Regulations

Strengthening Your Organization’s Security with CIS Critical Security Controls

by
Ilustration showing a man and a woman with laptops performing a system audit with the five CIS Critical Security Controls outlined on a page in a binder.

In today’s digital landscape, where security threats loom large, safeguarding your organization’s sensitive data and digital assets is paramount. Fortunately, the Center for Internet Security (CIS) Critical Security Controls offers a practical roadmap to bolster your security posture.

In this article, we will explore how any organization, regardless of size or industry, can enhance its security using the CIS Critical Security Controls.

What are the CIS Security Controls?

The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your organization’s cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the CIS Controls and/or contribute to their development via a community consensus process.

Read more

Share

Navigating White-Collar Crimes: Unveiling the Lack of Recognition Theory

by

Image of handcuffs, a gavel and icons symbolizing money laundering, bribery, embezzlement, and the words "White-Collar Crimes" and "Corruption" written on a gray background.

Decoding White-Collar Crimes: Unveiling the Lack of Recognition Theory Through Real-Life Scenarios

In the complex world of corporate conduct, the “Lack of Recognition” theory stands out as a compelling force behind unintentional white-collar crimes. This theory not only encompasses employees feeling undervalued but also sheds light on situations where individuals inadvertently breach laws, rules, or regulations.

To explore this concept, consider the following white-collar crime definition:

What Are White-Collar Crimes?

White collar crimes refer to non-violent crimes committed through deceptive practices, for the purpose of financial gain. Typically, white-collar crimes are committed by business people who are able to access large amounts of money, though the term is sometimes applied to others who pilfer monies in other circumstances. White collar crimes are non-violent, and are committed by a broad range of activities, such as insider trading.

In this blog post, we’ll delve into the challenges posed by the Lack of Recognition theory, exploring strategies that compliance officers can deploy to mitigate white-collar crime with the help of real-life examples and case studies to bring these concepts to life.

Read more

Share

Building a Robust Anti-Corruption Framework: Safeguarding Business Integrity in a Global Marketplace

by

Image depicting anti-corruption effort showing a justice scale and the words "Anti-Corruption Framework" written on it. It has a man wearing a blue suit and a red tie in a cage on one scale pointing to a bag of money on the other scale.

In today’s interconnected global marketplace, maintaining the highest standards of ethical conduct is non-negotiable. Recent challenges faced by companies emphasize the need for a comprehensive anti-corruption framework to safeguard business integrity.

In this comprehensive guide, we’ll explore key policies and practices to enhance corporate integrity, addressing both internal employee conduct and the critical realm of third-party vendor relationships, paying particular attention to key policies and practices that every company, especially major retailers, should adopt to prevent internal and third-party corruption risks.

In light of the recent compliance concerns regarding potential corrupt behavior by some third-party vendors, it is crucial that organizations enhance efforts to prevent such activities.

Read more

Share

NIST Cybersecurity Framework: A Guide for a Board of Directors

by

Image of business people sitting at oval desk watching lcd screen presentation of NIST Cybersecurity Framework in meeting room

Cyber threats are on the rise, safeguarding our organization’s valuable assets and sensitive information has become paramount and staying ahead of the game is  now essential. Enter the National Institute of Standards and Technology (NIST) Cybersecurity Framework—a comprehensive guide designed to help businesses like ours navigate the complex world of cybersecurity.

In this article, we’ll break down the NIST Cybersecurity Framework in a way that’s easy to understand, ensuring that every member of your board of directors is on the same page.

What is a cybersecurity framework?

A cybersecurity framework provides a common language and set of standards for security leaders across countries and industries to understand their security postures and those of their vendors. With a framework in place it becomes much easier to define the processes and procedures that your organization must take to assess, monitor, and mitigate cybersecurity risk.

Read more

Share

The MGM Cyber Attack: A Masterclass in Risk Management

by

Image of a man pulling on a gear device marked high and low risk, and the words “Robust risk management strategies can prevent a cyber attack” in the background.

The MGM Cyber Attack and Lessons in Risk Management

In the ever-evolving landscape of the digital world, cybersecurity has taken center stage. The MGM cyber attack serves as a stark reminder of the constant threat lurking in the shadows of the web. This unfortunate incident, though disconcerting, offers us a valuable lesson in risk management.

It is crucial to learn from these events and take proactive steps to safeguard our digital assets. In this article, we will explore the MGM cyber attack, the lessons it imparts on risk management, and provide practical mitigation steps and solution examples to help organizations

Understanding the MGM Cyber Attack

Before delving into risk management solutions, let’s take a moment to understand what happened during the MGM cyber attack. In September 2023, MGM Resorts suffered a data breach, leading to the exposure of personal information belonging to customers who transacted with MGM Resorts prior to March 2019. This included names, contact information, gender, dates of birth and driver license number. For a limited number of customers, the hackers also accessed Social Security numbers and passport details. According to Bloomberg, the breach stemmed from a social engineering breach of the company’s information technology help desk. MGM’s experience highlights the importance of robust cybersecurity practices.

Read more

Share

Addressing Significant Gaps in an Organization’s IAM Framework

by

Image of identification technologies symbols and touch screen fingerprint recognition ID system.

A recent risk assessment of an organization’s IT environment revealed significant gaps in the current IAM framework, including ineffective access control policies, weak authentication mechanisms, and insufficient monitoring and auditing procedures.

This could as well be your organization, and here, we suggest recommendations to address these issues.

What is an Identity and Access Management or IAM Framework?

An Identity and Access Management framework is the combination of two information security controls: identity management and access management.

Identity management is the method used to classify a user, group or device on a network with the goal of placing identified resources into categories so that network and security policies can be applied. For example, it checks checks a login attempt against an identity management database.

Access management on the other hand refers to the way an organization determines who or what on a network has the right to connect to a particular resource as determined by factors like job title, tenure, security clearance, and project etc.

Read more

Share
Share
Share