Posts Tagged ‘Risk Assessment’

Why chasing risk assessments will have you chasing your tail

Third-party risk assessments are often described as time-consuming, repetitive, overwhelming, and outdated. Think about it: organizations, on average, have over 5,000 third parties, meaning they may feel the need to conduct over 5,000 risk assessments. In the old school method, that’s 5,000 redundant questionnaires. 5,000 long-winded Excel sheets. No wonder they feel this way. The reason why […]

Leave a Comment

Risk Management document templates

Risk Assessment and Risk Treatment Methodology The purpose of this document is to define the methodology for assessment and treatment of information risks, and to define the acceptable level of risk. The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you. There […]

Leave a Comment

What Is Information Risk Management? Definition & Explanation

Information risk management is the process of identifying the ways an organisation can be affected by a disruptive incident and how it can limit the damage. It encompasses any scenario in which the confidentiality, integrity and availability of data is compromised. As such, it’s not just cyber attacks that you should be worried about. Information […]

Leave a Comment

Conducting an asset-based risk assessment in ISO 27001:2013

Conducting an asset-based risk assessment in ISO 27001:2013 – Vigilant Software The nature of ISO27001 is that it is heavily focused on risk-based planning. This is to ensure that the identified information risks are appropriately managed according to the threats and the nature of the threats. While asset-based risk assessments are still widely regarded as best practice, […]

Leave a Comment

vsRisk™ risk assessment

vsRisk Standalone 3.0 – Brand new vsRisk™ risk assessment software available now vsRisk is fully aligned with ISO 27001:2013 and helps you conduct an information security risk assessment quickly and easily. The upgrade includes three key changes to functionality: custom acceptance criteria, a risk assessment wizard and control set synchronization. This major release also enables users […]

Leave a Comment

When to use tools for ISO 27001/ISO 22301 and when to avoid them

If you’re starting to implement complex standards like ISO 27001 or ISO 22301, you’re probably looking for a way to make your job easier. Who wouldn’t? After all, reinventing the wheel doesn’t sound like a very interesting job. So, you start looking for some tool to help you with these information security and business continuity […]

Comments (1)

Do it yourself solution for ISO27001 implementation

ISO 27001 Do It Yourself Package This is the do-it-yourself solution for ISO27001 implementation Cyber crime is increasing exponentially, and this trend will continue as more business activities move online and more consumers connect to the Internet. ISO/IEC 27001 is the only international information security management Standard that can help your organization protect its critical […]

Leave a Comment

ISO27001 2013 ISMS Gap Analysis Tool

To transition from ISO27001:2005 to ISO27001:2013 you may need a Gap Assessment Tool to prioritize your implementation plan. ISO27001 2013 ISMS Gap Analysis Tool, which quickly and clearly identify the controls and control areas in which an organization does not conform to the requirements of the standard. Available for immediate dispatch/download from IT Governance, this […]

Comments (1)

vsRisk – The Cyber Security Risk Assessment Tool

vsRisk – The Cyber Security Risk Assessment Tool It is extremely difficult to carry out a risk assessment that will meet the requirements of ISO27001 without using a specialist information security risk assessment tool. While there are a wide range of products on the market that claim to meet these requirements, the reality is that […]

Leave a Comment

A Guide to Data Security and ISO27001/ISO27002

IT Governance 5: An International Guide to Data Security and ISO27001/ISO27002 This manual provides clear, unique guidance for both technical and non-technical managers. It details how to design, implement and deliver an ISMS that complies with ISO 27001. Now in its fifth edition, this title has been fully updated to take account of the latest […]

Comments (4)

Cyber Security and Risk Assessment

Cyber security is the protection of systems, networks and data in cyber space. If your system is connected on the internet, you should know and uderstand the risks of cyber space to take appropriate countermeasures. To understand the risks of cyber security,The first place is to begin with is a risk assessment. By completing a […]

Leave a Comment

Why ISO 27001 certification should be a priority

Why ISO 27001 certification is unavoidable Now a days, the ISO27001 standard has become an almost unavoidable factor in the field of information security. Compliance is unavoidable because most industries are heavily regulated. Seems like more legislations are on our way to redefine our actions on the internet. Because ISO 27001 requirements are largely a […]

Comments (10)

Impact of an Effective Risk Assessment to ISO 27001

First to start with a definition of risk – Risk is a function of the probability that an identified threat will occur and then impact the mission or business objectives of an organization. The kind of risks we deal with information assets are mostly those risks from which only loss can occur, which may be […]

Comments (2)

Project Planning outline for (ISO 27001) ISMS

The project planning process includes steps to estimate the size of the project, estimate the scope of the effort and resources, assess project risks, and produce an acceptable schedule after negotiating with control owner. Steps below provide a bullet list of project plan outline phases and action items of ISMS (ISO 27001). This is not […]

Comments (2)

PCI Risk Assessment Tips Offered

  Council Issues Guidelines to Address Security Shortcomings In its just-released guidelines for ongoing risk assessments, the Payment Card Industry Security Standards Council notes three specific areas for improvement. The guidelines, which are intended for any organization that handles credit or debit card data, offer specific recommendations for risk assessments, such as how to create […]

Comments (1)

PCI view of Risk Assessment

  Organizations that need to comply with PCI-DSS need to create their own risk assessment methodology that works for their specific business needs, according to a new report by the Payment Card Industry Security Standards Council (PCI SSC). PCI Risk Assessment Special Interest Group says When developing their own risk assessment methodology, organizations may consider adapting an industry-standard methodology […]

Leave a Comment

5 reasons why vsRisk v1.6 is the definitive risk assessment tool

by Melanie Watson It is extremely difficult to carry out a risk assessment that will meet the requirements of ISO27001 without using a specialist information security risk assessment tool. While there are a wide range of products on the market that claim to meet these requirements, the reality is that there are very few. There’s […]

Comments (2)

Risk Management and Business Life Cycle

Risk management is a business process and all the business decisions should have a business development life cycle Risk management is a management responsibility, must be supported by senior management and that concept of Ownership of assets must be established In Pre screening of critical assets, assets sensitivity must be established based on business, legal […]

Leave a Comment

Enterprise Risk Management: From Incentives to Controls

Enterprise Risk Management: From Incentives to Controls Enterprise risk management is a complex yet critical issue that all companies must deal with as they head into the twenty-first century. It empowers you to balance risks with rewards as well as people with processes. But to master the numerous aspects of enterprise risk management- you must […]

Leave a Comment

IT risk assessment frameworks: real-world experience

By Bob Violino, CSO Assessing and managing risk is a high priority for many organizations, and given the turbulent state of information security vulnerabilities and the need to be compliant with so many regulations, it’s a huge challenge. Several formal IT risk-assessment frameworks have emerged over the years to help guide security and risk executives […]

Leave a Comment