This paper seeks to show that data relating to the profiles of organizations and individuals subject to targeted attacks is amenable to study using epidemiological techniques. They design case-control studies to calculate odds ratios reflecting the degree of association between the identified risk factors and the receipt of targeted attack.

This Paper provides a breakdown of New York’s 23 NYCRR500 Financial Security requirements.

This report discusses the new reality that audits and compliance are no longer a seasonal issue. It lays out some good steps for daily audits for the sake of compliance.

This is a unqiue report in that two leaders in two seperate industries collaborated out of the mutual concern regarding the state of cybersecurity in the global economy and the knowledge that cyber risk cannot be compartmentalized by industry, company,size, or simliar measures.

The second annual RSA Cybersecurity Poverty Index is the result of an annual maturity self-assessment completed by 878 individuals across 24 industries. The assessment was created using the NIST Cybersecurity Framework (CSF) as the measuring stick to provide global insight into how organizations rate their overall cybersecurity maturity and practices. This report presents what was learned.

This project comprised two main research and development phases. The first phase of the project entailed a requirements analysis and architecture-design effort. For further details on this phase, please refer to the first study report. The second phase of the project entailed the development of a proof-of-concept toolbox. This report presents the proof-of-concept toolbox.

This paper discusses how the GDPR will affect you as a non-European company and provides insights into what you should do to prepare.

This whitepaper discusses the disconnects that have emerged between cybersecurity threats and organizations’ contermeasures.

From The Report, “A vision is emerging that balances effective fraud prevention with a delightful customer experience…The mobile device sits at the center of this vision. Properly secured, the mobile device can not only facilitate safer transactions within its own channel but can also be used to better secure other channels with minimal customer friction. This white paper will delve deeper into this vision and the roadmap for forward-thinking fraud executives."

In this report, the authors outline an approach for edge-to-edge security for companies to consider as they build their digital transformation roadmaps. Strengthening a company’s security posture in a world of SDI requires rethinking both the human and the infrastructure elements, leaving behind the idea of network-centric security and moving toward data-centric security.

This paper navigates decision-makers through the issues surrounding a specific technology or business case, explores the business value of adoption, and recommends the reange of considerations and concrete next steps in the decision-making process.

This report discusses the security issues involved in mergers and acquisitions of other organizations.

This paper takes a unique look at the competing issues of using machine learning techniques to fight fraud at financial institutions.

An Annual Showcase of Data Breaches.

This report will help you benchmark your third-party risk management program and its performance against trends in the market and best practices.

This is a report on cloud security trends.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) envisions widespread, trusted identity exchanges using federated methods that are secure, interoperable, privacy-enhancing and easy to use. Realization of that vision will require companies, agencies and individuals to perform at a new level. The Requirements are our first step towards that goal, by describing a set of functions that parties must be able to fulfill, and a set of criteria for assessing those capabilities.

By providing an overview of the main areas of research and the key studies conducted in the field to date, and by making some initial recommendations about the potential role of insurers and governments in addressing cyber risks, this report lays the groundwork for discussion and future research on the development of the cyber risk and the cyber insurance market.

This is a threat advisory for CardCrypt

In this report they seek to answer four important questions. How mature is the profession today? Where are we weakest/strongest? Which improvements in maturity are likely to matter most? How do we rate against others in our industry?