Information risk management is the process of identifying the ways an organisation can be affected by a disruptive incident and how it can limit the damage. It encompasses any scenario in which the confidentiality, integrity and availability of data is compromised. As such, it’s not just cyber attacks that you should be worried about. Information […]

  Govern and manage Cyber Security risk with this unique comprehensive toolkit suite   Comprehensive Cyber Security Risk Management Toolkit Suite – Use the Cyber Security Governance & Risk Management Toolkit for a new, fresh implementation of a comprehensive management system that will also be capable of ISO27001 certification, or take advantage of this toolkit’s […]

New IT-GRC Glossary from IT Governance designed to simplify industry terms IT Governance Ltd, the single source provider of IT governance, risk management and compliance (IT-GRC), has just published a glossary on their website. The IT-GRC glossary is designed to help IT professionals recognize the wide range of acronyms used within the industry to further […]

vsRisk – The Cyber Security Risk Assessment Tool It is extremely difficult to carry out a risk assessment that will meet the requirements of ISO27001 without using a specialist information security risk assessment tool. While there are a wide range of products on the market that claim to meet these requirements, the reality is that […]

Cyber security is the protection of systems, networks and data in cyber space. If your system is connected on the internet, you should know and uderstand the risks of cyber space to take appropriate countermeasures. To understand the risks of cyber security,The first place is to begin with is a risk assessment. By completing a […]

by James Warren Internet technologies have revolutionised the way that business is conducted but these innovations expose your business to various cyber security risks. Inadequate security can lead to the theft of customer data and, in the event of technological failure or a cyberattack, your business could lose its ability to function altogether. An effective risk management […]

First to start with a definition of risk – Risk is a function of the probability that an identified threat will occur and then impact the mission or business objectives of an organization. The kind of risks we deal with information assets are mostly those risks from which only loss can occur, which may be […]

  Organizations that need to comply with PCI-DSS need to create their own risk assessment methodology that works for their specific business needs, according to a new report by the Payment Card Industry Security Standards Council (PCI SSC). PCI Risk Assessment Special Interest Group says When developing their own risk assessment methodology, organizations may consider adapting an industry-standard methodology […]

Image by purpleslog via Flickr By Mary Mosquera Last year’s HITECH Act toughened the rules and enforcement penalties health information handlers must follow to protect patient privacy. Under the new policy regime, providers will have to pay more attention to the confidentiality and safety of patient information as they move more of their operations toward […]

Image by Adam Melancon via Flickr The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. A good RAF organizes and presents information in a way that […]

Information Security Risk Analysis In risk management, risk treatment process begins after completion of a comprehensive risk assessment. Once risks have been assessed, risk manager utilize the following techniques to manage the risks • Avoidance (eliminate) • Reduction (mitigate) • Transfer (outsource or insure) • Retention (accept and budget) Now the question is how to […]

Image via Wikipedia FISMA Certification & Accreditation Handbook The organizations need to establish security program to manage their day to day risks. Before selecting the controls from standards such as (NIST 800-53 or ISO 27002), organizations need to have complete inventory of the assets involved in the scope. Assets involved in the scope would require […]

Image by moonhouse via Flickr“By slipping a simple, three-sentence provision into the gargantuan spending bill passed by the House of Representatives last week, a congressman from Silicon Valley is trying to nudge Congress into the 21st Century. Rep. Mike Honda (D-Calif.) placed a measure in the bill directing Congress and its affiliated organs — including […]

Last year the department of Health and Human Services (HHS) started penalizing healthcare organizations for security breaches and lack of security program. Healthcare stimulus bill says that HHS will post a breach of healthcare organization on their website. In both cases the intent is clear that HHS want to hold healthcare organizations accountable for security […]

According to a study released by European Union ENISA, Small-to-Medium-Sized (SME) enterprises require extra guidance in assessment of IT security risks of their assets. Agency also established that in the first implementation it is improbable that SME can utilize a risk assessment & risk management approach without external assistance and simplified information security approach was […]

Due to economic insecurity all the warning signs are pointing that this year is going to top the record for information security and privacy incidents. Organizations may not be in a position to take business limiting risk and bypass security fundamental like Business Continuity Planning (BCP). During this economic uncertainty organizations have to pay more […]

According to BBC news article by Maggie Shiels (Feb 11, 2009) the world’s biggest software maker has warned companies to expect an increase in “insider” security attacks by disgruntled, laid-off workers. Microsoft said so-called “malicious insider” breaches were on the rise and would worsen in the present downturn. Below are the high points: • With […]

To become a successful business in today’s market, optimized information security controls may be the panacea for unmet security needs. One way to achieve optimized information security control is to perform ISO assessment and assess the organization security posture based on ISO 27002 code of practice and map each control with Capability Maturity Model Integration (CMMI) […]

Image via Wikipedia In the past when senior management (execs) needed to understand the financial implication of cyber threats and their exposures, they turned their questionnaires toward IT for relevant answers. In other words IT risk assessment was the answer in the past to understand the financial implications of cyber threats. The IT risk assessment […]