‘Compliance isn’t security’: 5 keys to a better approach 

Controls assurance gives confidence to business leaders and other stakeholders that business objectives will be achieved within a tolerable level of risk. In this blog, we discuss how organizations can successfully reduce risk using the COSO framework.

Cut risks, curb costs: The benefits of controls assurance 

Executive leadership knows that these risks must be managed, but wants reassurance that mitigation efforts are implemented efficiently and effectively. This requires a systematic understanding of the controls in place to guard against threats. In this blog, we discuss the necessity of an integrated, risk-based controls system.


Cyber Attacks via Vendors: Lessons Learned 

No matter how securely an organization guards itself against cybersecurity attacks, it’s vulnerable if vendors haven’t taken similar precautions. In this blog, we review high-profile cyberattacks that were due to third-party relationships and what can be learned from them.


Managing Your Weakest Link: Supply Chain Risk Management 

It’s sobering to think about those numbers and the amount of risk businesses are accepting from their supply chain. How do you make sure your supply chain doesn’t become the weakest link in your risk management strategy?


Patching Procrastination: The Importance of Vulnerability Management 

It only takes is a single blind spot or vulnerability for your organization to be at risk. With thousands of vulnerabilities, how can organizations protect themselves and avoid disruptions to crucial business operations?


Stay in Control of your Assets through Risk-based Vulnerability Management 

While vulnerability scanning tools help you identify vulnerabilities, they don’t help with the management of them. So how can organizations attain actionable insights to create an effective mitigation plan?


A CIO Perspective: Lessons on Digital Transformation 

Digital transformation’s opportunities come with new risks, particularly when it comes to cybersecurity and data protection. This promises to exacerbate already widespread problems around risk and risk management, which is typically treated as a necessity; a mere cost center, instead of an area for opportunity. So How and why should we change the mindset towards risk during digital transformation?


Why Integrated Risk Management is Intelligent Risk Management? 

By 2021, Gartner projects that 50 percent of enterprise risk management strategies within large organizations will involve an IRM solution, and that the market will reach $8 billion annually. So what are the benefits of IRM?


Risk Management: Tips for Buyers 

With so many different solutions in the market, finding the right one can be challenge. Read this blog to find out what you need to consider when evaluating different risk management solutions.

Risk Management: The 4 Keys to Building a Resilient Business 

Our experience says there are 4 keys to building a holistic risk management strategy aimed at creating a resilient business. Read this blog to find out what you need to consider.


​Integrated Risk Management: Addressing Tomorrow's GRC Challenges Today 

If GRC isn’t enough, what is needed to address modern risk and compliance challenges? Read this blog to learn more.

Can GRC keep up? Risk and Compliance in the Digital Era 

You wouldn’t try to do bookkeeping in a journal anymore, so why would you try to manage risk and compliance on a spreadsheet? Like everything else in the digital era, GRC must adapt - read this blog to find out why and how.


Cyber Risk: A CIO Perspective on Digital Transformation 

Digital cyber risk in an increasingly digital landscape is a topic everyone should be intimate with, so how can CIOs lead digital transformation strategies while considering and demonstrating the value of digital risk management? Read our guest blog by leading CIO, Philip Clayson.


Quantifying your Cyber Risk: Measuring What Matters

The current pandemic has heightened focus on cybersecurity as workers shift to remote and disparate working environments creating new opportunities for malicious actors and increasing the likelihood of a cyber breach. Read this blog to find out how you can use cyber intelligence to protect your business.

Cyber Risk Trends that will dominate in 2020

As we embark on a new year and new decade, it is important that we reflect on the lessons of 2019 to drive our future strategies. Read this blog to see some of the trends and tips we've identified for managing cyber risks over the coming year. 


Automate BCM to increase business resilience

Read this whitepaper to find out how you can use STREAM to automate different elements of the BCM process.

Can risk management help you avoid sending an IOU to the ICO?

Read this blog to find out how robust privacy and cyber risk management can help you demonstrate GDPR compliance.

Why should CISOs be quantifying cyber risk?

Cyber security has become a boardroom issue and so there is an increasing need for cyber risk to be measured and reported in financial terms. Read this blog for more details.

Three ways to attain value from cyber risk management in 2019

This blog outlines three ways which will allow you to attain the most value from your cyber risk management processes over the next year.

As GDPR starts to bite, make sure that your risk management is in order

This white paper highlights the importance of demonstrating a diligent risk-based approach to handling of personal data.


A Risk-based Approach to Cyber Security

This white paper describes how you can implement, and show evidence of a risk-based approach to cyber security. Regulations such as EU GDPR, and standards such as ISO 27001 require a risk-based approach to cyber security but this can often be a challenge for organisations so Simon Marvell identifies 7 requirements for a risk-based approach to cyber security.

Want to know more? Register here to watch our 'Risk-based Approach to Cyber Security' webinar on-demand. 


The Real and Present Threat of a Cyber Breach Demands real-time Risk Management

This paper argues that due to the high level of threat there is an urgent need for organizations to truly understand their cyber security risk status so that, where necessary they can take urgent remedial actions to rectify weaknesses.   If there isn’t sufficient visibility of cyber security risk status, organizations won’t be able to manage cyber security risks and they will almost certainly suffer a breach.

Simon Marvell shows how to model cyber security threats and controls, measure risk status and react to change with examples using publically available expert content, such as the annual Verizon Data Breach Investigations reports and the SANS Top 20 Critical Security Controls for Cyber Defense.


We need to move on from Spreadsheets for Compliance and Risk Management

An article by Simon Marvell, describing why spreadsheets have been so popular with compliance and risk management along with the problems. Explaining the benefits of new alternative approaches to the issue.

A Blueprint for an Enterprise Information Security Assurance System

This paper describes a blueprint for Enterprise Information Security Assurance Systems (ISO 27001) but the principles are applicable to any management system solution, including Quality Management Systems (ISO 9000 series), Environmental Management Systems (ISO 14000 series), Occupational Health & Safety Systems (ISO 18000 series) and Business Continuity Management Systems (BS 25999 series). 

Risk Management need to start giving Executives what they want

This paper argues that the risk management industry is currently failing business managers because it is not giving them the information that they need to manage risk effectively. The vast majority of avoidable business disasters or failures occur because those executives with the power to take action to avoid or mitigate the risks aren’t aware of the true risks. The paper goes on to describe a new risk management framework for giving executives the information that they need, based around the three key attributes of: valuable information; ease of use; and, flexibility. Giving Executives the information that they really need.  To view the paper please select the link below.

Complete Information Risk Management Solution

IRAM is a business-led information risk analysis methodology used widely by ISF members.  IRAM provides tools for business impact assessment, threat and vulnerability assessment and control selection.  However, it is not an integrated web-based solution and does not provide tools for on-going monitoring and reporting of risk status or workflow for managing the treatment of unacceptable risks.  This paper describes how IRAM can be used easily with Acuity’s STREAM GRC software to provide a complete information risk management solution for ISF members.

Onsite or web training needed?

Please contact us to discuss your requirements.