Cybergovernance Journal Update – 7/29/16

by | Jul 29, 2016

One of the problems of cybersecurity is that any given assessment is a snapshot in time within a rapidly changing environment. This amplifies the weaknesses of certain tools and processes. This makes choosing a solid, reputable method of assessing your organization all the more important.

What’s the Half-Life of Cyber Risk Compliance?

LinkedIn Pulse, July 16
To understand the value of your organization’s cyber risk assessment, it’s important to understand how long it will remain accurate. Given their longer half-life, are measures of defense intelligence preferable to scoring threat vulnerability?

Read Article

What’s Wrong with the FFIEC Cybersecurity Assessment Tool?

TechTarget, July 17
Some say the Financial Institutions Exam?ination Council’s Cybersecurity Assessment Tool that says it sets up enterprises for compliance failure. What are the issues with this tool, and what do tools like this one need in order to really help enterprises?

Read Article

Audit: FBI's Threat Prioritization Process Too Subjective and Sluggish

SC Magazine, July 22
The good news is that FBI may have at least a partial solution in its Threat Examination and Scoping tool… TExAS uses algorithms to assign a score to a particular cyberthreat, based on the responses to 53 impartial, weighted questions about the nature of the threat…

Read Article

FRC Report on Corporate Culture and the Role of Boards Relevant to All

Financial Reporting Council, July
A healthy culture both protects and generates value. It is therefore important to have a continuous focus on culture, rather than wait for a crisis. Strong governance underpins a healthy culture, and boards should demonstrate good practice in the boardroom and promote good governance throughout the business…

Read Article

Ponemon Cybersecurity Study Shows Corporate Data Vulnerabilities

Law.com, July 21
U.S. data breach notification laws mandate that companies notify customers or related third parties if data that may cause injury can be compromised, typically customers’ financial and personal identifying information. The regulatory focus on this information can leave many companies’ most important “knowledge assets,” things like trade secrets and corporate strategy unprotected or undersecured…

Read Article

Auto Industry ISAC Releases Best Practices For Connected Vehicle Cybersecurity

DarkReading, July 21
The best practices cover seven broad areas, including governance and accountability, risk assessment and management, secure design practices, threat detection and mitigation, and incident response. In each case the guidance has been adapted for the car industry from established cybersecurity standards like NIST’s cybersecurity framework and ISO…

Read Article

Subscribe
Be notified of new Journal entries in your email box or Follow us on Twitter.