Blog
Page 6 of 153
Checklist for Third-Party Risk Assessments
Amid escalating data breaches and supply chain attacks, businesses are placing an unprecedented emphasis on third-party risk management. That’s a logical and prudent idea, but achieving this level of security requires a comprehensive approach — which makes a checklist for third-party risk assessment indispensable. In this article, we’ll explore what that checklist for third-party risk […]
Tags: NIST, Third-Party Management
September 24, 2024
Assessing Business Risks Associated With Change
Change is a necessary and inevitable part of business, whether it relates to new technology, the socio-economic climate, the competitive landscape, or the regulatory environment. That also includes external shocks such as pandemics, weather disasters, and, regrettably, war and terrorist strikes. An organization facing change can adapt to it with an effective change management program. […]
Tags: Risk Management
Top 7 Vulnerability Mitigation Strategies
Discover the best vulnerability mitigation strategies to help protect your business from potential threats with this guide from the team at ZenGRC. 2021 (and every year leading up to it) was the worst year on record for cybersecurity. Since the onset of the COVID-19 pandemic, cybercrime as a whole has increased by 600 percent. Moreover, cybercrime […]
Tags: NIST, Risk Management
Complementary User Entity Controls, Explained
Most security, audit and compliance professionals are already acquainted with System and Organization Controls (SOC) and SSAE 18 audits. There is, however, another category of controls that needs attention too: Complementary User Entity Controls (CUECs). CUECs are a subset of service organization controls, and exist on a user-entity level — that is, at the level of organizations […]
What You Need to Know About Security Compliance Management
Security compliance management is that set of policies, procedures, and other internal controls that an organization uses to fulfill its regulatory requirements for data privacy and protection. Put another way, security compliance management is a subset of regulatory compliance management that specifically addresses data protection. Clearly security compliance management is important. Without it, a company risks all […]
Tags: NIST
What is Continuous Auditing?
Many security and compliance professionals hear “continuous monitoring” as part of their information security process and grasp the term’s meaning – but “continuous auditing” may feel redundant or confusing. That’s unfortunate. Understanding how continuous auditing fits into a security-first approach to cybersecurity helps protect the integrity of your data and prove the strength of your controls work. This post […]
Tags: Audit Management
Business Continuity Risk: How to Plan for Threats
In an increasingly complex and interconnected world, businesses face a myriad of risks that can disrupt their operations. From natural disasters to cyber-attacks, the potential threats are numerous and varied. Understanding and planning for these risks is not just a matter of safeguarding assets; it’s about ensuring the very survival of the business. This blog explores the multifaceted […]
Tags: Risk Management
NIST Cyber Risk Scoring
As companies continue to face new and increasing cybersecurity risks, the National Institute of Standards and Technology (NIST) has developed a cyber risk scoring methodology that helps organizations to assess, quantify, and manage their cybersecurity posture effectively. The NIST Cyber Risk Scoring solution improves NIST’s security and privacy assessment processes by providing real-time contextual risk […]
Tags: NIST
How to Choose a Compliance Management Tool
Effective corporate compliance is an increasingly urgent issue for businesses. More regulations continue to increase across the landscape, and compliance obligations are becoming more complex. The need for an effective compliance management tool to help Chief Information Security Officers (CISOs) and senior management meet those ever-expanding compliance requirements has never been greater. A manual approach to tracking […]
Tags: NIST
3 Levels of FISMA Compliance: Low Moderate High
The United States enacted the Federal Information Security Management Act (FISMA) in 2002 as part of the E-Government Act of 2002 to enhance the administration of electronic government services and operations and has since been amended by the Federal Information Security Modernization Act of 2014 (FISMA 2014). This law requires federal agencies to develop, implement, […]
Page 6 of 153