Category: blog

Top Third-Party Data Breaches in 2023

Top Third-Party Data Breaches in 2023 Third-party data breaches have become an all-too-common occurrence, underscoring the importance of cybersecurity programs that include a vendor or third-party cyber risk management component. The history of third-party data breaches can be traced back to the early days of the internet. As online transactions became more common, companies started […]

The FTC Safeguards Rule Amendment Now Includes Your Business  

The FTC Safeguards Rule Amendment Now Includes Your Business   Here is How Your Company Can Comply  The FTC Safeguards Rule will be applied to many new industries beyond traditional financial services organizations. The Federal Trade Commission (FTC) has been preparing to amend the GLBA Safeguards Rule for protection of customer data. The Safeguards Rule is […]

TPRM in 10 Days

TPRM in 10 Days – Guaranteed You need a TPRM Program NOW Old methods of building a TPRM no longer work Migrate to an agile TPRM Program NOW There’s a much better way to build a TPRM Program FortifyData can get you started in 10 Days – Guaranteed! You need a TPRM program now Third-Party […]

Penetration Testing vs Vulnerability Assessments: Understanding the Differences 

Penetration Testing vs Vulnerability Assessments: Understanding the Differences Penetration testing and vulnerability assessments are two important components of any organization’s cybersecurity strategy. Both aim to identify potential security risks, but they do so in different ways. Understanding the difference between these two methods is essential to developing a comprehensive security plan that protects your organization’s […]

What is the FTC Safeguards Rule and How Can Higher Education Institutions Comply

What is the FTC Safeguards Rule and How Can Higher Education Institutions Comply? The FTC Safeguards Rule will be applied to Title IV institutions based on an upcoming change to the rule that will add higher education institutions to the scope and impose requirements on institutional cybersecurity programs.   The Federal Trade Commission (FTC) has […]

4 Reasons risk-based prioritization better aligns with business objectives than CVSS prioritization

4 Reasons risk-based prioritization better aligns with business objectives than CVSS prioritization Traditionally, organizations have used Common Vulnerability Scoring System (CVSS) scores to prioritize their vulnerabilities. CVSS scoring was created almost two decades ago with the intent of providing “open and universally standard severity ratings of software vulnerabilities.” They do a good job looking for […]

Threat Groups Actively Targeting Higher Education Institutions 

Threat Groups Actively Targeting Higher Education Institutions Jan. 2023 Threat Advisory  Summary  Threat intelligence can provide valuable insights into the latest vulnerabilities being actively exploited by cybercriminals, as well as the potential impact these vulnerabilities could have on your organization. This information can help you prioritize vulnerabilities and determine the most effective patching or mitigation […]

APT Group Targeting Higher Education

How APT Group Mustang Panda is Targeting Higher Education Threat Advisory – Higher Education Sep-Nov 2022 Universities and Colleges are no exception to the increasing attention they are getting from threat groups. In this post we will give an overview of a trending APT group targeting higher education, highlight the CVEs that group is targeting, […]

NSPM-33 Research Cybersecurity Guidance

NSPM-33 Research Cybersecurity Guidance This post provides background on the National Security Presidential Memorandum-33 (NSPM-33) for research institutions that receive federal support, who it applies to and a focus on the research security program requirements.  Recently the National Science and Technology Council developed implementation guidance, in conjunction with the White House Office of Science and […]