DISC InfoSec blog

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy NIST 800-37r2

Does your organization need NIST, CSC, ISO, or FAIR frameworks? Here’s how to start making sense of security frameworks. Source: How to choose the right cybersecurity framework

vsRisk Standalone 3.0 – Brand new vsRisk™ risk assessment software available now vsRisk is fully aligned with ISO 27001:2013 and helps you conduct an information security risk assessment quickly and easily. The upgrade includes three key changes to functionality: custom acceptance criteria, a risk assessment wizard and control set synchronization. This major release also enables users […]

FAIR Institute blog by Isaiah McGowan Read Books to Jumpstart Your Career in Risk Management What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager. They’re not ranked by which book is best. Instead, I list them in the recommended reading […]

An introductory guide to information risk management auditing, giving an interesting and useful insight into the risks and controls/mitigations that you may encounter when performing or managing an audit of information risk. Case studies and chapter summaries impart expert guidance to provide the best grounding in information risk available for risk managers and non-specialists alike. […]

Assessing Information Security – Strategies, Tactics, Logic and Framework draws on the work of Clausewitz and Sun Tzu, and applies it to the understanding of information security that the authors have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human […]

  Govern and manage Cyber Security risk with this unique comprehensive toolkit suite   Comprehensive Cyber Security Risk Management Toolkit Suite – Use the Cyber Security Governance & Risk Management Toolkit for a new, fresh implementation of a comprehensive management system that will also be capable of ISO27001 certification, or take advantage of this toolkit’s […]

vsRisk – The Cyber Security Risk Assessment Tool It is extremely difficult to carry out a risk assessment that will meet the requirements of ISO27001 without using a specialist information security risk assessment tool. While there are a wide range of products on the market that claim to meet these requirements, the reality is that […]

Cyber security is the protection of systems, networks and data in cyber space. If your system is connected on the internet, you should know and uderstand the risks of cyber space to take appropriate countermeasures. To understand the risks of cyber security,The first place is to begin with is a risk assessment. By completing a […]

First to start with a definition of risk – Risk is a function of the probability that an identified threat will occur and then impact the mission or business objectives of an organization. The kind of risks we deal with information assets are mostly those risks from which only loss can occur, which may be […]

Similar to other controls SoD (Segragation of Duties) plays an important role in reducing certain potential risk of an organization. SoD minimize certail risks, by deviding a task so it will take more than one individual to complete a task or a critical process. SoD control has been traditionally used in accounting to minimize risk […]

  Organizations that need to comply with PCI-DSS need to create their own risk assessment methodology that works for their specific business needs, according to a new report by the Payment Card Industry Security Standards Council (PCI SSC). PCI Risk Assessment Special Interest Group says When developing their own risk assessment methodology, organizations may consider adapting an industry-standard methodology […]

by Melanie Watson It is extremely difficult to carry out a risk assessment that will meet the requirements of ISO27001 without using a specialist information security risk assessment tool. While there are a wide range of products on the market that claim to meet these requirements, the reality is that there are very few. There’s […]

With over 10 years in the market and 2,500 global downloads, vsRiskTM has been helping organizations all over the world carry out successful risk assessments. Risks assessment is the core competence of cyber security management. Every decision you make must be proportionate to the actual risk your organization faces. You must therefore assess risks on […]

In risk management, risk treatment process begins after completion of a comprehensive risk assessment. Once risks have been assessed, risk manager utilize the following techniques to manage the risks • Avoidance (eliminate) • Reduction (mitigate) • Transfer (outsource or insure) • Retention (accept and budget) Now the question is how to select an appropriate control […]

Risk management is a business process and all the business decisions should have a business development life cycle Risk management is a management responsibility, must be supported by senior management and that concept of Ownership of assets must be established In Pre screening of critical assets, assets sensitivity must be established based on business, legal […]

With over 10 years in the market and 2,500 global downloads, vsRiskTM has been helping organizations all over the world carry out successful risk assessments. Risks assessment is the core competence of cyber security management. Every decision you make must be proportionate to the actual risk your organization faces. You must therefore assess risks on […]

/EINPresswire.com/ ISO 27005:2011, the newly released international information security risk management standard, is now available to the international community of business continuity and information security practitioners. Information security risk management is one of the core competencies of information security. This Standard is an essential companion to ISO/IEC 27001 and ISO/IEC 27002 and replaces ISO/IEC 27005:2008. […]

Enterprise Risk Management: From Incentives to Controls Enterprise risk management is a complex yet critical issue that all companies must deal with as they head into the twenty-first century. It empowers you to balance risks with rewards as well as people with processes. But to master the numerous aspects of enterprise risk management- you must […]

Expert guidance on planning and implementing a risk assessment and protecting your business information. In the knowledge economy, organisations have to be able to protect their information assets. Information security management has, therefore, become a critical corporate discipline. The international code of practice for an information security management system (ISMS) is ISO27002. As the code […]