Optiv Blog

Want to be a Great Security Leader? You Need a Great Lawyer

· By J.R. Cunningham · 0 Comments

Information security continues to evolve as a profession, and this is certainly evident in the role that legislation, privacy, third-party risk and incident management play in the daily life of the information security leader. More often, as I meet with clients to discuss security strategy and risk, security leaders are struggling with the myriad of compliance requirements, various state and national privacy laws, and their relationship with the information security program.

Continue reading 0 Shares

PCI Compliance Every Day – Requirement 10

· By Jeff Hall · 0 Comments

When people think of PCI business as usual (BAU) they do not typically see the requirements in section 10 as having much of anything to do with BAU. However, there are a lot of things that need to be monitored. The requirement almost everyone remembers in this section with an explicit BAU is 10.6.1.

Continue reading 0 Shares

Third-Party Breaches Will Continue Until Morale Improves

· By Peter Gregory · 0 Comments

I have some bad news for you: breaches at third parties are not going to stop – not any time soon. Various studies show that somewhere between one-third and two-thirds of all breaches have their nexus in third-party service providers. Given the decade-long outsourcing trend that is not showing any signs of slowing down, this means that your organization has a decent chance of experiencing one directly or through one of your third parties.

Continue reading 0 Shares

GDPR Part 3: GDPR and the Information Security Program

· By J.R. Cunningham · 0 Comments

In this third and final part of the series, we’ll spend some time bringing GDPR and its various requirements back into the information security program in an effort to identify areas where GDPR compliance may become a side-effect of a business-aligned, risk-based, data-centric and threat-aware information security program.

Continue reading 0 Shares

GDPR Part 2: The Six Information Security Pillars

· By J.R. Cunningham · 0 Comments

In this second part of the series, we will discuss Optiv’s Six Information Security Pillars for GDPR compliance. For the information security professional, these six pillars will look familiar as standard components of an effective information security program. For this discussion, however, we will be relating these components of the information security program to the various applicable components of the GDPR.

Continue reading 0 Shares

Critical Infrastructure Security

· By Security Communications and Awareness Team, Jeff Stanley · 0 Comments

The United States Department of Homeland Security identifies 16 critical infrastructure sectors whose assets, systems and networks—whether physical or virtual—are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on national security, economic security, public health and safety, or any combination thereof.

Continue reading 0 Shares

GDPR Part 1: A Legal, IT, or Information Security Issue?

· By J.R. Cunningham · 0 Comments

The General Data Protection Regulation (GDPR) is a new regulation affecting organizations that reside in the European Union (EU) or merely transmit EU citizen data. The regulation is designed to strengthen data protection of this personal information and non-compliance comes with hefty penalties. Fines for the most serious infringements of GDPR are 20 million EUR or four percent of global revenue, whichever is greater.

Continue reading 0 Shares

PCI Compliance Every Day – Requirement 11

· By Jeff Hall · 0 Comments

The most widely known requirements in PCI DSS 3.2 section 11 with a timing implication are the quarterly external and internal vulnerability scans (11.2). External vulnerability scans are required to be done by an approved scanning vendor (ASV). Internal vulnerability scanning can be done by anyone that is deemed qualified to perform the scanning (as defined by the Penetration Testing Information Supplement).

Continue reading 0 Shares

Cyber Security Awareness: Take Control of Your Identity

· By Michael Lines · 0 Comments

October is National Cyber Security Awareness Month; the annual campaign led by the U.S. Department of Homeland Security that seeks to raise awareness about the importance of cyber security for the general public. It’s a great opportunity to take action to protect your personal information, especially in light of recent news events.

Continue reading 0 Shares

Online Safety - Simple Steps

· By Security Communications and Awareness Team, Jeff Stanley · 0 Comments

From cyber bullying to obtaining personal and sensitive information through phishing campaigns, harm lurks in many corners of the Internet. With a few simple steps, anyone connected can improve their personal security, making their online activities safer.

Continue reading 0 Shares
(139 Results)