Controls assurance gives confidence to business leaders and other stakeholders that business objectives will be achieved within a tolerable level of risk. In this blog, we discuss how organizations can successfully reduce risk using the COSO framework.
Executive leadership knows that these risks must be managed, but wants reassurance that mitigation efforts are implemented efficiently and effectively. This requires a systematic understanding of the controls in place to guard against threats. In this blog, we discuss the necessity of an integrated, risk-based controls system.
No matter how securely an organization guards itself against cybersecurity attacks, it’s vulnerable if vendors haven’t taken similar precautions. In this blog, we review high-profile cyberattacks that were due to third-party relationships and what can be learned from them.
It’s sobering to think about those numbers and the amount of risk businesses are accepting from their supply chain. How do you make sure your supply chain doesn’t become the weakest link in your risk management strategy?
It only takes is a single blind spot or vulnerability for your organization to be at risk. With thousands of vulnerabilities, how can organizations protect themselves and avoid disruptions to crucial business operations?
While vulnerability scanning tools help you identify vulnerabilities, they don’t help with the management of them. So how can organizations attain actionable insights to create an effective mitigation plan?
Digital transformation’s opportunities come with new risks, particularly when it comes to cybersecurity and data protection. This promises to exacerbate already widespread problems around risk and risk management, which is typically treated as a necessity; a mere cost center, instead of an area for opportunity. So How and why should we change the mindset towards risk during digital transformation?
By 2021, Gartner projects that 50 percent of enterprise risk management strategies within large organizations will involve an IRM solution, and that the market will reach $8 billion annually. So what are the benefits of IRM?
With so many different solutions in the market, finding the right one can be challenge. Read this blog to find out what you need to consider when evaluating different risk management solutions.
Our experience says there are 4 keys to building a holistic risk management strategy aimed at creating a resilient business. Read this blog to find out what you need to consider.
If GRC isn’t enough, what is needed to address modern risk and compliance challenges? Read this blog to learn more.
You wouldn’t try to do bookkeeping in a journal anymore, so why would you try to manage risk and compliance on a spreadsheet? Like everything else in the digital era, GRC must adapt - read this blog to find out why and how.
Digital cyber risk in an increasingly digital landscape is a topic everyone should be intimate with, so how can CIOs lead digital transformation strategies while considering and demonstrating the value of digital risk management? Read our guest blog by leading CIO, Philip Clayson.
The current pandemic has heightened focus on cybersecurity as workers shift to remote and disparate working environments creating new opportunities for malicious actors and increasing the likelihood of a cyber breach. Read this blog to find out how you can use cyber intelligence to protect your business.
As we embark on a new year and new decade, it is important that we reflect on the lessons of 2019 to drive our future strategies. Read this blog to see some of the trends and tips we've identified for managing cyber risks over the coming year.
Read this whitepaper to find out how you can use STREAM to automate different elements of the BCM process.
Read this blog to find out how robust privacy and cyber risk management can help you demonstrate GDPR compliance.
Cyber security has become a boardroom issue and so there is an increasing need for cyber risk to be measured and reported in financial terms. Read this blog for more details.
This blog outlines three ways which will allow you to attain the most value from your cyber risk management processes over the next year.
This white paper highlights the importance of demonstrating a diligent risk-based approach to handling of personal data.
This white paper describes how you can implement, and show evidence of a risk-based approach to cyber security. Regulations such as EU GDPR, and standards such as ISO 27001 require a risk-based approach to cyber security but this can often be a challenge for organisations so Simon Marvell identifies 7 requirements for a risk-based approach to cyber security.
Want to know more? Register here to watch our 'Risk-based Approach to Cyber Security' webinar on-demand.
This paper argues that due to the high level of threat there is an urgent need for organizations to truly understand their cyber security risk status so that, where necessary they can take urgent remedial actions to rectify weaknesses. If there isn’t sufficient visibility of cyber security risk status, organizations won’t be able to manage cyber security risks and they will almost certainly suffer a breach.
Simon Marvell shows how to model cyber security threats and controls, measure risk status and react to change with examples using publically available expert content, such as the annual Verizon Data Breach Investigations reports and the SANS Top 20 Critical Security Controls for Cyber Defense.
An article by Simon Marvell, describing why spreadsheets have been so popular with compliance and risk management along with the problems. Explaining the benefits of new alternative approaches to the issue.
This paper describes a blueprint for Enterprise Information Security Assurance Systems (ISO 27001) but the principles are applicable to any management system solution, including Quality Management Systems (ISO 9000 series), Environmental Management Systems (ISO 14000 series), Occupational Health & Safety Systems (ISO 18000 series) and Business Continuity Management Systems (BS 25999 series).
This paper argues that the risk management industry is currently failing business managers because it is not giving them the information that they need to manage risk effectively. The vast majority of avoidable business disasters or failures occur because those executives with the power to take action to avoid or mitigate the risks aren’t aware of the true risks. The paper goes on to describe a new risk management framework for giving executives the information that they need, based around the three key attributes of: valuable information; ease of use; and, flexibility. Giving Executives the information that they really need. To view the paper please select the link below.
IRAM is a business-led information risk analysis methodology used widely by ISF members. IRAM provides tools for business impact assessment, threat and vulnerability assessment and control selection. However, it is not an integrated web-based solution and does not provide tools for on-going monitoring and reporting of risk status or workflow for managing the treatment of unacceptable risks. This paper describes how IRAM can be used easily with Acuity’s STREAM GRC software to provide a complete information risk management solution for ISF members.