FAIR Institute blog by Isaiah McGowan Read Books to Jumpstart Your Career in Risk Management What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager. They’re not ranked by which book is best. Instead, I list them in the recommended reading […]
Risk management is a business process and all the business decisions should have a business development life cycle Risk management is a management responsibility, must be supported by senior management and that concept of Ownership of assets must be established In Pre screening of critical assets, assets sensitivity must be established based on business, legal […]
Enterprise Risk Management: From Incentives to Controls Enterprise risk management is a complex yet critical issue that all companies must deal with as they head into the twenty-first century. It empowers you to balance risks with rewards as well as people with processes. But to master the numerous aspects of enterprise risk management- you must […]
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments The following are the common steps that should be taken to perform a security risk assessment. These are just basic common steps which should not be followed as is but modified based on organization assessment scope and business requirements. • Identify the […]
Information Technology Control and Audit The audit is utilized as a tool to check compliance control based on standards such as ISO 27002 or NIST 800-53 etc. Some other terms which are not sometime rigorous audit have been used to asses controls are gap analysis, benchmarking and control review. Scoping sets the boundaries of the […]
Last year the department of Health and Human Services (HHS) started penalizing healthcare organizations for security breaches and lack of security program. Healthcare stimulus bill says that HHS will post a breach of healthcare organization on their website. In both cases the intent is clear that HHS want to hold healthcare organizations accountable for security […]
According to a study released by European Union ENISA, Small-to-Medium-Sized (SME) enterprises require extra guidance in assessment of IT security risks of their assets. Agency also established that in the first implementation it is improbable that SME can utilize a risk assessment & risk management approach without external assistance and simplified information security approach was […]
