Tag Archives: managing risk

Cyber Insurance Carriers Are Insuring the Wrong Thing

By Chris CroninCyber insurance is rapidly becoming a staple for cyber security risk management. Organizations are increasingly transferring cyber security risk to insurance carriers who will cover costs that result from a cybersecurity breach.

Social Distancing. Social Engineering.

COVID-19 – Social distancing, remote working, telecommuting, staying-at-home – changes to our working environment can expose security vulnerabilities, especially social engineering. Bad actors view our increased digital activities as an opportunity to attack. Remind your teams of your cyber security policies and procedures.

RSA 2019: BETTER Connecting. Collaborating. Confiding.

Cybersecurity in this day and age is a collective effort.   Its also a moving target as attack strategies, exploits and malware strains are constantly changing.  To effectively protect users, data and capital investments from the bad guys, we  continually enhance security strategies and tools with developing industry trends.  For just as attack vectors evolve, […]

We Just Gave Away Our Cyber Security Intellectual Property. It was the right thing to do.

Why a Chicago-Based Cyber Security Firm Just Released its Prized IP. By Chris Cronin, ISO 27001 Auditor, Partner

REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS

REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security […]

Lessons in Risk Management: What We Should Learn from the FAA Fire

Author: Chris Cronin, ISO 27001 Auditor Too often in information security we focus on the confidentiality of personal information, ignoring the damage that can result from failures in integrity and availability. In fact, this is the main driver of much of our information security spending in the U.S. But the proper function of information and communications […]

Common Hazards in Risk Management: The Selfish Risk Assessment

Information security laws and regulations are telling us to conduct risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us and don’t understand […]