ZenGRC

Simply Powerful GRC

Home » Resource Center » Blog

Blog

Found 1516 Results
Page 63 of 152

Is Microsoft 365 GCC High Compliant with FedRAMP High?


Microsoft provides numerous options for its public cloud offerings. Microsoft 365 Commercial, also known as MS 365 Commercial or Commercial Microsoft 365, is the “standard” cloud. The Commercial cloud version offers the most features and tools, global availability, and requires no validations to use it. The Federal Risk and Authorization Management Program (FedRAMP) provides a […]

Corporate business team and manager in a meeting

July 15, 2022

Guide to Implementing an IT Risk Management Framework


Enterprise risk management (ERM) is a disciplined, holistic way to identify, manage, and mitigate risk throughout your entire enterprise. IT risk management (ITRM) is one subset of that effort, focused on identifying and managing risks specific to IT functions. An industry-accepted ITRM framework can help you implement an ITRM program quickly and with minimal disruption. […]

user and email icons connected as nodes

FedRAMP System Security Plan: Tips for Writing an SSP


The Federal Risk and Authorization Management Program (FedRAMP) standardizes how U.S. federal government agencies apply the Federal Information Security Management Act (FISMA) to cloud computing services. Through its “do once, use many times” security assessment framework, agencies can streamline the processes for the assessment, authorization, and monitoring for cloud service providers (CSPs) and their cloud […]

cybersecurity engineer working on system security

Understanding FIPS 140-2 Encryption Requirements to Manage Risk and Achieve FedRAMP Compliance


The Federal Risk and Authorization Management Program (FedRAMP) provides a risk-based approach to help U.S. government agencies adopt and use cloud-based technology services. FedRAMP standardizes the security requirements for cloud services, so that cloud service providers (CSPs) can have an easier time meeting bidding on government contracts. One of the primary requirements for FedRAMP certification […]

datastream flowing through a padlock

July 13, 2022

All You Wanted to Know About the FedRAMP Security Assessment and Risk Management Framework


The Federal Risk and Authorization Management Program (FedRAMP) provides U.S. federal agencies and their vendors with a standardized set of best practices to assess, adopt, and monitor the use of cloud-based technology services under the Federal Information Security Management Act (FISMA). Simply put, FedRAMP is a program to standardize FISMA compliance and promote the adoption […]

internet digital cyber security technology concept for business background.

Cyber Risk Management: The Right Approach is a Business-Oriented Approach


This article first appeared in Cyber Defense eMagazine – July 2022 Edition. As rates of cyberattacks continue to increase – and organizations continue to grapple with how effectively they are protecting themselves – companies need to find better ways to safeguard every level of the business. Many are waiting for the next great technology solution […]

businessman holding tablet with risk management icon overlay

July 12, 2022

Simplifying Cybersecurity Insurance with Unified Risk Management


In today’s hyper-connected world, it is hard to imagine a business that doesn’t rely in whole or in part on the usage of electronic communications and systems to meet critical business processes. The systems themselves are crucial, but the information contained therein is actually the most important resource. Data is quickly becoming the most valuable […]

cybersecurity insurance

How To Use CPS 234 To Reduce Risk To Your Financial Data


A recent blog I wrote on the latest security standard update from the Payment Card Industry—PCI DSS V4.0—talked about going beyond a singular framework as a basis for compliance and recommended taking a risk-first approach to your payment processing and cardholder data security. Today I want to highlight an example for our friends in Australia […]

APRA CPS 234 SCF 2022 Cross-industry prudential standard

July 1, 2022

What is the Purpose of NIST?


What Is the Purpose of the NIST Cybersecurity Framework? Strong cybersecurity is paramount for organizations in every industry – and the best way to implement a robust cybersecurity program (or to strengthen an existing program) is to use an established cybersecurity framework. An accepted cybersecurity framework will provide useful guidelines and goals to plan, implement, […]

Abstract glowing id fingerprint web protection and security interface on blurry blue bokeh city background. Identification, cybersecurity and privacy concept.

Tags: ,

5 Steps to Reduce the Web of Uncertainty in Third-Party Risk Management


Businesses around the globe need to consider a systematic and digital-first approach to third-party risk management (TPRM) to catalog, classify and manage all third-party relationships across the organization. Only when you’re able to identify and mitigate risk throughout the lifecycle of the relationship will you be able to successfully protect the organization’s compliance, revenue and […]

white paper - 5 Steps to Reduce the Web of Uncertainty in Third-Party Risk Management

June 29, 2022

Page 63 of 152

Ready to Experience Simply Powerful GRC?

×