We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

 



June 15, 2018 | Regulations & Legislation
By Mark Clancy, IANS Faculty

 Tackling the New York State Department of Financial Services (NYDFS) Cybersecurity Requirements

While the bulk of the new NYDFS cybersecurity requirements took effect in March, rules on audit logging, application security, data retention and risk based monitoring for staff with access to nonpublic information come into effect this September. In this webinar, IANS Faculty Mark Clancy will address some of the major pain points such as data at rest encryption, continuous monitoring, and notification of “events." He will also detail strategies for complying with the NYDFS requirements right now, in the coming months, and looking ahead to the implementation date for third parties.

Read More »


June 14, 2018 | Leadership Skills

 Overview of Number of Cybersecurity Staff per Employee

Some 75% of global organizations reported having one full-time cybersecurity employee for every 500 and 3,000 end users. The exact number depends on the type of enterprise, their data data dependency, internet exposure and risk appetite.

Read More »


June 13, 2018 | Risk Management

 Risk Acceptance Template

This template for a risk acceptance memo is designed both to drive discussion, and provide an opportunity for business stakeholders (e.g., the system owner, business owner, etc.) to understand and perhaps even challenge the associated risk assumptions, constraints and calculations.

Read More »


June 12, 2018 | Metrics and Reporting
By Marcus Ranum, IANS Faculty

 Create Metrics to Show Security’s Business ROI

Dollar-based metrics may get executives' attention, but are they the right tools to use to promote information security across an organization? In this Ask-an-Expert written response, IANS Faculty Marcus Ranum steps through the process of creating actionable security metrics and suggests focusing on staff time vs. dollars when reporting to top management.

Read More »