Putting Preparedness in Context: Comparing Your Security Performance to Other Companies in Your Industry

Posted by Melissa Stevens

Jul 23, 2014 9:00:00 AM

BitSightiPadDavid Burg, Principal at PriceWaterhouseCoopers, said recently that businesses are moving beyond mere compliance when assessing their security postures. Today’s companies now view outstanding security performance to be a major competitive advantage. How does your company stack up to others in the industry? Benchmarks let you know whether you’re getting the most for your security investment and whether your performance is keeping you at the top of your game.


The SEC emerges as a vocal proponent of cyber security

Posted by Ben Fagan

Jul 17, 2014 10:00:00 AM

US-SecuritiesAndExchangeCommission-SealProposed cyber security legislation, notably bills relating to a federal data breach notification standard, has been slow moving in the halls of Congress. While measurable progress has been made on some legislative pushes -- recently evidenced by the Senate Intelligence Committee’s passage of Sen Dianne Feinstein’s cyber threat information sharing bill -- it would be a stretch to say that lawmakers are currently influencing how private industry addresses this issue.

Yet the slow pace of legislation does not mean that Washington has kept quiet about the importance of IT security in today’s business environment. The SEC (Securities & Exchange Commission) has been increasingly vocal about the importance of corporate cyber security. Last month, SEC Commissioner Luis Aguilar called on corporate boards to take steps to include cyber issues in overall risk management decisions made at the board level. This guidance echoes last year’s alert, issued by the SEC’s Office of Compliance Inspections & Examinations, which outlined policies and procedures that companies should adopt to be in compliance.


Topics: Transparency, Industry Regulation, Breach Regulation

Utilizing Security Ratings for Enterprise IT Risk Mitigation

Posted by Ben Fagan

Jul 9, 2014 10:40:00 AM

BitSightiPadBusinesses need to adapt to a constantly changing risk landscape to address increasingly dangerous cyber threats. Recent ESG analysis shows that 49% of enterprise organizations suffered from a successful malware attack in the past 24 months. So what do businesses need to address these challenges to security? Actionable, objective and continuous intelligence into security risk across their ecosystem.


Topics: BitSight, Security Ratings

Boards Struggle With Measuring Security Performance - Are Security Ratings the Answer?

Posted by Melissa Stevens

Jul 2, 2014 8:00:00 AM

chair-in-the-boardroomOver the past few weeks, there have been several discussions on the presence of cyber security in the board room, and the challenges boards are facing when it comes to mitgating security risk.  


Topics: Security in the Board Room

Data Driven Security Podcast: Measurement & Security Performance

Posted by Melissa Stevens

Jun 26, 2014 9:00:00 AM

dds-header-imageOn June 22, 2014, BitSight CTO and Cofounder Stephen Boyer (@SWBoyer) joined Bob Rudis (@hrbrmstr) and Jay Jacobs (@jayjacobs) on their Data Driven Security Podcast series.  This conversation was long in the works, and something we were really excited to be a part of. 


Topics: Big Data, Benchmarking

Webinar: Benchmarking Security Performance with Industry Security Ratings

Posted by Ben Fagan

Jun 25, 2014 11:08:00 AM

chartAs executives and corporate boards are increasingly being called upon to act on cyber security issues, security practitioners need new tools to better communicate performance to upper level management. Benchmarking, a tool used by businesses to track performance, can (and should) be used to better communicate and understand security posture.


Topics: BitSight, Security Ratings, Benchmarking

SEC places security on the board agenda

Posted by Tom Turner

Jun 17, 2014 9:00:00 AM

Board member need to care about cybersecurity

Topics: Benchmarking, Security in the Board Room

An Update on Data Breach Notification

Posted by Ben Fagan

Jun 11, 2014 9:00:00 AM

187528612In a previous blog post, we outlined federal initiatives to pass a data breach notification law that would simplify the current myriad of state regulations. In the wake of the Target and Neiman Marcus data breaches, legislators and government officials called for a national data breach notification standard. While bills have been introduced, little action has been taken beyond Senate or House subcommittee hearings. While high-profile breaches that brought this issue into the conciousness of the American public and government, the need for transparency is even more pressing due to the high volume of unreported breaches: Our own analysis found that just in our home state of Massachusetts, 1 million residents had their PII compromised from healthcare breaches during 2007-2011. Yet,  just because there has been little movement in the US federal government does not mean data breach notification has been a stagnant issue in other countries and on the state level. In this post, we are going to round up some interesting legislative initiatives happening around the globe and in US state governments.


Topics: Security Risk Management, Breach Regulation

Three Ways to Benchmark Security Performance

Posted by Ben Fagan

Jun 6, 2014 8:30:00 AM

chartCompanies are spending more and more on IT security. A recent report by Canalys found that the worldwide IT security market will grow 6.6% annually, becoming a $30.1 billion dollar industry by 2017. This increase in spending may have something to do with the heightened consequences of data breaches and security events. Another recent study, this one from the Ponemon Institute, found average data breach costs to be a lofty $3.5 million. But, as companies spend more and more money on IT security products and services, how can they verify that their overall security is improving?


Compliance: The Danger to Security Performance of Just Going Through The Motions

Posted by George V. Hulme

Jun 4, 2014 8:30:00 AM

Merely doing things out of habit can be a risky thing to do. Such as when we just go through the motions when completing tasks – tasks we do so many times that muscle memory or our subconscious take over and put us in autopilot.

Doing things by rote is great for some tasks, such as those that require little thought or swift reflexes. For instance, have you ever found yourself halfway through something and not be conscious of the time that passed and the steps you’ve taken to get there? It’s because you’ve done this task thousands of times before are don’t need to be conscious of each step.


Topics: Security Risk Management, Industry Regulation