Critical Capabilities of IT Risk Management Tools
Risk management is rapidly becoming the foundation of organizational security efforts, replacing checklist compliance as a cornerstone of a successful security program. This shift has come from the unique configuration of technologies specific to a given organization that industry or geographic regulations were not designed to accommodate. The shift to ... Read More
What is Cyber Risk Management
Risk management is a fundamental component of any successful organization and has been since the dawn of corporations as we know them. The primary function of risk management as a whole is to allow business leaders to determine the best course of action based on the probability of a given ... Read More
What is NIST SP 800 30
The National Institute of Standards and Technology’s Cybersecurity Framework (CSF) is known in cybersecurity as the gold standard framework for computer security guidance, it can assess and improve an organization’s ability to prevent, detect, and respond to cyber-attacks. The NIST Risk Management Framework is the framework used to conduct risk ... Read More
Cybersecurity Maturity Model Certification Starts with DFARS 800-171
Why DFARS / NIST SP 800-171? A few years back, the United States Department of Defense (DoD) released a new regulation, a Defense Federal Acquisition Regulation Supplement, or “DFARS” (DFARS 252.204-7012), which aimed to bolster cybersecurity in the Defense Industrial Base (DIB) by setting clear requirements outlined in the National ... Read More
GRC Software and the Impact of Integrated Risk Management
In recent years, the use of integrated risk management (IRM) as a methodology has become widely adopted to help orchestrate and centralize business continuity and functionality. This comes in light of the realization that traditional governance, risk management, and compliance tools (GRC) are incredibly outdated for the needs of today’s ... Read More
What is GRC
Governance, Risk, and Compliance before GRC The idea of GRC (Governance, Risk Management, and Compliance), has been fundamentally integrated into the idea of how a business should be run for centuries. While it hadn’t been officially acknowledged as a solution with a name, it was in implementation on every level ... Read More
Cybersecurity Maturity Model Certification Domains Explained
The Department of Defense (DoD)’s Cybersecurity Maturity Model Certification (CMMC) is the newest iteration of the DoD’s effort to protect controlled unclassified information (CUI) the defense industrial base (DIB) and the DoD’s supply chain. Building on the NIST SP 800-171 control set, the CMMC is a tiered scoring system ranging ... Read More
Tools for expanding NERC CIP across the Enterprise
Scaling the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance requirements across an enterprise can be a daunting task. With an ever-expanding list of assets in both IT and OT that need to be accounted for, even the most experienced CISO can become overwhelmed with the complexities ... Read More
