Developing an information security decision-making matrix

Developing an information security decision-making matrix

It is possible to create a simple, bright-line means of triaging engagements to determine whether heightened security and privacy measures should be required.

06/04/2019

Proposed changes to California Consumer Privacy Act of 2018 could rewrite privacy law

Proposed changes to California Consumer Privacy Act of 2018 could rewrite privacy law

A recently proposed repeal of 2018's CCPA called the PAA would shift California even closer to the requirements of the GDPR.

04/18/2019

A hacker or your cloud provider. Who presents the greatest risk to your data?

A hacker or your cloud provider. Who presents the greatest risk to your data?

The latest threat to your data may not be a hacker, but your own cloud provider, who can suspend performance and hold your data hostage.

04/03/2019

Can owning your company’s encryption lead to better security?

Can owning your company’s encryption lead to better security?

While the current vendor environment clearly poses significant challenges and risks to businesses entrusting them with their data, use of encryption can, at least in many cases, materially mitigate that risk. The devil, however, is in...

02/04/2019

The end of security as we know it

The end of security as we know it

Beware of vendors who attempt to abdicate their responsibility to unnamed third-party contractors.

11/14/2018

Reconciling information security and shrink-wrap agreements

Reconciling information security and shrink-wrap agreements

Addressing the security risks that come with non-negotiable shrink-wrap (or click-wrap) agreements.

09/21/2018

Is California’s Consumer Privacy Act of 2018 going to be GDPR version 2?

Is California’s Consumer Privacy Act of 2018 going to be GDPR version 2?

Discussing the California Consumer Privacy Act of 2018, which covers businesses that collect or sell information about California residents. Some view it as the General Data Protection Regulation 2.0.

08/01/2018

Integrating information security into the technology development process

Integrating information security into the technology development process

Ensuring vendors commit to a development environment for their products that represents best practices for assessing and testing security.

06/29/2018

Do those stellar security obligations really provide any protection?

Do those stellar security obligations really provide any protection?

It is vital for businesses to understand limitation-of-liability clauses in vendor contracts, especially when recovering damages from a cybersecurity breach. Here is insight into these clauses, including how businesses can best draft...

05/30/2018

Doing security policies right

Doing security policies right

To maximize the effectiveness of your business’ security policy, consider these five essential areas during the creation and deployment stages.

04/25/2018

Think of 'insiders' when drafting and implementing security policies

Think of 'insiders' when drafting and implementing security policies

By following a few simple steps, the risk of vendor personnel using customer systems can be greatly diminished.

03/29/2018

How to avoid security assessment cost overruns

How to avoid security assessment cost overruns

Tips on mitigating the risks posed by third-party security assessment engagements.

03/01/2018

A checklist for avoiding cyberattacks with vendors’ tech products

A checklist for avoiding cyberattacks with vendors’ tech products

Vendors who offer products with few or none of these protections should be closely scrutinized.

01/30/2018

6 resolutions for a secure new year

6 resolutions for a secure new year

Action items that have the potential to substantially increase a business’ overall cybersecurity.

12/14/2017

Employee training remains the best first line of defense against cybersecurity breaches

Employee training remains the best first line of defense against cybersecurity breaches

Ongoing training about current and future security issues is just not on the radar screen of most companies. That has to change.

11/21/2017

6 tips for drafting better statements of work

6 tips for drafting better statements of work

You can draft the most protective contract in the world, but if the statement of work (SOW) fails to adequately describe the deliverables, projects can fail.

09/25/2017

What can my cloud provider do with my data?

What can my cloud provider do with my data?

Lack of specificity regarding cloud vendors' rights to use customer data presents a significant risk in the majority of cloud services agreements. This article discusses two of the most critical issues presented by this risk and...

08/29/2017

Know the 'real' price of vendor contracts

Know the 'real' price of vendor contracts

Although many vendor engagements result in close working relationships, the age of predatory vendors is upon us. What can you do to avoid them?

07/20/2017

Despite the warnings, corporate cyber defenses remain inadequate

Despite the warnings, corporate cyber defenses remain inadequate

If anything, 2017 will be remembered as the year of the cyber-attack. No business is safe. No industry is exempt. In this article, Mike Overly takes a detailed look at the WannaCry ransomware attack and recent cyber-attack statistics,...

06/21/2017

Cloud solutions: The danger of 'floating' contracts

Cloud solutions: The danger of 'floating' contracts

In most cloud engagements these days, it is not only the customer’s data that is in the cloud, but also many key parts of the vendor contract as well. That is, the average cloud vendor today generally places several key areas of the...

05/25/2017

Load More