The Importance of Vendor Risk Management for CISOs
If a company deals with even one third-party vendor, then vendor risk management should be at the forefront of the CISO’s mind. What is vendor risk management? Vendor risk management...
Security and Compliance Blog
Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.
Posts by Frank Balonis
Frank Balonis, Chief Information Security Officer and SVP Operations at Kiteworks
Frank joined Kiteworks in July 2003 and is responsible for technical support, customer success, and corporate IT. Frank also oversees corporate security and compliance and works with the Product and Engineering teams to ensure Kiteworks software and services meet the needs of its customers. He has over 20 years of experience in IT Support and Services. Prior to Kiteworks, Frank held senior engineering positions with Prexar, Kokusai Semiconductor Equipment Corporation, and Varian Semiconductor. Frank is a Certified Information Systems Security Professional (CISSP) and a veteran of the United States Navy.
GoAnywhere MFT Zero-day Vulnerability: What You Need to Know
On February 1, researchers at Fortra warned customers of a zero-day remote code injection flaw in its GoAnywhere MFT software. The GoAnywhere MFT Zero-day vulnerability exposes administrator consoles that directly...
Relationships in the Cyber Era
The advanced persistent threat (APT) era is here. Attacks are becoming more common and the level of damage is increasing in severity. As CISOs, we must prepare for the APT...
FedRAMP Audit Logging [Best Practices, Solutions, and Tips]
If you are working in the federal space, then you and your service vendors must be FedRAMP compliant, and that means maintaining audit logs. These audit logs can be expensive...
“Log4Shell” Apache Vulnerability: What Kiteworks Customers Need To Know
In follow-up to our recent alerts to Kiteworks customers, three vulnerabilities to Apache Log4j Java-based open-source logging library have been discovered. These vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) are collectively being referred...