Cybersecurity trends are moving from checklist compliance to comprehensive, risk-driven security. This is just as true in the European Union, where data subject privacy and security requirements are strict. Fortunately, GDPR provides significant guidance on general risk management and specific risk assessment requirements. We’ll cover those requirements here.
What Are Risk Assessment Methodologies?
With the ever-increasing complexities of the IT and business environments, risk management has become crucially important for cybersecurity. Accordingly, risk management methodologies provide the blueprint for this anticipatory and strategic approach. They guide businesses in identifying potential threats, assessing their impact, devising effective responses, and monitoring progress. This article will introduce some basics of risk… Read More
What Is NIST 800-161?
With modern IT infrastructure becoming increasingly complex, intertwined systems managed through service providers and managing experts, the inevitable security problem rears its head. How can one organization, using several service providers, ensure their data security as it travels through those systems? Over the past decade, enterprise and government specialists have refined the practice of risk… Read More
Risk Maturity and the Continuum GRC IRM Platform
Over the past few weeks, we’ve discussed what it means to consider risk as part of an overall compliance strategy. We’ve emphasized throughout that risk doesn’t have to be an abstract pursuit–it can be a comprehensive part of compliance and security that uses the realities of regulations and frameworks to drive decision-making (and vice-versa). One… Read More
What Is a Risk Appetite Statement?
Over the past few weeks, we’ve talked quite a bit about risk: What it is. How it applies to compliance. How you can start to think about it as an aspect of your overall business strategy. In many of the cases we’ve discussed, we’ve referred to risk in terms of mitigation–how to close the gap… Read More
Risk Management and Insider Threats
Risk management is a term bandied about by a lot of experts. It’s critically important, of course, but it is also a catch-all for security terms that may not seem to apply directly to immediate, regulatory security. So, when insider threats come up, it becomes challenging to parse out how security and risk help address… Read More
What Are the Problems with Risk Management?
In our previous article, we discussed the concept of risk management–what it is and why it’s important. However, risk management in cybersecurity isn’t new, and many organizations are working towards normalizing risk as an approach for comprehensive cybersecurity and compliance efforts. While this move is a good one, we also find that many organizations will… Read More
Social Engineering and Enterprise Security
Discussions about security and compliance disproportionately focus on businesses and enterprises, precisely because these organizations serve as central repositories for critical industrial or consumer information. Accordingly, regulations and best practices are often tied to securing this infrastructure, with consumers getting little to no attention. However, the reality of modern cybersecurity threats is that almost all… Read More
What is ISO 31000?
Many enterprises are looking for ways to increase their security and to protect their interests. As the world of cybersecurity, legal risk and operational challenges become more and more complex, checklist compliance regulations just aren’t going to cut it. That’s why governments and private organizations are increasingly turning to risk management as a tool for… Read More
5 Things to Know About Email Marketing and the EU GDPR
Before you send out that next email marketing blast, make sure you’re compliant with the EU GDPR Email marketing is big business. MarTech Advisor reports that it is the best-performing channel for a company’s ROI, and 61% of consumers prefer to receive offers via email, as opposed to only 5% who prefer social media offers.… Read More
Human Nature – The Proverbial Thorn in the CISO’s Keaster!
While pondering the recent Target and Neiman Marcus breaches and many of those that have come before, I cannot help myself but to look for common denominators. If you compare these companies to your house, there are doors and windows that allow movement into and out of those houses. If you open a window and it… Read More
The Inmates are Running the Asylum: Why Cyber-criminals are Winning.
I could tell you about the most recent incidents of cyber threats in the news, but with the explosion of cyber threats there would be little value in citing just a couple of cases. The shocking reality is that there have been literally thousands of actual breaches that have NOT been reported to law enforcement in just… Read More
Symbiotic Mutualism: A BYOD Love Story
The mass proliferation of consumer computing devices is in full force with only escalation on the horizon before us and any technologist who thinks that they can stop it or officially banish it from their little kingdoms should think again. Those troglodytes will only lead a frustrating existence in a world where resistance is truly… Read More
Weekly Digest for March 11th
mdpeters New blog post: Weekly Digest for March 5th https://michaelpeters.org/?p=1324 [obDADkenobi]. mdpeters New blog post: Juris Doctor 77 of 215 https://michaelpeters.org/?p=1329 [obDADkenobi]. mdpeters posted Risk management. mdpeters posted It-governance. mdpeters posted 3 items. Risk management Risk Assessment and Treatment: Risk management