The need to implement zero trust at scale is growing ever more critical. In this video interview with Information Security Media Group, subject matter experts Srinivas Tummalapenta of IBM and Justin Douglas of Palo Alto discuss the guiding principles of scaling zero trust.
The nature of the new "norm" in this post-pandemic era of remote work is revolutionizing how your organization has to operate. With dozens of applications used across a diverse landscape, how do you ensure that your organization stays secure while being compliant with changing rules and regulations?
RegScale has purchased a startup founded by the FCC's former chief data officer that makes documenting compliance easier for nontechnical personnel by using a questionnaire. The GovReady deal means customers will be able to demonstrate their adherence to standards by answering questions.
In an increasingly interconnected world, we are moving from the Internet of People to IoT to the Internet of Applications, which broadens the attack surface and presents new security risks. Could common governance and policy for IT, OT and ICS - driven by the IT team - mitigate the risks?
In 2021, U.S. mergers and acquisitions shot up 55%. In 2022, that percentage is set to climb even higher. The wave of post-COVID M&A demands that cybersecurity leaders improve their efficacy. Ben Murphy of Truist shares insight on where, when and how cybersecurity needs to influence the M&A agenda.
Earlier this year, Sri Lanka became the first South Asian country to pass privacy legislation, which will go into effect in 2023. ISMG talked to several privacy experts about the highlights of Sri Lanka's Data Protection Act and what companies are doing to comply with the new regulations.
Immersive Labs completed a funding round just weeks after laying off 10% of its workforce to cover more developer languages and safeguard Azure and Google Cloud. The Ten Eleven Ventures-led funding will help Immersive Labs expand its coverage from frontline cybersecurity staff to development teams.
ISACA's State of Digital Trust 2022 survey shows significant gaps between what enterprises are doing and what they should do to earn customer trust in digital ecosystems. While 98% of those surveyed say digital trust is important, only 12% have dedicated staff roles to digital trust.
Tenable wants to help the cybersecurity industry move away from traditional vulnerability management focused on giving customers a list of vulnerabilities. Instead, CEO Amit Yoran wants to help customers understand their exposure and how they can effectively manage and reduce risk.
A well-managed multi-cloud strategy "is a sensible approach" because it allows organizations to move different workloads between providers, but it gets a "bit more complicated when you start thinking about workload portability," says Lee Newcombe, security director, Capgemini U.K.
OneTrust has put nearly $1 billion in investment to good use, helping companies address data governance, security assurance, third-party risk and more, Chief Strategy Officer Blake Brannon says. OneTrust has taken on challenges such as monitoring the ethical use of data and verifying compliance.
Of all the areas under his direction - business continuity, GRC, data governance - third-party risk is the most challenging, says Peter Gregory, senior director of cyber GRC at GCI General Communications Inc. "Their breach is my breach," he says, offering mitigation advice.
The Treasury Department's Office of the Comptroller of the Currency has hit Citibank with a $400 million fine for deficiencies in enterprisewide risk management, compliance risk management, data governance and internal controls. Meanwhile, the Federal Reserve is requiring the bank's board to take action.
The key components of an effective "zero trust" architecture include multifactor authentication, network segmentation and a defense-in-depth approach, says Dr. Erdal Ozkaya, regional CISO and managing director at Standard Chartered Bank in the United Arab Emirates.
With most employees working at home during the COVID-19 pandemic, it's more important than ever for businesses to ensure that their third-party providers have adequate business continuity plans in place to ensure uninterrupted service, says Srilanka-based Sujit Christy, global CISO at John Keells Holdings.