Blog

These days, everyone understands how important it is to have health insurance. Many may even think of it as a safety net that will prevent the worst—after all, that’s what insurance is for, right?

A while ago, we posed this question, “Do You Need a Ransomware Preparedness Assessment?”

Background First coined in 1994 by Stephen Marsh in his doctoral thesis, Formalising Trust as a Computational Concept, the term Zero Trust was later popularized by a Gartner research analyst. Some years later in 2011, when Google announced its internal implementation of Zero Trust architecture, the concept helped spark a new, wide-spread interest in the technology and security communities. In response to this increased public interest, the National Institute of Standards and Technology (NIST), in coordination with the National Cybersecurity Center of Excellence (NCCoE), developed a special publication (SP 800-207) on Zero Trust architecture and have since published additional information on implementation practices.

Deciphering the conflicted angst of GRC There is no one-size-fits-all for GRC so companies need to take a hard look at their regulatory requirements, along with their corporate culture and business models, to build a viable GRC program. Indeed, GRC is still a work in progress, even though each component has been a business imperative for years. Alan Earls reports.

What is it? The EU Cybersecurity Act is the fruit of an initiative started by the European Parliament in 2017 with the goals of permanently establishing an agency to address cybersecurity threats, reducing the complexity for companies to comply with cybersecurity frameworks in each EU member state, and establishing a common cybersecurity certification framework. Formal adoption of the EU Cybersecurity Act occurred on March 27, 2019 and resulted in both the formation of the EU Cybersecurity Agency (formerly the ENISA) as a permanent agency and established a cybersecurity certification framework.