Search

Focal Point's IAM services client is a globally recognized Fortune 500 business and financial services company, with more than 12,000 users across 41 countries.

Focal Point Data Risk, an integrated risk management firm, today announced that its experts will be featured in three sessions at the North America Computer Audit, Control and Security (CACS) 2019 Conference in Anaheim, Calif.

Integrated Risk Management (IRM) is changing how businesses view and manage risk, enabling better decision making. Download our new guide to find out how.

If 2018 was the year of GDPR implementation, then 2019 is the year of GDPR enforcement. Data Protection Authorities (DPAs) in Germany have started their audits, and France’s DPA, the CNIL, levied its first major fine earlier this year. The GDPR upped the stakes for data protection around the globe. Since its implementation, a number of countries have released new legislation around penalties, ranging from hefty fines to imprisonment. It’s easy for organizations to view fines as a harsh punishment, but fines and penalties demonstrate the value a government places on data protection for its residents. The GDPR and other regulations have fines of over $1,000,000 per violation, and in many of these countries, simply being non-compliant can be a violation (even if there hasn’t been a data breach). As countries around the world recognize their responsibility to protect data subjects, the punishment for mishandling or compromising personal data increases. In this post, we’ll look at how countries around the globe address penalties for data protection violations, review notable penalties, and walk through some steps your organization can take to avoid them.

Governance, Risk and Compliance (GRC) has become a key component of IT and business environments in every industry - and these environments are expanding rapidly. With the widespread adoption of cloud-based solutions, many organizations now operate with a hybrid environment that mixes cloud and on-premise technologies. These hybrid environments require an updated and more complex strategy to enable a culture of continuous compliance.  To achieve an efficient and effective implementation, your GRC program should support an impact-based approach that contextualizes risk within the business and monitors risks across security models. In this post, we’ll take a look at the challenges of migrating to a cloud-based solution, the key components of an enterprise GRC system, and the best practices for maintaining compliance in a hybrid environment.

GDPR enforcement has kicked off, and the CCPA countdown has begun. With the threat of significant penalties for non-compliance looming, many organizations are placing a greater focus on data privacy. But is “checking the box” on compliance the only (or best) way to evaluate the effectiveness of your program?  Companies working to develop privacy programs that adapt with regulatory, industry, and technology change need a way to quantify and prioritize privacy risk. Privacy key risk indicators (KRIs) are designed to do exactly this. KRIs quantify the anticipated risks associated with an area of your privacy program, so you can prioritize risk mitigation appropriately, set clear objectives for your program, and establish a privacy risk appetite. In this post, we will look at how to apply KRIs, how to use the types of KRIs, and how to design a KRI framework for your privacy program.

Focal Point’s GDPR and global privacy services client (“the Company”) is a recognized leader in the hospitality and travel leisure…

Tampa, FL – February 28, 2019 – Focal Point is pleased to announce that it has joined the Identity Defined Security Alliance (IDSA), an industry alliance helping to improve security and cyber risk management by acknowledging the central role of identity in a hybrid and mobile world.

September 2019 Update: This JavaScript Security extension has been published by Burp Suite! You can install it directly within Burp, via the BApp Store feature in the Burp Extender tool. Why compromise just one website when you can compromise a whole bunch of them all at once? I'm sure that's what attackers were thinking in 2018 as they compromised content delivery networks (CDNs) and used them to host malicious JavaScript. And it’s a genius strategy! Compromised companies will unwittingly feed them sensitive customer data (e.g., credit card numbers), will never have any evidence of the attack, and will never know anything has changed. Meanwhile, their customers will receive malicious JavaScript libraries that the "victim" companies require them to load for a smooth customer experience. Then the sensitive information will be fed directly from the user to the attacker. Why is this so easy? Today, more sites are relying on JavaScript to enhance the user experience, and they are doing it in a way that makes it harder to evaluate referenced JavaScript libraries: they are using JavaScript libraries to load other JavaScript libraries into the Document Object Model (DOM). It can be challenging to track these issues down during a penetration test, especially when you have limited time and you want to deliver the highest quality results possible. To assist our partners, clients, and the security community in identifying these issues, we developed a Burp Suite extension. Burp Suite is a Java-based tool used by many security teams for web-application testing. This extension helps Burp Suite users evaluate JavaScript in use in web applications for subresource integrity and content security policy protections while comparing observed resources against threat intelligence feeds. You can download the extension for free via the BApp Store.