Similar Posts

  • What Are the Implications of Meltdown and Spectre for IoT?

    ByKayne

    “Patching is a reactive strategy, and there are a couple of challenges that have led us to the current situation. One of those challenges is that the market has rewarded companies that develop and produce products rapidly, and the market has shown a willingness to accept post-release patching as an acceptable trade-off. As a result, developers and architects are rewarded by their employers for producing code and architecture very quickly with less thought given to cybersecurity.

    “The other significant challenge is that the cybersecurity community is generally homogenous. We have a diversity problem when just 11% of women work in cybersecurity. This lack of diversity in backgrounds and life experiences has influenced the analytic methodologies that are used to evaluate potential security issues with products. This lack of diversity of thought has led to the unfortunate set of expectations that breaches are inevitable, and this situation will continue until the cybersecurity industry does a better job of including diverse voices and opinions in the global conversation about security.”

  • Has Convergence Evolved, And How Converged Are Today’s Systems?

    ByKayne

    Since the 1990s, security convergence evolved from merging physical and network security into integrating physical, digital, and operational security. Initially, organizations combined controls to address risks from siloed measures. In the 2000s, connections between physical systems and IT security led to unified governance frameworks. By the 2010s, convergence became holistic, driven by cloud computing and mobile devices. Today, a unified framework aligns all security domains, integrating controls for cloud services, IoT, and industrial systems. Looking ahead, convergence will leverage AI, machine learning, and predictive analytics to enhance threat detection and response, while privacy regulations like GDPR and CCPA shape measures to protect user privacy.

  • Four Critical Cybersecurity Predictions for 2018

    ByKayne

    One fact will hold true in 2018, no matter what organizations do: cybercriminals will continue to reinvest their profits into building sustainable but illegal businesses. The underlying economics of cybercrime continue to give massive financial incentives to the attackers. Organizations should retaliate by adopting a “keeping up with the Joneses” mentality so that they’re always slightly more secure than organizations in the same market or vertical.

  • The GRC Maturity Model

    ByKayne

    Companies with mature GRC programs have an advantage over their competitors. However, something has been missing in the GRC world: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. That’s where the GRC Maturity Model comes in.

    Hyperproof’s GRC Maturity model is a practical roadmap for organizations to improve their GRC maturity business processes to enter new markets and successfully navigate our rapidly changing regulatory and legal space. By providing a vendor-agnostic roadmap for how companies can improve key business operations, we can help even the playing field for everyone in GRC.

    This extensive, peer-reviewed model written by Kayne McGladrey includes:

    • An overview and definition of Governance, Risk, and Compliance (GRC)

    • A summary of the four maturity levels defined in the model: Traditional, Initial, Advanced, and Optimal

    • An overview of the most common business practices associated with governance, risk, and compliance

    • A simplified maturity chart listing the attributes associated with each maturity level

    • A list of observable behaviors or characteristics associated with the maturity level to help you assess where your organization falls

    • A set of high-level recommendations for how to move from a lower level to a higher level