Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

riskoptics

Setting Objectives with ISO 27001's ISMS: A Strategic Overview

Mar 31, 2024 By RiskOptics In RiskOptics
ISO 27001 is an international standard specifying how organizations should develop and implement an effective information security management system (ISMS). Organizations can apply ISO 27001 to manage their information security risks and be certified as ISO 27001-compliant. The measures to achieve compliance are specified in Annex A of the standard; organizations should select and apply the necessary controls to safeguard their stakeholders based on their own company risk profile.
Read Post
riskoptics

Creating an Efficient Document Repository for Compliance

Mar 31, 2024 By RiskOptics In RiskOptics
Modern organizations have huge demands for regulatory compliance, which means a huge amount of documentation that your business must generate and manage to show that it is fulfilling those compliance obligations. As such, a document management system is crucial for an effective compliance program. This article will review what document management systems should be able to do, common challenges in building a document management system, and how to get started with doing so.
Read Post
upguard

Third-Party Vendor Risk Management in U.S. Treasury Operations

Mar 29, 2024 By Leah Sadoian In UpGuard
The U.S. Treasury, also known as the Department of the Treasury, manages the finances of the U.S. government. This department has various duties, including maintaining the economic stability of the United States, managing government finances, and implementing policy decisions that impact both domestic and international affairs. Like most large organizations, the U.S.
Read Post
upguard

TPRM for Government Contractors: General Services Administration Policies

Mar 29, 2024 By Leah Sadoian In UpGuard
The U.S. General Services Administration (GSA) is an independent agency that helps manage and support the basic functioning of federal agencies. The GSA supplies products and communications, provides transportation and office space, and oversees the government’s real estate portfolio, among other management tasks.
Read Post
upguard

UpGuard Summit March 2024 Recap: Scaling Your TPRM Program

Mar 28, 2024 By UpGuard Team In UpGuard
In mid-March, UpGuard welcomed security professionals from APAC, EMEA, India, and the U.S. to participate in the first UpGuard Summit of 2024. This quarter’s event focused on third-party risk management (TPRM), specifically addressing how organizations can scale their TPRM programs to meet their evolving needs and defend their growing attack surfaces.
Read Post
riscosity

Vendor Risk Management: Benefits, Process, Software, and Tools

Mar 28, 2024 By Anirban Banerjee In Riscosity
Vendor risk management (VRM) is a process that helps businesses manage the risks associated with their vendors. This includes assessing how well their vendors are performing, identifying potential problems early, and taking appropriate action to mitigate any damage.
Read Post
kovrr

Quantifying NIST CSF Maturity Levels for Data-Driven Cyber Programs

Mar 27, 2024 By Kovrr In Kovrr
Cybersecurity maturity assessments play a fundamental role in helping chief information security officers (CISOs) determine the level of risk their organizations face due to cyber activity. By illuminating the various areas that are exposed to exploitation, these evaluations serve as a blueprint for cybersecurity leaders tasked with making the business secure amid an increasingly risky operational landscape.
Read Post
SecurityScorecard

Breaches Beyond Borders: The global landscape of third-party risk

Mar 27, 2024 By SecurityScorecard In SecurityScorecard
While the digital landscape evolves, cyber adversaries are also honing their tactics, techniques, and procedures. In recent years, ransomware groups have made major disruptions to the digital supply chain and, by extension, the world economy. What’s more, organizations in all industries and geographies continue to grapple with third-party threats, zero-day vulnerabilities, and more.
Read Post

What Does a Solid VM Ticketing Workflow Actually Look Like?

Mar 27, 2024 By Nucleus In Nucleus
In this webinar, Scott Kuffer discusses the challenges and best practices of vulnerability management workflows and ticketing. He emphasizes the discrepancy between vulnerability management teams' priorities and the priorities of the business as a whole. Scott explores different ticketing workflows, starting with basic vulnerability-based tickets and progressing to more advanced options such as asset-based, team-based, and action-based tickets. He highlights the benefits of automating ticket creation and reporting, as well as the potential for redefining how vulnerability management is approached within organizations.
View Video
securitysenses

Understanding the Vital Importance of Security Awareness in Today's Digital World

Mar 26, 2024 By SecuritySenses In SecuritySenses
The IT security awareness training is organized to educate individuals to recognize and avoid cyber threats, aiming to prevent or minimize damage to your company while reducing human errors. By promoting a security-first policy and educating all employees on protecting personal and company data, your company can prevent those threats.
Read Post
Subscribe to Risk Management

Copyright © 2024 OpsMatters™. All rights reserved.