Blog
Page 52 of 152
By the Numbers: The Evolution of the CISO’s Role
Security executives such as CISOs have seen their roles evolve rapidly over the past few years as cybersecurity rises to the forefront of board and C-suite concerns. Are you ready to keep up? DOWNLOAD THIS INFOGRAPHIC Share this Infographic on Your Site courtesy of Reciprocity As organizations shift from a compliance focus to a risk-first […]
December 19, 2022
How to Determine Your Risk Tolerance Level
All the risk management measures an organization might take to address cybersecurity threats depend on one critical question: What is the organization’s risk tolerance? Risk tolerance is a concept borrowed from investment strategy and is part of various risk assessment methodologies. Investors with high-risk tolerance are willing to endure volatility in the stock market and […]
5 Steps To Developing A Corporate Compliance Program
Using automation can help make these five steps to developing a corporate compliance program more efficient.
Tags: Compliance
Understanding the Fundamentals of Information Security Management
Modern businesses now store vast troves of information, which means they must implement security controls and other protection measures to keep that information safe from cybersecurity breaches, theft, and other threats. CISOs must follow wise information security management principles to organize all those controls into a coherent, disciplined program. Vocabulary is essential here. “Cybersecurity” focuses […]
December 17, 2022
What Is Residual Risk in Information Security?
Cyber risks can be challenging to understand, especially for people who are not risk management professionals. This makes it harder for companies to take proper precautions to address threats, since management teams might need to grasp the residual risk after implementing a suite of controls. Ignoring residual risk can leave serious security gaps in your […]
What’s the System Description of a SOC 2 Report?
A SOC 2 system description is an important part of a SOC report. It outlines the boundaries of that report, and contains important details regarding the people, processes, and technology that support your product, software, or service. One cannot complete a SOC 2 audit without a clear, comprehensive system description. As a reminder, “SOC” stands […]
December 15, 2022
SOC 2 vs. SOC 3 Compliance: What’s the Difference?
Safeguarding data is more vital than ever for corporate organizations. Responding to that desire for stronger cybersecurity, many technology vendors to those corporations – especially vendors that offer software as a service (SaaS), cloud computing, and data management – are documenting how their internal controls meet SOC 2 cybersecurity standards. Whether you’re a service organization […]
What is a Risk Assessment?
A risk assessment is the process a company undertakes to catalog the potential threats to its business. In the same way a person might check the air pressure in a car’s tires every season, chief information security officers (CISO) should conduct risk assessments at regular intervals. Consider it a part of your standard safety management […]
Which NIST Framework Is Best For Your Organization?
NIST is the abbreviated name of the National Institute of Standards and Technology. It’s one of many federal agencies under the U.S. Department of Commerce, and plays a crucial role developing technology and security standards to meet the requirements of the Federal Information Security Management Act (FISMA). NIST frameworks help organizations those bidding on defense […]
December 7, 2022
Page 52 of 152