Archive for the ‘Risk Assessment’ Category

Calculating Your Company’s Total Cybersecurity Risk Exposure

In the first part of my blog post I focused on calculating the impact of a cybersecurity breach in relation to a company’s size and industry. In part two, I present an approach to better understand how often a company will experience security breaches. The probability is usually the big unknown. Not particularly helpful is that our […]

Leave a Comment

A leadership guide for mitigating security risks with low code platforms

The lingering question of application code security follows, as stories of security breaches continue to pour, and remote teams across the world adopt low code for faster application delivery. Even as Gartner predicts that 65% of applications will be built using the low-code paradigm by 2024, it is important to understand the security implications that come with […]

Leave a Comment

Risk-based vulnerability management has produced demonstrable results

Risk-based vulnerability management Risk-based vulnerability management doesn’t ask “How do we fix everything?” It merely asks, “What do we actually need to fix?” A series of research reports from the Cyentia Institute have answered that question in a number of ways, finding for example, that attackers are more likely to develop exploits for some vulnerabilities […]

Leave a Comment

Risky business: 3 timeless approaches to reduce security risk in 2021

Steps to reduce security risk in 2021 A summary of the tactical and strategic moves CISOs can make to reduce security risk: Look to reduce your “haystack” of threat avenues through smart policy enforcement. Consider DNS as a vector – for both attack and detection Ensure that your cloud adoption strategy is coupled with sound […]

Leave a Comment

Understanding Cyber Risk Quantification – A Four Minute Journey Into Your Future

Cyber Risk Quantification (CRQ) is now viewed as a core pillar of any effective Integrated Risk Management program. This short explainer video walks you through and gives you a glimpse into your future as a top tier cyber risk management organization.  A FAIR Approach

Leave a Comment

Why is financial cyber risk quantification important?

In its 10th annual Risk Barometer, Allianz found that cyber incidents ranked third in a list of the most important global business risks for the upcoming year, coming in second behind risks stemming from the pandemic itself. We can expect cyber incidents to increase in frequency and sophistication as cyber criminals continue to leverage the […]

Leave a Comment

Risk management in the digital world: How different is it?

Prioritizing and communicating risk Last year, the number of active phishing websites increased 350% from January to March alone. Now that employees are connecting to the office from their own remote networks and not through their office’s secure network, the chance of a security breach is higher than ever. While risk managers know this already, securing […]

Leave a Comment

Proven Use Cases to Start Quantitative Cyber Risk Management

With the growing interest in Factor Analysis of Information Risk (FAIR™), we hear a lot from people who have read about FAIR or even taken FAIR training and are really excited about the potential power of cyber risk quantification for risk management –  but have come away with the impression that to actually bring a quantitative risk management program to life […]

Leave a Comment

Nmap Cheat Sheet

Leave a Comment

Advice for senior management on their responsibilities towards information risk

IAAC Directors’ Guides Source:Succinct advice for senior management on their responsibilities towards information risk, courtesy of the IAAC.

Leave a Comment

The best practice guide for an effective infoSec function

The best practice guide for an effective infoSec function: iTnews has put together a bit of advice from various controls including ISO 27k and NIST CSF to guide you through what’s needed to build an effective information security management system (ISMS) within your organization. This comprehensive report is a must-have reference for executives, senior managers […]

Leave a Comment

A CISO’s Guide to Bolstering Cybersecurity Posture

When It Come Down To It, Cybersecurity Is All About Understanding Risk Risk Management Framework for Information Systems How to choose the right cybersecurity framework Improve Cybersecurity posture by using ISO/IEC 27032 Cybersecurity Summit 2018: David Petraeus and Lisa Monaco on America’s cybersecurity posture CSET Cyber Security Evaluation Tool – ICS/OT Subscribe to DISC InfoSec […]

Leave a Comment

When It Come Down To It, Cybersecurity Is All About Understanding Risk

Get two risk management experts in a room, one financial and the other IT, and they will NOT be able to discuss risk. Source: When It Come Down To It, Cybersecurity Is All About Understanding Risk An Overview of Risk Assessment According to ISO 27001 and ISO 27005 Enter your email address: Delivered by FeedBurner

Comments (1)

Risk Management Framework for Information Systems

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy NIST 800-37r2 InfoSec Risk Assessment Compliance Framework Subscribe to DISC InfoSec blog by Email

Comments (1)

How to choose the right cybersecurity framework

Does your organization need NIST, CSC, ISO, or FAIR frameworks? Here’s how to start making sense of security frameworks. Source: How to choose the right cybersecurity framework

Comments (1)

Breach highlights the need for a cyber health check

Cyber Health Check   Deloitte breach highlights the need for a cyber health check Javier Brias Deloitte, one of the world’s biggest accounting organizations, recently suffered a data breach that compromised confidential emails and plans of some of its blue-chip clients, according to the Guardian. The hackers also had potential access to usernames, passwords, IP addresses, […]

Leave a Comment

Conducting an asset-based risk assessment in ISO 27001:2013

Conducting an asset-based risk assessment in ISO 27001:2013 – Vigilant Software The nature of ISO27001 is that it is heavily focused on risk-based planning. This is to ensure that the identified information risks are appropriately managed according to the threats and the nature of the threats. While asset-based risk assessments are still widely regarded as best practice, […]

Leave a Comment

Fundamentals of Information Risk Management Auditing

New information and IT risks seem to be everywhere, so it is essential that organizations address these risks in the context of enterprise risk management (ERM). ERM is a practice that has become increasingly popular. It’s important that an organization’s information risk management specialist or auditor understands this practice because much of their work will […]

Leave a Comment

5 Must Read Books to Jumpstart Your Career in Risk Management

FAIR Institute blog by Isaiah McGowan Read Books to Jumpstart Your Career in Risk Management What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager. They’re not ranked by which book is best. Instead, I list them in the recommended reading […]

Leave a Comment

Independent Risk Assessment

The essential suite for undertaking an independent risk assessment compliant with ISO/IEC 27001; supporting ISO/IEC 27002 and conforming to ISO/IEC 27005, whilst providing guidance to multiple internal Asset Owners. Risk assessment is the core competence of information security management. This toolkit provides essential information, guidance & tools YOU NEED to undertake an effective ISO 27001 […]

Leave a Comment