Blog, Data collection, Risk and Technology

The Best 10 Vendor Risk Management Tools

Centraleyes

MARCH 25, 2024

Let’s discuss an acronym reshaping the business world: Vendor Risk Management , or VRM. With supply chains extending across multiple regions and involving numerous third-party vendors, organizations face unprecedented challenges in managing vendor risks effectively. What risks are you facing?

Risk

Risk Data collection Architecture Government

Manual vs Automated Risk Management: What You Need to Know

Centraleyes

MAY 5, 2024

Murphy’s Law in Modern Risk Management Murphy’s Law is a timeless reminder of life’s unpredictability. In today’s digital age, where cyber attacks are a matter of when rather than if, assessing potential risks and their likelihood of occurrence is only getting more critical.

Risk

Risk Data collection Cyber Risk Cybersecurity

Emerging security challenges for Europe’s emerging technologies

Thales Cloud Protection & Licensing

SEPTEMBER 5, 2019

With many of these transformations, it is not just the premise of keeping up that drives the huge levels of investment we see organisations making – but also the promise of what’s possible, if the right technologies and approaches can be harnessed to disrupt or differentiate in the face of fierce competition. Containers.

Technology

Technology Digital transformation IoT Big data

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

Simon Willison nails it in a tweet: “OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.” On a personal level we risk losing out on useful tools.

Government

Government Banking Risk Internet

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

It’s often difficult for small businesses to invest significantly in data privacy compliance or security measures because they don’t have large budgets. In fact, many SMBs have to choose between investing in new technology and making payroll.

Data privacy

Data privacy Small Business Data collection Cyber Risk

On Surveillance in the Workplace

Schneier on Security

MARCH 12, 2019

Touted as useful management tools, they can augment biased and discriminatory practices in workplace evaluations and segment workforces into risk categories based on patterns of behavior. Gamification and algorithmic management of work activities through continuous data collection.

Surveillance

Surveillance Data collection Technology Risk

What’s in the NIST Privacy Framework 1.1?

Centraleyes

MARCH 14, 2024

The National Institute of Standards and Technology (NIST) plans to update the Privacy Framework to Version 1.1. Initially introduced as The NIST Privacy Framework : A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0, NIST seeks to bring the framework up to speed.

Government

Government Risk Artificial Intelligence Cybersecurity

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

Privacy and Cybersecurity Law

JUNE 29, 2020

The experience made clear that no smart city can proceed without social license and that there is no social license without addressing privacy risks. Risk #1: Surveillance both from the State and surveillance capitalism. Digital solutions generally create the risk of law enforcement access to the data they collect.

Surveillance

Surveillance Data collection Risk Data breaches

PRIVACY ISSUES IN SMART CITIES – LESSSONS LEARNED FROM THE WATERFRONT TORONTO – SIDEWALKS PROJECT

Privacy and Cybersecurity Law

JUNE 29, 2020

The experience made clear that no smart city can proceed without social license and that there is no social license without addressing privacy risks. . Risk #1: Surveillance both from the State and surveillance capitalism. Digital solutions generally create the risk of law enforcement access to the data they collect.

Surveillance

Surveillance Data collection Risk Data breaches

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Last Watchdog

NOVEMBER 21, 2018

International regulations have also played a significant role in the privacy discussion, specifically following enforcement of the GDPR (General Data Privacy Regulation) in the European Union (EU). At the forefront of privacy-law related issues are very visible and widely used big technology companies. If the U.S.

Data privacy

Data privacy Data collection Big data Government

7 Steps to Measure ERM Performance

Centraleyes

FEBRUARY 19, 2024

The distinction between enterprise risk management (ERM) and traditional risk management is more than semantics. The simplest way to explain their core differences is that traditional risk management operates within confined departmental boundaries.

Risk

Risk Marketing Manufacturing Data collection

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

OCTOBER 13, 2021

Check out the examples below from Forrester’s blog. First-party” data is different from zero-party data. First-party data is based on inference collected from either implicit or explicit events that are collected internally. Data collection red flags. All of this leads us to “third-party” data.

eCommerce

eCommerce Data collection Consumer Protection Advertising

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

Centraleyes

APRIL 25, 2024

Risk Management: By identifying vulnerabilities and assessing controls, security audits contribute to effective risk management, allowing organizations to prioritize and address critical risks. Frequency Conducted regularly throughout the year, focusing on continuous improvement and ongoing risk assessment.

Risk

Risk Accountability Technology Software

The Ultimate ESG Audits Checklist

Centraleyes

NOVEMBER 20, 2023

ESG audits are systematic assessments of an organization’s ESG-related risks and disclosures. These audits serve the crucial role of verifying the accuracy of ESG data and information that a company shares with its employees, stakeholders, and regulatory bodies. What is an ESG Audit? Who Performs an ESG Audit?

Government

Government Energy and Utilities Risk Technology

Regional privacy but global clouds. How to manage this complexity?

Thales Cloud Protection & Licensing

MAY 31, 2022

Data controllers are accountable to the persons (consumers, citizens) or other organisations (customers) they serve as part of their purpose. Whilst Cloud service providers, as data processors, are responsible for actions they are contracted to deliver by controllers (data collection, modification, storage, transmission, deletion etc).

Data privacy

Data privacy Digital transformation Accountability Data collection

How to Manage IAM Compliance and Audits

Centraleyes

MAY 20, 2024

It’s hard to tell a hacker from a legitimate user’s behavior using regular security procedures and technologies. IAM evaluations are required because data is continuously at risk. Credential theft and unauthorized access are the leading causes of data breaches. What is An IAM Assessment?

Data breaches

Data breaches Accountability Authentication Healthcare

Understanding the Different Types of Audit Evidence

Centraleyes

APRIL 18, 2024

Risk Management Assessment: Through evidence collection, auditors assess an organization’s risk management processes, ensuring they are proactive, comprehensive, and aligned with its risk appetite.

Risk

Risk Penetration Testing Encryption Cybersecurity

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Digital technology and connected IoT devices have proliferated across industries and into our daily lives. Security vulnerabilities in IoT products can seriously expose manufacturers and service providers to cybersecurity risks, resulting in reputational damage and heavy fines for violating security and privacy legislation.

IoT

IoT Manufacturing Energy and Utilities Data collection

Best 11 Third-party Risk Management Software in 2024

Centraleyes

MAY 28, 2024

Every link in your supply chain and each third-party relationship carries inherent risks. While eliminating all third-party risks is impractical, you can focus on identifying, managing, and mitigating them. Third-party risk management is critical in today’s interconnected business environment.

Risk

Risk Software Government Cyber Risk

More SRE Lessons for SOC: Simplicity Helps Security

Anton on Security

NOVEMBER 17, 2022

Phil’s 8 megatrends blog reminds us about this by calling one of his cloud megatrends “Simplicity: Cloud as an abstraction machine.” Think well-implemented zero trust , that helps users, simplifies IT and reduces risk. Metrics and associated data collection? 10X fun assured! This means we need simplicity even more.

Engineering

Engineering Software Data collection Architecture

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

They all must have unique identifiers and the ability to collect and transfer data over networks to enable monitoring, surveillance, and execution of decisions based on the collected data with little or no human intervention. But making the IoT work requires trust in the devices and the data they collect.

IoT

IoT Data collection Encryption eCommerce

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Security Boulevard

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk

Risk Data collection Artificial Intelligence Accountability

A Pandora's Box: Unpacking 5 Risks in Generative AI

Thales Cloud Protection & Licensing

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk

Risk Data collection Artificial Intelligence Accountability

Cyber Playbook: Information Technology vs Operational Technology – How to Leverage IT to Secure Your OT Systems

Herjavec Group

JANUARY 31, 2022

Information Technology (IT) primarily refers to hardware, software, and communications technologies like networking equipment and modems that are used to store, recover, transmit, manipulate, and protect data. . Operational technology has seen innovations that allowed it to become safer, more efficient, and more reliable.

Technology

Technology Cybersecurity InfoSec Software

Data Privacy in the United States: A Recap of 2023 Developments

Centraleyes

FEBRUARY 1, 2024

In 2023, California remained at the forefront of the movement of states with consumer privacy laws by approving the final text of the California Privacy Rights Act regulations and inviting public comments on proposed rulemaking for cybersecurity audits, risk assessments, and automated decision-making.

Data privacy

Data privacy Consumer Protection Media Data collection

6 Business functions that will benefit from cybersecurity automation

CyberSecurity Insiders

OCTOBER 28, 2021

This blog was written by an independent guest blogger. Many security professionals spend hours each day manually administering tools to protect enterprise data. For many organizations, spending so much time collecting data is not conducive to innovation and growth. Data privacy. Implement zero trust protocols.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

More SRE Lessons for SOC: Simplicity Helps Security

Security Boulevard

NOVEMBER 17, 2022

Phil’s 8 megatrends blog reminds us about this by calling one of his cloud megatrends “Simplicity: Cloud as an abstraction machine.” Think well-implemented zero trust , that helps users, simplifies IT and reduces risk. Metrics and associated data collection? 10X fun assured! This means we need simplicity even more.

Engineering

Engineering Software Data collection Architecture

How your business can benefit from Cybersecurity automation

CyberSecurity Insiders

NOVEMBER 24, 2021

This blog was written by an independent guest blogger. Many security professionals spend hours each day manually administering tools to protect enterprise data. For many organizations, spending so much time collecting data is not conducive to innovation and growth. Data privacy. Implement zero trust protocols.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

OCTOBER 10, 2022

As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. Related: The case for regulating facial recognition.

Risk

Risk Data privacy Data collection Technology

How OCA Empowers Your XDR Journey

McAfee

DECEMBER 15, 2020

A ticket is automatically created on the IT service desk and select devices are temporarily quarantined from the main network to minimize risk. The Data Exchange Layer (DXL) technology developed by McAfee is being used by 3000 organizations today and is the transport layer used to share information in near real time.

Cyber threats

Cyber threats Architecture Technology Data collection

New Jersey Privacy Act: What to Expect

Centraleyes

JANUARY 15, 2024

Consumers can opt out of data processing for sales, targeted advertising, or profiling, and controllers must respond to verified requests within 45 days, with a possible 45-day extension. Unique Definitions and Requirements: The bill features a broader definition of biometric data than other state laws. Why Didn’t the ADPPA Pass?

Data privacy

Data privacy Advertising Data collection Government

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

The Last Watchdog

JULY 30, 2018

The painful impact of cyber attacks on businesses is worsening despite advances in technology aimed at protecting enterprises from malicious network traffic, insider threats, malware, denial of service attacks and phishing campaigns. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.

CISO

CISO Cyber Attacks Data collection Cybersecurity

Cyber CEO: Data Privacy Day – How to Enhance Your Data Privacy

Herjavec Group

JANUARY 27, 2022

Data Privacy Week aims to create awareness about online privacy, educate citizens on how to manage and secure their personal information, and support businesses in respecting data and being more transparent about how they collect and use customer data. The mountain of delivery boxes in my garage can vouch for that !

Data privacy

Data privacy Digital transformation Education Cybersecurity

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

The Last Watchdog

MAY 20, 2022

Managed security services (MSS) refer to a service model that enable the monitoring and managing of security technologies, systems, or even software-as-a-service (SaaS) products. An MSSP can assist with data collection and report generation to establish compliance during audits or in the aftermath of a possible incident.

Marketing

Marketing Digital transformation Technology Cybersecurity

SOC Technology Failures?—?Do They Matter?

Security Boulevard

DECEMBER 10, 2021

SOC Technology Failures?—?Do Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure. Hence this blog was born. Let’s stick to mostly technology focused failures. SOC should not spend time / resources managing such technologies. Do They Matter? img src: [link].

Technology

Technology CISO Data collection Threat Detection

Doxing in the corporate sector

SecureList

MARCH 29, 2021

Confidential corporate information is no less sensitive than the personal data of an individual, and the sheer scale of financial and reputational risks from potential blackmail or disclosure of such information can have a colossal impact. Where does your personal data end up? Utilize anti-spam and anti-phishing technologies.

Identity Theft

Identity Theft Phishing Accountability Banking

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

In particular, the Garante argued that the processing of a large number of different types of data referring to a significant number of data subjects, carried out through a digital platform based on algorithmic functions, had an evident innovative character. Receive our latest blog posts by email. Share on Facebook.

Retail

Retail Surveillance Data collection Technology

Best 8 Vulnerability Management Tools for 2024

Centraleyes

MARCH 25, 2024

Each vulnerability presents a risk, but that risk varies in severity. Every month, the National Institute of Standards and Technology (NIST) adds over 2,000 new security flaws to its National Vulnerability Database. As it scans, it uses its built-in technology to evaluate vulnerabilities. And it’s only getting worse.

Antivirus

Antivirus Firewall Risk Software

Preparing for IT/OT convergence: Best practices

CyberSecurity Insiders

SEPTEMBER 21, 2021

This blog was written by a colleague from Tenable. Modern-day industrial and critical infrastructure organizations rely heavily on the operational technology (OT) environment to produce their goods and services. Meanwhile, OT staff are used to working with legacy technologies, many of which pre-date the internet era.

Energy and Utilities

Energy and Utilities Manufacturing Threat Detection Technology

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Cisco Security

JULY 5, 2021

IDENTIFY – Risk Assessment (vulnerabilities identified; threat intelligence received; threats identified; threats, vulnerabilities and impacts to determine risk). This enables quick transition from analysing a threat in Malware Analytics to searching for hosts that is at risk in the environment. 3 and ID.RA-5] 2 and ID.RA-3]

Malware

Malware Risk Mobile Technology

The 11 Best GRC Tools for 2024

Centraleyes

APRIL 1, 2024

Governance, Risk, and Compliance (GRC) platforms help organizations optimize their governance strategies, streamline risk management processes, and ensure compliance with regulatory requirements. now including governance as a core function of cyber GRC and risk management.

Risk

Risk Government Artificial Intelligence Software

Key Aspects of Data Access Governance in Compliance and Auditing

Centraleyes

MAY 23, 2024

Tapping into your company’s data is appealing, but caution must be taken to ensure that sensitive information does not get into the wrong hands. Data access governance is a subset of data governance. It refers to the methods and technology businesses employ to manage and monitor access to their data.

Government

Government Backups Data privacy Accountability

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

Thales Cloud Protection & Licensing

JULY 11, 2019

The GDPR applies to businesses that collect and use personal information from citizens of the EU, regardless of where the business itself is located. The GDPR mandates that a business must inform EU DPAs very quickly (within 72 hours) and thoroughly of any security data breach involving European citizens. Data Mapping Analysis.

Risk

Risk Encryption Accountability Government

Who tracked internet users in 2021–2022

SecureList

NOVEMBER 25, 2022

Worried about this lack of transparency, users and privacy watchdogs put pressure on technology companies. Certain tech giants recently started adding tools to their ecosystems that are meant to improve the data collection transparency. Sadly, these policies are seldom transparent enough. North America. South Korea.

Internet

Internet Internet Advertising Marketing

The Best 10 Vendor Risk Management Tools

Manual vs Automated Risk Management: What You Need to Know

Trending Sources

Emerging security challenges for Europe’s emerging technologies

OpenAI Is Not Training on Your Dropbox Documents—Today

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

On Surveillance in the Workplace

What’s in the NIST Privacy Framework 1.1?

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

PRIVACY ISSUES IN SMART CITIES – LESSSONS LEARNED FROM THE WATERFRONT TORONTO – SIDEWALKS PROJECT

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

7 Steps to Measure ERM Performance

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

The Ultimate ESG Audits Checklist

Regional privacy but global clouds. How to manage this complexity?

How to Manage IAM Compliance and Audits

Understanding the Different Types of Audit Evidence

Critical Success Factors to Widespread Deployment of IoT

Best 11 Third-party Risk Management Software in 2024

More SRE Lessons for SOC: Simplicity Helps Security

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

A Pandora’s Box: Unpacking 5 Risks in Generative AI

A Pandora's Box: Unpacking 5 Risks in Generative AI

Cyber Playbook: Information Technology vs Operational Technology – How to Leverage IT to Secure Your OT Systems

Data Privacy in the United States: A Recap of 2023 Developments

6 Business functions that will benefit from cybersecurity automation

More SRE Lessons for SOC: Simplicity Helps Security

How your business can benefit from Cybersecurity automation

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

How OCA Empowers Your XDR Journey

New Jersey Privacy Act: What to Expect

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

Cyber CEO: Data Privacy Day – How to Enhance Your Data Privacy

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

SOC Technology Failures?—?Do They Matter?

Doxing in the corporate sector

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Best 8 Vulnerability Management Tools for 2024

Preparing for IT/OT convergence: Best practices

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

The 11 Best GRC Tools for 2024

Key Aspects of Data Access Governance in Compliance and Auditing

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

Who tracked internet users in 2021–2022

Stay Connected