Read this blog to find out how robust privacy and cyber risk management can help you demonstrate GDPR compliance.
Cyber security has become a boardroom issue and so there is an increasing need for cyber risk to be measured and reported in financial terms. Read this blog for more details.
This blog outlines three ways which will allow you to attain the most value from your cyber risk management processes over the next year.
This white paper highlights the importance of demonstrating a diligent risk-based approach to handling of personal data.
This white paper describes how you can implement, and show evidence of a risk-based approach to cyber security. Regulations such as EU GDPR, and standards such as ISO 27001 require a risk-based approach to cyber security but this can often be a challenge for organisations so Simon Marvell identifies 7 requirements for a risk-based approach to cyber security.
Want to know more? Register here to watch our 'Risk-based Approach to Cyber Security' webinar on-demand.
This paper argues that due to the high level of threat there is an urgent need for organizations to truly understand their cyber security risk status so that, where necessary they can take urgent remedial actions to rectify weaknesses. If there isn’t sufficient visibility of cyber security risk status, organizations won’t be able to manage cyber security risks and they will almost certainly suffer a breach.
Simon Marvell shows how to model cyber security threats and controls, measure risk status and react to change with examples using publically available expert content, such as the annual Verizon Data Breach Investigations reports and the SANS Top 20 Critical Security Controls for Cyber Defense.
An article by Simon Marvell, describing why spreadsheets have been so popular with compliance and risk management along with the problems. Explaining the benefits of new alternative approaches to the issue.
This paper describes a blueprint for Enterprise Information Security Assurance Systems (ISO 27001) but the principles are applicable to any management system solution, including Quality Management Systems (ISO 9000 series), Environmental Management Systems (ISO 14000 series), Occupational Health & Safety Systems (ISO 18000 series) and Business Continuity Management Systems (BS 25999 series).
This paper argues that the risk management industry is currently failing business managers because it is not giving them the information that they need to manage risk effectively. The vast majority of avoidable business disasters or failures occur because those executives with the power to take action to avoid or mitigate the risks aren’t aware of the true risks. The paper goes on to describe a new risk management framework for giving executives the information that they need, based around the three key attributes of: valuable information; ease of use; and, flexibility. Giving Executives the information that they really need. To view the paper please select the link below.
IRAM is a business-led information risk analysis methodology used widely by ISF members. IRAM provides tools for business impact assessment, threat and vulnerability assessment and control selection. However, it is not an integrated web-based solution and does not provide tools for on-going monitoring and reporting of risk status or workflow for managing the treatment of unacceptable risks. This paper describes how IRAM can be used easily with Acuity’s STREAM GRC software to provide a complete information risk management solution for ISF members.