We’ve discussed risk management and its complexity–what goes into it, what frameworks you can use, and how different forms of analysis and visualization can help you assess it effectively.  But let’s pump the brakes a little. Have you thought about what to do about your risk profile? Do you know how to approach risk as… Read More

We started our series on risk management a few weeks ago by introducing the concept of risk. One of the general stereotypes about risk is that it lacks some discreteness of security compliance–it doesn’t lend itself to checklists or paint-by-numbers approaches. This is, overall, a good thing, but can prove challenging for enterprises not ready… Read More

In the increasingly interconnected and complex world of business technology, many organizations are grappling with the challenges related to insecure integrations and agreements. The rise of technology service models, managed service providers (MSPs) and SaaS apps introduce compliance and risk management issues almost faster than businesses can keep up.  Thus, a new discipline has evolved:… Read More

We’ve previously discussed the importance of risk management, and the challenges that come from approaching risk through large-scale frameworks. According to an abstract framework, many organizations aren’t necessarily equipped to mobilize far-ranging risk assessments.  Here, we’ll discuss a compromise to combine the best of both worlds: standards-based risk management.  

Risk management is quickly becoming the foundation for most security and compliance standards. And this is for good reason–complex security threats based on modern technology and the interoperability of extensive cloud-based infrastructure aren’t going to be held at bay through ad hoc implementation of technology.  Risk doesn’t have to be an amorphous and ill-defined process,… Read More

Risk management is a term bandied about by a lot of experts. It’s critically important, of course, but it is also a catch-all for security terms that may not seem to apply directly to immediate, regulatory security.  So, when insider threats come up, it becomes challenging to parse out how security and risk help address… Read More

In our previous article, we discussed the concept of risk management–what it is and why it’s important.  However, risk management in cybersecurity isn’t new, and many organizations are working towards normalizing risk as an approach for comprehensive cybersecurity and compliance efforts.  While this move is a good one, we also find that many organizations will… Read More

Part 1: Risk and Security in Modern Systems “Risk “is a term gaining real traction in any industry where cybersecurity regulations impact businesses. Many frameworks and regulations are turning to risk management as a proactive and comprehensive approach to security management. This shift can mean big changes for enterprises that aren’t generally considering risk as… Read More

With the Department of Defense unveiling CMMC version 2.0 last November, many contractors breathed a sigh of relief. The relaxed assessment requirements and streamlined structure signaled a willingness from the DoD to work with assessors and contractors to find a way to promote security over Controlled Unclassified Information (CUI) without making the process harder than… Read More

The Healthcare Insurance Portability and Accountability Act (HIPAA) is one of the more complex regulations in the U.S., due in no small part to the complicated and open-ended nature of the law.  What should companies do? In this case, covered organizations are turning to risk-based assessments to help them support their security approaches.  Here, we… Read More

The increasing use of cloud vendors and third-party providers has made advanced IT infrastructure and expertise available even to smaller organizations. It has also created an interconnected ecosystem of businesses, government agencies, utility firms and managed service providers (MSPs) that can potentially compromise security across multiple systems.  If you’re a managed service provider, it’s your… Read More

After several delays and timeline shifts to accommodate vendor and auditor feedback, the Payment Card Industry Security Standards Council will release the newest version of the framework, PCI DSS 4.0. This standard, expected to launch at the end of March 2022, will fundamentally alter some key components of the framework to help support payment acceptance… Read More