Blog
Page 8 of 153
Clarifying Roles and Responsibilities in GRC Management
Governance, risk management, and compliance (GRC) are crucial activities for any modern organization. Implementing an effective GRC program, however, is easier said than done. The first and most critical step: defining clear roles and responsibilities so people know what they’re supposed to do to further your GRC program. A well-structured GRC team facilitates collaboration across departments, leverages […]
Tags: NIST
September 21, 2024
Incident Response Plan vs. Disaster Recovery Plan
When crafting a business continuity strategy, businesses need to recognize the need for two complementary yet distinct documents: an incident response plan (IRP) and a disaster recovery plan (DRP). An incident response plan is essential for preparing your organization to handle potential information security incidents effectively. These incidents can range from data breaches and malware to system outages and general computer security. In today’s digital landscape, such risks pose significant […]
Vulnerability Scanners: Passive Scanning vs. Active Scanning
Vulnerabilities in enterprise environments create many opportunities for cyber criminals to attack the organization. Bad actors may take advantage of security misconfigurations, broken authentication processes, buffer overflows, and other vulnerabilities to spread malware, launch account takeover attacks, and steal large amounts of sensitive data. As of April 2022, the U.S. government’s National Vulnerability Database (NVD) […]
Cybersecurity KPIs to Track + Examples
To manage cybersecurity risks effectively and maintain a strong defense posture, organizations need a clear understanding of their security program and the ability to measure their progress toward key objectives. Enter key performance indicators (KPIs), a mechanism that allows organizations to gauge and track their cybersecurity effectiveness. In this article we delve into cybersecurity KPIs, […]
Tags: Cybersecurity
5 Most Effective Risk Management Techniques
Risk management techniques help businesses identify and address risks, create baselines for acceptable risks, and prepare for unexpected threats. Thorough risk identification, risk assessment, risk analysis, and risk control also help to improve enterprise-wide communication, collaboration, and decision-making. A robust risk management process benefits every function, including sales, marketing, procurement, project management, and accounting. Risk management […]
Tags: Risk Management
Navigating the Future of AI Governance: A Guide to NIST AI RMF, ISO/IEC 42001, and the EU AI Act
In the rapidly evolving landscape of Artificial Intelligence (AI), Governance, Risk, and Compliance (GRC) professionals must navigate the increasingly complex challenges of trustworthy development, deployment, and monitoring of AI systems. The recently released NIST Artificial Intelligence Risk Management Framework (NIST AI 100-1), ISO/IEC 42001, and the upcoming European Union Artificial Intelligence Act are pivotal guidelines for organizations to better […]
Top 5 Risks Affecting the Healthcare Industry
Cybersecurity is a constant, serious threat to the healthcare industry. Unfortunately, however, the risks to cybersecurity and data security in healthcare are only one part of the larger risk management puzzle for healthcare organizations. Infections, alarm fatigue, telemedicine, and a lack of emergency preparedness also pose severe threats in healthcare. To minimize exposure, healthcare organizations require a […]
Tags: Healthcare, HIPAA
September 20, 2024
Identifying Assets for IT Risk Analysis
Any organization that uses information technology should conduct cybersecurity risk assessments from time to time. Each organization, however, faces its own unique set of security risks and needs to tailor its approach to addressing those specific risks within its risk management processes. To get started, you first need to identify all your organization’s IT assets, […]
Tags: Risk Management
How to Develop a Risk Culture at Your Organization
Risk is inseparable from the modern business landscape – and therefore, every company needs an effective risk management program to identify, assess, manage, and mitigate risk. Robust processes, solid internal controls, and an enterprise risk management framework can help an organization identify best practices, share knowledge, and track metrics to meet these strategic objectives. But another critical […]
Tags: Risk Management
September 12, 2024
Risk Exception Management Process: How to Manage Non-Compliance
Risk exception For all the importance of strong policies and procedures, another truth is this: that in day-to-day operations, your organization will very likely run into situations that violate them. A risk exception occurs when a particular policy, standard, security program requirement, or security best practice cannot be fully implemented. For example, your organization might make an exception so […]
Tags: Risk Management
Page 8 of 153