Cyber Insurance Archive
thirdy party problem

Are Your Third-Parties PCI-Compliant?

Payment Card Industry (PCI) Security Standard Council releases Data Security Standard to explain requirements and security assessment procedures. The latest version (v 3.2) was released on April 2016 and starting February 2018 it became effective as requirements. But what PCI says about third-party cyber risk management? What is PCI Data Security Standards? PCI is an […]
Software supply chain attacks

How to Prevent Software Supply-Chain Attacks

The recent warning posted by US National Counterintelligence and Security Center (NCSC) for software supply-chain attack risk draws attention to software used by companies in their supply chain. Every 3 out of 4 professionals acknowledge that they are not fully prepared for supply-chain attacks (aka third-party attacks or value-chain attacks) in responses given to a […]
iso 27001

Do You Monitor Your Suppliers? ISO/IEC 27001 Regulations Say You Should

Suppliers, in general third parties, have become one of the weaker links in the system. Recent TicketMaster data breach show how third parties may carry too much risk to your organization. Thus, they should be constantly monitored as ISO 27001 standard suggests. What is ISO/IEC 27001? ISO/IEC 27001 (some only write ISO 27001) is an […]
cobit organization

Third-Party Risk Management from COBIT’s perspective

Since its release in 2012, COBIT 5 has become a good-practice framework for IT management and governance for enterprises. By following certain checkpoints in the framework, a company can create a good IT risk management. It’s not surprising that COBIT emphasize third party risk management considering major cause of recent data breaches are third parties. […]
hipaa compliance

3rd Party Vendors of Healthcare Providers Must Meet HIPAA Regulations

The Health Insurance Portability and Accountability Act (HIPAA) aims to protect health-related and personal information of individuals, including medical records, health insurance data, SSNs of patients, etc. These information is very valuable and profitable in the blackmarket of dark web. Every year the data theft or extortion through ransomwares become a very big problem for […]
Outsmart Your Hackers

Outsmart Your Hackers

The simple truth: you are being targeted right now by a range of hackers from young-age script kiddies to sophisticated state-sponsored agents. They all have one thing in common, they are looking for a way to disrupt your business. When hackers identify their targets, they first conduct cyber reconnaissance. they quietly scan and map your […]
thirdy-party risks

2018 Guide to Select 3rd Party Cyber-Risk Assessment Tool

A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Another survey conducted by Deloitte in 2016 was more depressive, reporting that 87% of organizations have experienced a disruptive incident with third-parties in the last 2-3 […]
normshield supply chain

Supply Chain Cyber Risk are Finally Part of the NIST Cybersecurity Framework!

Recently, National Institute of Standards and Technology (NIST) released new version of its Cybersecurity Framework (v. 1.1), which includes several additions such as cyber risk originated from supply chains. The version 1.1 is a risk-based framework to improve cybersecurity of critical infrastructure in the US. However, it is used by many companies as a guideline […]
Risk Management

3rd Party Risk Management

3rd Party Risk Management; Many organizations have been talking about the third-party risk management for years and it is becoming more complex every day and attracting a lot of attention from the regulators. Most organizations have direct and/or indirect spendings on multiple vendors across the globe that make risk management more complex due to dealing with […]
cyber scorecard

Cyber Security Risk Scorecard; Are You Safe or Not?

Cyber Security Risk Scorecard; Today, almost all companies, regardless of the size or the sector, need to rate their cyber security risk. A reliable and actionable security scorecard can assess the risks and show the ways to eliminate the threats. Generating a security scorecard does not require your personal or secret information. Because they use […]