Tag Archives: Risk Assessment

VULNERABILITY SCANS AND RISK ASSESSMENTS: KNOW YOUR AUDIENCE

By Chris Cronin, ISO 27001 Auditor, Partner Cybersecurity is no longer a concern for just internal IT. All levels of the organization today should have a keen awareness and involvement when it comes to cybersecurity.  That level of engagement should start at the top within the corporate boardroom

How to Secure Your Assets from Cyber Sewage

There I was, ankle deep in raw sewage, incredulous that for the second time this summer, my basement was filling up with foul smelling murky waste. As I looked hopelessly at my wife while the water level continued to rise, I angrily thought to myself, “What else can I do?” Didn’t I shell out some […]

Vendor Risk Management Hype Extends Beyond Target®

Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management.  After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant […]

Common Hazards in Risk Management: The Selfish Risk Assessment

Information security laws and regulations are telling us to conduct risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us and don’t understand […]

Your Policies Can Hurt You, Part 1: The Importance of Well-Tailored Instructions

Managers often think about compliance in terms of policies. There is something concrete, achievable and finite about them. And they are required by laws and regulations for protecting information and systems. But too often managers think of policies as a finish line for compliance. Need to be compliant? Then write a bunch of new policies […]

While Technological Security Risks Are a Possibility, Management Security Risks are a Certainty

Most of my information security focus these past few years has concentrated on management and governance, but this was not always the case. I came into this profession as a technologist and manager who focused on team building, turn-arounds and doing a lot with few resources. But as my career moved from technology operations to security […]

Risk Acceptance Levels: Managing the Lower Limits of Security Costs

Last week I presented a topic here at Halock’s blog site on the Hand Rule, also known as the “Calculus of Negligence.” The basic message of the post was that we can use information risk assessments to help us keep our security costs to a reasonable level, but only by describing how we would arrive […]