Articles

A Brief History of Vendor Risk Scoring

Vendor risk scoring is a practice that has emerged to address the complexity of vendor management by assigning vendors a single score– typically a number or letter grade– to facilitate comparison between vendors and portfolios. The past decades of digital transformation have provided both the need for innovative IT security hygiene assessment techniques and the technological capabilities to gather and analyze the data necessary to give those risk scores predictive power. Now the vendor solutions have reached a level of maturity that they are valuable for businesses of all sizes and sectors.

Filed under: third-party vendor risk, vendor risk, vendor risk scoring, risk scoring

Five Things to Know About Third Party Risk

In managing cyber risk, it’s not enough to ensure that your business’s systems are secure. You must look beyond your perimeter properly vet the third and fourth-party vendors who will have access to your data without being subject to your governance. If an organization outsources technological functions to third parties, or uses them in its supply chain or data handling, the risk is compounded by these parties’ weaknesses. The 2013 Target data breach, which began at an air conditioning subcontractor, is a well known example, but the danger of third party risk has only increased. More third party breaches are being discovered than ever before.

Filed under: cyber risk, third-party vendor risk

Secure Rsync in the Enterprise

Introduction

Utilities in the Enterprise

Modern enterprise data centers are a complex mix of different technologies geared towards accomplishing business goals. Some of these technologies are pricy, big-name business solutions, but some are simple tools and utilities, facilitating processes. Linux sysadmins have been using rsync (remote synchronization) to move and mirror files for two decades, though versions of it now run on nearly every platform. Its lightweight build, small footprint, and usability make it a good choice for simple file copy operations. But this same asset is also a liability for many utilities: designed purely for functionality, they may not automatically account for potential risks to enterprise data. To successfully use rsync in the enterprise means protecting the data being transferred through it from accidental exposure.

Filed under: IT security, rsync

UpGuard Helps You Find The Right Steps

It is increasingly hard to trust your technology as it scales along with your business. New servers, network appliances or applications are constantly added to your IT environment in costly efforts to optimize your business needs. With increasingly strict regulatory rules in place, this leaves many of us worried about IT backlash.

Filed under: upguard, process, Procedures

UpGuard Procedures: Digitize Runbooks. Reduce Poor Documentation.

Most engineering teams we connect with tell us they do not have any runbook repositories of documentation for logging their processes.

Filed under: process, Procedure, Runbook, Procedures, processes

Configuration Monitoring on Ubuntu OS

Introduction

As the most common Linux distro, configuration monitoring for Ubuntu OS requires straightforward scan setups and easy to understand visualizations of change.

Filed under: Ubuntu

BitSight vs SecurityScorecard

When it comes to assessing enterprise cyber risk, leading vendors are taking different approaches to quantifying and evaluating digital risk exposure. BitSight and SecurityScorecard are two companies that focus strictly on external measures of cyber risklet's see how they stack up in this comparison.

Filed under: security, digital resilience, cybersecurity

SaltStack vs Ansible Revisited

It's been a while since we last covered these two leading IT automation solutions—suffice to say, both SaltStack and Ansible have evolved significantly since then. Let's take a fresh look at how they compare when it comes to enterprise-grade IT automation and orchestration.

Filed under: IT automation, ansible, salt, IT management

Cavirin vs RiskRecon

The emergence of the cyber risk assessment space marks a strategic shift in how enterprises handle digital threats, from traditional, ineffective security-centric approaches to blended frameworks that combine layered security and risk management. Let's see how Cavirin and RiskRecon stack up when it comes to measuring enterprise cyber risk.

Filed under: security, cyber risk, digital resilience, Cavirin, RiskRecon

Rapid7 vs Qualys

According to the Forbes Insights/BMC second annual IT Security and Operations Survey, 43 percent of enterprises plan on redoubling their patching and remediation efforts in 2017, citing patch automation investments as having the best ROI among security technology purchases in 2016. It's not hard to understand why: the same survey reveals that known security vulnerabilities continue to cause the majority of data breaches and security compromises. Rapid7 and Qualys are two leading cybersecurity vendors in the vulnerability management space—let's see how they stack up in this comparison.

Filed under: security, vulnerabilities, cybersecurity, Rapid7, Qualys