Posts Tagged ‘Risk management’

Comprehensive Cyber Security Risk Management Toolkit

  Govern and manage Cyber Security risk with this unique comprehensive toolkit suite   Comprehensive Cyber Security Risk Management Toolkit Suite – Use the Cyber Security Governance & Risk Management Toolkit for a new, fresh implementation of a comprehensive management system that will also be capable of ISO27001 certification, or take advantage of this toolkit’s […]

Comments (1)

New IT-GRC Glossary designed to simplify industry terms

New IT-GRC Glossary from IT Governance designed to simplify industry terms IT Governance Ltd, the single source provider of IT governance, risk management and compliance (IT-GRC), has just published a glossary on their website. The IT-GRC glossary is designed to help IT professionals recognize the wide range of acronyms used within the industry to further […]

Leave a Comment

vsRisk – The Cyber Security Risk Assessment Tool

vsRisk – The Cyber Security Risk Assessment Tool It is extremely difficult to carry out a risk assessment that will meet the requirements of ISO27001 without using a specialist information security risk assessment tool. While there are a wide range of products on the market that claim to meet these requirements, the reality is that […]

Leave a Comment

Cyber Security and Risk Assessment

Cyber security is the protection of systems, networks and data in cyber space. If your system is connected on the internet, you should know and uderstand the risks of cyber space to take appropriate countermeasures. To understand the risks of cyber security,The first place is to begin with is a risk assessment. By completing a […]

Leave a Comment

Your Cyber Security Project

by James Warren Internet technologies have revolutionised the way that business is conducted but these innovations expose your business to various cyber security risks. Inadequate security can lead to the theft of customer data and, in the event of technological failure or a cyberattack, your business could lose its ability to function altogether. An effective risk management […]

Comments (1)

Impact of an Effective Risk Assessment to ISO 27001

First to start with a definition of risk – Risk is a function of the probability that an identified threat will occur and then impact the mission or business objectives of an organization. The kind of risks we deal with information assets are mostly those risks from which only loss can occur, which may be […]

Comments (2)

PCI view of Risk Assessment

  Organizations that need to comply with PCI-DSS need to create their own risk assessment methodology that works for their specific business needs, according to a new report by the Payment Card Industry Security Standards Council (PCI SSC). PCI Risk Assessment Special Interest Group says When developing their own risk assessment methodology, organizations may consider adapting an industry-standard methodology […]

Leave a Comment

Risky business

Image by purpleslog via Flickr By Mary Mosquera Last year’s HITECH Act toughened the rules and enforcement penalties health information handlers must follow to protect patient privacy. Under the new policy regime, providers will have to pay more attention to the confidentiality and safety of patient information as they move more of their operations toward […]

Leave a Comment

What is a risk assessment framework

Image by Adam Melancon via Flickr The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. A good RAF organizes and presents information in a way that […]

Leave a Comment

Control selection and cost savings

Information Security Risk Analysis In risk management, risk treatment process begins after completion of a comprehensive risk assessment. Once risks have been assessed, risk manager utilize the following techniques to manage the risks • Avoidance (eliminate) • Reduction (mitigate) • Transfer (outsource or insure) • Retention (accept and budget) Now the question is how to […]

Comments (2)

Managing Risks and NIST 800-53

Image via Wikipedia FISMA Certification & Accreditation Handbook The organizations need to establish security program to manage their day to day risks. Before selecting the controls from standards such as (NIST 800-53 or ISO 27002), organizations need to have complete inventory of the assets involved in the scope. Assets involved in the scope would require […]

Comments (3)

Congressional data mining and security

Image by moonhouse via Flickr“By slipping a simple, three-sentence provision into the gargantuan spending bill passed by the House of Representatives last week, a congressman from Silicon Valley is trying to nudge Congress into the 21st Century. Rep. Mike Honda (D-Calif.) placed a measure in the bill directing Congress and its affiliated organs — including […]

Comments (2)

HIPAA accountability and security program

Last year the department of Health and Human Services (HHS) started penalizing healthcare organizations for security breaches and lack of security program. Healthcare stimulus bill says that HHS will post a breach of healthcare organization on their website. In both cases the intent is clear that HHS want to hold healthcare organizations accountable for security […]

Comments (2)

Small business and assessment of IT risks

According to a study released by European Union ENISA, Small-to-Medium-Sized (SME) enterprises require extra guidance in assessment of IT security risks of their assets. Agency also established that in the first implementation it is improbable that SME can utilize a risk assessment & risk management approach without external assistance and simplified information security approach was […]

Leave a Comment

Economic turmoil and BCP

Due to economic insecurity all the warning signs are pointing that this year is going to top the record for information security and privacy incidents. Organizations may not be in a position to take business limiting risk and bypass security fundamental like Business Continuity Planning (BCP). During this economic uncertainty organizations have to pay more […]

Comments (2)