Posts Tagged ‘Security Risk Assessment’

Risk Management document templates

Risk Assessment and Risk Treatment Methodology The purpose of this document is to define the methodology for assessment and treatment of information risks, and to define the acceptable level of risk. The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you. There […]

Leave a Comment

ISO Self Assessment Tools

ISO Self assessment tools list includes but not limited to Privacy, ISO 27001, ISO 9001 and ISO 14001 & ISO/IEC 27701 2019 Standard and Toolkit

Leave a Comment

5 Must Read Books to Jumpstart Your Career in Risk Management

FAIR Institute blog by Isaiah McGowan Read Books to Jumpstart Your Career in Risk Management What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager. They’re not ranked by which book is best. Instead, I list them in the recommended reading […]

Leave a Comment

Risk Management and Business Life Cycle

Risk management is a business process and all the business decisions should have a business development life cycle Risk management is a management responsibility, must be supported by senior management and that concept of Ownership of assets must be established In Pre screening of critical assets, assets sensitivity must be established based on business, legal […]

Leave a Comment

Enterprise Risk Management: From Incentives to Controls

Enterprise Risk Management: From Incentives to Controls Enterprise risk management is a complex yet critical issue that all companies must deal with as they head into the twenty-first century. It empowers you to balance risks with rewards as well as people with processes. But to master the numerous aspects of enterprise risk management- you must […]

Leave a Comment

Security risk assessment process and countermeasures

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments The following are the common steps that should be taken to perform a security risk assessment. These are just basic common steps which should not be followed as is but modified based on organization assessment scope and business requirements. • Identify the […]

Leave a Comment

Audit of security control and scoping

Information Technology Control and Audit The audit is utilized as a tool to check compliance control based on standards such as ISO 27002 or NIST 800-53 etc. Some other terms which are not sometime rigorous audit have been used to asses controls are gap analysis, benchmarking and control review. Scoping sets the boundaries of the […]

Comments (1)

HIPAA accountability and security program

Last year the department of Health and Human Services (HHS) started penalizing healthcare organizations for security breaches and lack of security program. Healthcare stimulus bill says that HHS will post a breach of healthcare organization on their website. In both cases the intent is clear that HHS want to hold healthcare organizations accountable for security […]

Comments (2)

Small business and assessment of IT risks

According to a study released by European Union ENISA, Small-to-Medium-Sized (SME) enterprises require extra guidance in assessment of IT security risks of their assets. Agency also established that in the first implementation it is improbable that SME can utilize a risk assessment & risk management approach without external assistance and simplified information security approach was […]

Leave a Comment