Risk Assessment

Business Continuity Planning Using NIST SP 800-34

by

Concept illustration of business continuity planning showing group of workers, NIST SP 800-34 thought bubbles, calendar, planning boards, and texts of the key components of the NIST SP 800-34 Framework: Develop the Contingency Planning Policy Statement, Conduct the Business Impact Analysis (BIA), Identify Preventive Controls, Create Contingency Strategies, Develop an Information System Contingency Plan, Ensure Plan Testing, Training, and Exercises, and Ensure Plan Maintenance.

Mastering Business Continuity Planning: A Guide Using NIST SP 800-34

In today’s fast-paced and interconnected world, businesses face an array of potential disruptions—from natural disasters and cyber-attacks to pandemics and supply chain failures. Ensuring that your organization can continue operations during and after such events is crucial. This is where Business Continuity Planning (BCP) comes in.

By using the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-34 as our frame of reference, this comprehensive guide will delve into the principles of BCP as outlined in NIST SP 800-34, explore sector-specific examples, address common challenges, and present best practices to help your organization stay resilient.

Read more

Share

Three Lines of Defense: A Guide to Effective Governance

by

Image showing a computer screen representation of a cyber attack and texts of the three lines of defense for effective IT governance: operational management, risk management and compliance, and internal audit.

The Three Lines of Defense model provides a robust framework that enables organizations to navigate risks systematically. By clearly defining responsibilities across the three lines, businesses can enhance accountability, improve risk management efficiency, and foster a culture of continuous improvement.

Introduction to the Three Lines of Defense

In the fast-paced and dynamic world of business, effective governance is crucial for sustainable growth and risk management. One powerful framework that aids organizations in achieving this delicate balance is the Three Lines of Defense model. This model provides a structured approach to risk management, ensuring that responsibilities are clearly defined across the organization.

In this article, we’ll explore the concept of the Three Lines of Defense and provide real-world examples to illustrate its practical application.

Read more

Share

Cybersecurity Risk Management: How to Identify and Manage Cybersecurity Risks for Your Organization

by

Image composition showing various threats like data breaches, ransomware, denial-of-service, phishing, and more that a cybersecurity risk management has to deal with.

 

Cybersecurity Risk Management: How to Identify and Manage Cybersecurity Risks for Your Organization

A cybersecurity risk management program is a vital process for any organization that relies on information systems and data to carry out its business functions. A program to manage cybersecurity risks can help protect an organization’s information systems and data from cyber threats, align its security efforts with business goals, and comply with relevant standards and regulations.

Cybersecurity risks are the potential threats that could compromise the confidentiality, integrity, or availability of your organization’s information systems and data. Cyberattacks, natural disasters, human errors, and other factors can expose your organization to various cybersecurity risks, such as data breaches, ransomware, denial-of-service, phishing, and more. These risks can have serious consequences for your organization, such as financial losses, reputational damage, legal liabilities, and regulatory penalties.

Therefore, it is essential for your organization to implement a cybersecurity risk management program, which is a strategic approach to identifying, prioritizing, managing, and monitoring cybersecurity risks.

Read more

Share

How to Build a Cybersecurity Program for An Organization

by

Image of an infographic showing the sixsteps of developing a cybersecurity program.

How to Build a Cybersecurity Program for Your Organization

Cybersecurity is the protection of your information and systems from unauthorized access, damage, or theft. Cybersecurity is not only a technical issue, but also a business issue. It affects your reputation, customer trust, legal compliance, and operational efficiency.

If your organization has no formal cybersecurity department or structure, no formal policies, standards, or guidelines identified or implemented, and no physical security infrastructure, you may be vulnerable to cyberattacks that can compromise your data, disrupt your operations, and harm your stakeholders.

In this blog post, we will highlight how you can build a cybersecurity program from scratch.

Read more

Share

NBA Fines And Non-Compliance Lessons for SMBs

by

Image of an arrangement with money, gavel, calculator, and contract illustrating the consequences of non-compliance with laws, rules, and regulations.

NBA Fines And Non-Compliance Lessons for SMBs

Regulations on the local, state, and federal levels are on the rise and this is putting a lot of pressure on compliance efforts of Small and Medium-sized businesses (SMBs) and exposing the fact that these organizations can only avoid costly fines and/or lawsuits for non-compliance by maintaining strict compliance throughout their information management processes.

I found the fines levied by the National Basketball Association (NBA) on players including the likes of the late Los Angeles Lakers Great, Kobe Bryant, and Mark Cuban, the owner of the Dallas Mavericks basketball team, among others, as a good lesson on the cost of non-compliance.

The NBA has consistently fined players who were in non-compliance of its rules and these violations range from the serious to what one could argue is the absurd – like kicking a ball in frustration or throwing a basketball into the stands in celebration of a win.

Read more

Share

ISO 27001 Risk Assessment: An Internal Auditor’s Perspective

by

Image of a collection of tools simulating an ISO 27001 risk assessment and certification process including a calculator, document binders, magnifying glass, pencil, a large clipboard with a checklist, and a certification badge.

A Comprehensive Guide to Mastering ISO 27001 Risk Assessment from An Internal Auditor’s Perspective

In the dynamic landscape of cybersecurity, organizations must stay vigilant to protect sensitive information and ensure the integrity of their systems. For this purpose, the ISO 27001 standard serves as a beacon, providing a robust framework for information security management. One of the cornerstone practices within ISO 27001 is the risk assessment process, a critical aspect that internal auditors play a pivotal role in executing.

As an ISO 27001 internal auditor, understanding the elements of a robust risk assessment is crucial.

In this article, we will delve into the key components of an ISO 27001 risk assessment, providing real-world examples to illustrate their significance.

Read more

Share
Share
Share