Category: Cyber Risk Management

senior leaders managing red team exercise

How Senior Leaders Navigate the World of Red Team Exercises

Cybersecurity threats have become increasingly sophisticated and pervasive. As a senior leader, it is crucial to ensure that your organization has robust defenses in place to protect its sensitive data and systems from potential breaches. One powerful way to assess the effectiveness of these security measures is by regularly conducting

Read More
Password Security

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names, and passwords, the passwords themselves aren’t usually sitting out in plain sight. Typically, the passwords will be cryptographically hashed. Hashing a password takes a string of any length (the password

Read More
Security Update

Update on the Apache Log4j Vulnerability

A remote code execution vulnerability (CVE-2021-44228) in the Apache Log4j 2 Java library was announced on December 9th, 2021. The vulnerability has been assigned a Base Score of 10.0 Critical, the highest possible score.  The vulnerability is easily exploited, and proof of concept exploit code was published in the public

Read More
Fix It Gif

VCISO: How We Help “Fix It” the risk3sixty Way

In the vCISO service line at risk3sixty, we see early on in engagements that many of our clients have found themselves caught in a break/fix cycle, which reminded me of an old SNL skit. If you’re not familiar with Saturday Night Live, it’s a sketch comedy show that has a

Read More
Mobile Device Management Blog

Mobile Device Management Deep Dive

For most of my career, I’ve been responsible for environments that have leaned heavily on Mobile Device Management (MDM) to help facilitate, drive, and streamline business objectives. Much of this experience has involved vetting, implementing, customizing, and maintaining various MDM platforms, and the devices they manage, to meet these objectives.

Read More
Incident Response Plan Blog

The Business Case for an Incident Response Program

The vCISO Advantage At Risk3Sixty, one of the critical components we focus on with each of our vCISO clients is their incident response program (IRP). The information security professionals working in our vCISO service line help your business fulfill its certification and compliance objectives. But, more importantly, our key focus

Read More
Risk Assessment Report Blog

What to Do After Getting Your Risk Assessment Report

So, your security team or risk management consultants have finalized your risk assessment report, calling out risks and opportunities the organization faces. The report could be aligned with one of a dozen frameworks, including NIST 800-30, ISO 27005, or HIPAA, yet the next steps are still the same. Your company

Read More
Risk Assessment Blog

Who Should Be Interviewed During the Risk Assessment?

If you have read one of our previous posts around risk assessments, you probably have a good idea of why a risk assessment matters. You’re probably also familiar with compliance requirements in frameworks such as HITRUST, ISO 27001, or SOC 2. A key component of performing a value-added risk assessment

Read More
IRC Blog

Who Should Be On Your Information Risk Council

The Information Risk Council (IRC), also known as the Risk Governance Council or Security Steering Committee, is a key component of an effective security program especially if aligned with ISO 27001 or SOC 2. This committee helps establish the vision for the organization’s security program, drives the strategy, and sets

Read More
GRC Blog

A GRC Tool is Not a GRC Program

A GRC tool can provide many benefits to your GRC program, as we’ve discussed before. However, before you go chasing shiny objects, you must understand what a GRC program is and how a GRC tool fits into the program. Defining a GRC Program A Governance, Risk, and Compliance (GRC) program

Read More