Most Recent Blogs

IT Vendor Risk Management: Improving but Still Inadequate

Posted: November 05, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, cyber supply chain security

vendor-securityOne of the fundamental best practices of cyber supply chain security is IT vendor risk management. When organizations purchase and deploy application software, routers, servers, and storage devices, they are in essence placing their trust in the IT vendors that develop and sell these products. 

Read More

U.S. Critical Infrastructure Continue to Make Risky IT Bets

Posted: October 06, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, cyber supply chain security

critical-infrastructure-cityWhen the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary Leon Panetta was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012.  Panetta stated:

Read More

U.S. Critical Infrastructure under Cyber-Attack

Posted: September 29, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, cyber supply chain security, Critical Infrastructure

city_roadESG recently published a new research report titled, Cyber Supply Chain Security Revisited, focused on cyber supply chain security practices and challenges at U.S.-based critical infrastructure organizations.  The term “critical infrastructure” is associated with 16 industries designated by the U.S. Department of Homeland Security (DHS), “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof” (source: DHS).

Some experts believe that a cyber-attack on one or several critical infrastructure organizations could result in a “Cyber Pearl Harbor,” disrupting society and the economy for weeks or months. This places critical infrastructure organizations firmly in the national security bucket.

Read More

Cyber Supply Chain Security Is Increasingly Difficult for Critical Infrastructure Organizations

Posted: September 18, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, cyber supply chain security

security-systemAs the old cybersecurity adage states, "The cybersecurity chain is only as strong as its weakest link." Smart CISOs also understand that the proverbial weak link may actually be out of their control. 

Read More

Enterprises Need Outside-In Continuous Monitoring for Risk Management

Posted: April 24, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, Cybersecurity, Information and Risk Management, Security and Privacy, Security, risk management, DHS, Booz Allen Hamilton, Lockheed Martin, RiskIQ, BitSight, Target, CSC, CDM, cyber supply chain security, Public Cloud Service

Ask any CISO what their job entails and they are likely to respond with a common mantra: Assess IT risk, communicate IT risk to business executives, and then create and execute a mutually agreed upon plan to address risk.

Read More

Posts by Topic

see all