Home » Tag Archives: risk management

Tag Archives: risk management

Resistance is Futile; You Must Comply

personally identifiable information

No threat actor ever avoided attacking your system because you marked a control as compliant. Yet organizations today are spending ever increasing resources to remain compliant with a myriad of frameworks, including the National Institute of Standards and Technology’s (NIST) Risk Management Framework (RMF), International Standards Organization (ISO) frameworks, such as ISO 27001, and ISACA’s Control Objectives for Information and ...

Read More »

Risk Management – From Paper to Reality

Risk management

So you have completed your security controls assessment. You have beautiful risk assessment reports, and a big beautiful plan of action and milestones (POA&M). Now what? You have to bring your plan to manage risk into reality. According to the Department of Homeland Security’s Office of Cybersecurity and Communications, if you stacked all of the paperwork generated by assessment and ...

Read More »

Cyber Security and Risk Management Go Hand in Hand

Cyber Security and Risk Management Go Hand in Hand

Compared to other areas of business, information technology is an operational function that stakeholders often view as relatively hands-off. With its specialized terminology and detailed logic, it’s seen as a practice that’s best left to the professionals. A board’s functional understanding of tech-related issues might go only deep enough to know what to fund – and this typically depends on ...

Read More »