected by ... [Read More]

Nov 23rd, 2020 - Privileged access management company CyberArk today joined forces with Forescout and Phosphorus to leverage automated network integration to more effectively secure IoT devices on corporate networks . CyberArk maintains that companies can significantly reduce risk by using the joint integration they will offer to discover, secure and manage the increasing amount of networked IoT devices. Adam Bosnian, executive vice president, global business development at  CyberArk, said to protect against weak IoT firmware , organizations must maintain an up-to-date inventory of their IoT assets and ... [Read More]

Nov 23rd, 2020 - Here's what research reveals about how CISOs and their organizations responded to the pandemic and what they should do going forward. While far from over, the COVID-19 pandemic has had a massive effect on organizations and the security teams that work to protect them. Yet there have been learnings and interesting pieces of information at every stage of the pandemic. Many companies discovered their continuity plans didn’t account for every employee working remotely at the same time. While most companies managed to transition smoothly to the “new normal,” many needed to invest in ... [Read More]