IDG Contributor Network
Want to Join?
Crossroads of Cybersecurity and the Law
Opinions expressed by ICN authors are their own.
Avoiding the pitfalls of operating a honeypot
Businesses should think very carefully before moving forward with any honeypot project.
4 key vendor contracting pitfalls
Unless these 4 pitfalls are avoided, a vendor can have the absolute best security documents in the industry and still present material risk to its customers.
Why every business should consider ISO 27701 compliance for their vendors
The new standard provide a comprehensive set of controls for information security and the protection of personal information.
Business email compromise: The odds of being a victim are increasing
Given the growth over the last few years in BEC and EAC fraud, businesses should educate employees about the risks involved and red flags of this activity.
Proposed changes to California Consumer Privacy Act of 2018 could rewrite privacy law
A recently proposed repeal of 2018's CCPA called the PAA would shift California even closer to the requirements of the GDPR.
A hacker or your cloud provider. Who presents the greatest risk to your data?
The latest threat to your data may not be a hacker, but your own cloud provider, who can suspend performance and hold your data hostage.
Can owning your company’s encryption lead to better security?
While the current vendor environment clearly poses significant challenges and risks to businesses entrusting them with their data, use of encryption can, at least in many cases, materially mitigate that risk. The devil, however, is in...
The end of security as we know it
Beware of vendors who attempt to abdicate their responsibility to unnamed third-party contractors.
Reconciling information security and shrink-wrap agreements
Addressing the security risks that come with non-negotiable shrink-wrap (or click-wrap) agreements.
Is California’s Consumer Privacy Act of 2018 going to be GDPR version 2?
Discussing the California Consumer Privacy Act of 2018, which covers businesses that collect or sell information about California residents. Some view it as the General Data Protection Regulation 2.0.
Integrating information security into the technology development process
Ensuring vendors commit to a development environment for their products that represents best practices for assessing and testing security.
Do those stellar security obligations really provide any protection?
It is vital for businesses to understand limitation-of-liability clauses in vendor contracts, especially when recovering damages from a cybersecurity breach. Here is insight into these clauses, including how businesses can best draft...
Doing security policies right
To maximize the effectiveness of your business’ security policy, consider these five essential areas during the creation and deployment stages.
Think of 'insiders' when drafting and implementing security policies
By following a few simple steps, the risk of vendor personnel using customer systems can be greatly diminished.
How to avoid security assessment cost overruns
Tips on mitigating the risks posed by third-party security assessment engagements.
A checklist for avoiding cyberattacks with vendors’ tech products
Vendors who offer products with few or none of these protections should be closely scrutinized.
6 resolutions for a secure new year
Action items that have the potential to substantially increase a business’ overall cybersecurity.
Employee training remains the best first line of defense against cybersecurity breaches
Ongoing training about current and future security issues is just not on the radar screen of most companies. That has to change.
6 tips for drafting better statements of work
You can draft the most protective contract in the world, but if the statement of work (SOW) fails to adequately describe the deliverables, projects can fail.
What can my cloud provider do with my data?
Lack of specificity regarding cloud vendors' rights to use customer data presents a significant risk in the majority of cloud services agreements. This article discusses two of the most critical issues presented by this risk and...
