Blog
Page 7 of 152
Risk Remediation vs. Risk Mitigation
Remediation and mitigation are words commonly used interchangeably to describe a wide variety of risk management measures within an organization or project. They are, however, distinct concepts under enterprise risk management (ERM) principles, with particular relevance for safeguarding the organization and its stakeholders. Remediation activities focus on fixing a problem to avoid or prevent the arrival of a […]
Tags: NIST, Risk Management
September 21, 2024
Regulatory Compliance in Healthcare
Every day, healthcare providers must perform the nerve-racking task of complying with increasing healthcare regulations. According to one report, the healthcare industry spends nearly $39 billion every year on the administrative burdens of regulatory compliance. Today, healthcare organizations must comply with more than 600 regulatory requirements. These compliance laws encompass numerous occupational sectors, from pharmacies and insurance companies to cloud service providers. […]
Tags: Healthcare, HIPAA, NIST
Risk Control Measures That Work
Conducting a regular risk assessment is an integral part of any organization’s overall risk management plan. It’s sometimes even a legal requirement, depending on your industry, contractual obligations, or the number of people you employ. Risk assessments also help you perform a risk analysis to evaluate the risks associated with a hazard after the hazard is […]
Tags: NIST, Risk Management
Internal Control Practices to Prevent Inventory Loss
In 2020, more than 15 percent of U.S. retailers experienced inventory shrinkage — that is, loss of physical inventory — of 3 percent or more. According to the 2019 National Retail Security Survey, shrinkage cost the U.S. retail industry $50.6 billion that year. A common cause of inventory shrinkage is larceny, defined as the taking of property […]
Clarifying Roles and Responsibilities in GRC Management
Governance, risk management, and compliance (GRC) are crucial activities for any modern organization. Implementing an effective GRC program, however, is easier said than done. The first and most critical step: defining clear roles and responsibilities so people know what they’re supposed to do to further your GRC program. A well-structured GRC team facilitates collaboration across departments, leverages […]
Tags: NIST
Incident Response Plan vs. Disaster Recovery Plan
When crafting a business continuity strategy, businesses need to recognize the need for two complementary yet distinct documents: an incident response plan (IRP) and a disaster recovery plan (DRP). An incident response plan is essential for preparing your organization to handle potential information security incidents effectively. These incidents can range from data breaches and malware to system outages and general computer security. In today’s digital landscape, such risks pose significant […]
Vulnerability Scanners: Passive Scanning vs. Active Scanning
Vulnerabilities in enterprise environments create many opportunities for cyber criminals to attack the organization. Bad actors may take advantage of security misconfigurations, broken authentication processes, buffer overflows, and other vulnerabilities to spread malware, launch account takeover attacks, and steal large amounts of sensitive data. As of April 2022, the U.S. government’s National Vulnerability Database (NVD) […]
Cybersecurity KPIs to Track + Examples
To manage cybersecurity risks effectively and maintain a strong defense posture, organizations need a clear understanding of their security program and the ability to measure their progress toward key objectives. Enter key performance indicators (KPIs), a mechanism that allows organizations to gauge and track their cybersecurity effectiveness. In this article we delve into cybersecurity KPIs, […]
Tags: Cybersecurity
5 Most Effective Risk Management Techniques
Risk management techniques help businesses identify and address risks, create baselines for acceptable risks, and prepare for unexpected threats. Thorough risk identification, risk assessment, risk analysis, and risk control also help to improve enterprise-wide communication, collaboration, and decision-making. A robust risk management process benefits every function, including sales, marketing, procurement, project management, and accounting. Risk management […]
Tags: Risk Management
Navigating the Future of AI Governance: A Guide to NIST AI RMF, ISO/IEC 42001, and the EU AI Act
In the rapidly evolving landscape of Artificial Intelligence (AI), Governance, Risk, and Compliance (GRC) professionals must navigate the increasingly complex challenges of trustworthy development, deployment, and monitoring of AI systems. The recently released NIST Artificial Intelligence Risk Management Framework (NIST AI 100-1), ISO/IEC 42001, and the upcoming European Union Artificial Intelligence Act are pivotal guidelines for organizations to better […]
Page 7 of 152