In third-party cyber risk management – ratings don’t work and questionnaires don’t work.
Move to threat exposure management with auto-validated questionnaires.
4 Reasons risk-based prioritization better aligns with business objectives than CVSS prioritization
Organizations have been using CVSS scores to prioritize vulnerabilities, but risk-based prioritization considers the specific context of a business.
Threat Groups Actively Targeting Higher Education Institutions
The APT groups and their motives for targeting the higher education industry. FortifyData enriches risk management with cyber threat intel.
APT Group Targeting Higher Education
Trending APT group Mustang Panda targeting higher education, highlight the CVEs that group is targeting, and the malware or threats.
NSPM-33 Research Cybersecurity Guidance
NSPM-33 Research Cybersecurity Guidance for Research Institutions, FFRDC & Higher Education.
Third-Party Cyber Risk Management: Automating Product and Service Specific Assessments
Tips for automating your third-party cyber risk management program that focuses on in-scope products and services.
NIST SP 800-40 Compliance Guide: Patch Management Requirements
NIST SP 800-40 is a “Guide to Enterprise Patch Management Planning” that helps to provide structure to the organizational process of patch management.
How Old Vulnerabilities Introduce Zero-Day Risks
Zero-day risks from bad vulnerability management allows previously reported vulnerabilities to reappear as new.
You Can’t Patch What You Can’t See (Why Asset Discovery is an Essential Piece of Vulnerability Management)
The first step in effective vulnerability management is effective asset discovery — identifying and mapping all the assets in your environment.
Threat Advisory: Chromium Zero Day (MS Edge and Google Chrome)
The Chromium Zero Day Vulnerability (CVE-2022-2294) affects MS Edge and Google Chrome.