Vendor Management Spreadsheet

Recently, I’ve been working on developing an easy way for smaller and medium sized clients manage their Vendors and perhaps more importantly track which Vendors present the most risk. One of the more challenging exercises has been thinking through two things:

1. What are elements that would make a given Vendor risky;
2. What weight to I assign to each risk; and
3. What […]

By |2020-01-17T21:26:28+00:00May 28th, 2015|Cyber Risk Management|2 Comments

Data in Transit- Bridging the Gap between Data Owners and Custodians

Ensuring both the integrity and confidentiality of data as it traverses an organization’s internal network and beyond can be complex, especially when attempting to bridge the gap between the Data Owner and Data Custodian, who typically view the organization from very different angles.

This presents the IT auditor with a great opportunity to act as the liaison between Data Owners and Data […]

Top 10 IT Risk Frameworks and Resources

I have an entire folder full of risk frameworks that I draw from for inspiration when I’m performing a risk assessment or internal audit project. Here’s a few links that I hope you find helpful.

If you have something useful not listed below please share in the comments!

NIST Cybersecurity Framework Here
NIST Cloud Computing Framework Here
NIST Computer […]
By |2020-01-17T21:26:28+00:00May 7th, 2015|Cyber Risk Management|3 Comments