Increasingly, organizations, including the federal government and industry, are recognizing the need to counter insider threats and are doing it through specially focused teams. The CERT Division National Insider Threat Center (NITC) offers an Insider Threat Program Manager certificate to help organizations build such teams and supports programs that are flexible, based on best practices, and tailored to the unique circumstances of individual organizations.
The transition from on-premises information systems to cloud services represents a significant, and sometimes uncomfortable, new way of working for organizations. Establishing meaningful Service Level Agreements (SLAs) and monitoring the security performance of cloud service providers are two significant challenges. This post proposes that a process- and data-driven approach would alleviate these concerns and produce high-quality SLAs that reduce risk and increase transparency.
Each year brings new cybersecurity threats, breaches, and previously unknown vulnerabilities in established systems. Even with unprecedented vulnerabilities such as Spectre and Meltdown, the approach to dealing with the risks they pose is the same as ever: sound risk management with systematic processes to assess and respond to risks. This post offers seven considerations for cyber risk management.