How to Perform a Business Impact Analysis
In the alphabet soup of acronyms that are part of the daily life of every business, one acronym stands out: BIA, or a Business Impact Analysis. But what is BIA in the context of cybersecurity?
What is Zero Trust?
Zero Trust is a cybersecurity model in which an organization’s security posture starts by not trusting anything outside a well-defined and approved environment. If any resource (device, human, etc.) attempts to access the organization’s infrastructure it is automatically rejected.
What are XDR, MDR, and EDR?
XDR, MDR, and EDR are related but different types of third-party cybersecurity solutions.
The acronyms XDR, MDR, and EDR stand for Extended Detection and Response, Managed Detection and Response, and Endpoint Detection and Response.
What is SOAR?
SOAR, which stands for Security Orchestration, Automation, and Response, automates repetitive and time-consuming tasks, improves threat detection, and streamlines incident response. It utilizes low-code programming engines and integrated threat intelligence feeds, and it can create automated playbooks to respond against specific events (triggers), and leverage artificial intelligence in analyzing security incidents.
What is GRC?
GRC (Governance, Risk, and Compliance) is a methodology to assure compliance and manage risk across the organization.
You can learn more about GRC and its three components here.
What is ESG?
ESG, which stands for Environmental, Social, and Governance, is a way of aligning a company’s business practices with these new expectations.
You can learn more about ESG here.
How to do Asset Discovery and Valuation
Asset discovery and valuation is the cornerstone of all successful cybersecurity and privacy programs. Absent this, you don’t know what you’re protecting and—even worse—at what cost.
How to Establish Cybersecurity and Privacy Policies
To effectively run a cybersecurity and privacy program, you’ll need to build core cybersecurity and privacy policies that govern these functions. These policies are critical in that they impact a wide swath of functions—from prevention to resilience and from identification to recovery.
Unlike many organizational policies that “come down from the mountain,” cybersecurity and privacy policies are derived following a substantial amount of discovery and assessment work.
How to Perform a Penetration Test
A penetration test, which is often shortened to “pen test,” is essentially a fake cyberattack. It is conducted by trained cybersecurity engineers, in hopes of revealing any vulnerabilities that the target may have. You can learn more about penetration tests here.
Introduction: The Whole Wide World of Privacy Regulations
This series of posts presents a survey of the privacy regulations that you’ll need to understand in order to protect your business. We’ll look at the most significant nations and also provide you with the necessary resources for you to dig further on any specific country of interest.