Tag: Risk Management

Search
Password Security

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names, and passwords, the passwords themselves aren’t usually sitting out in plain sight. Typically, the passwords will be cryptographically hashed. Hashing a password takes a string of any length (the password

Read More
IRC Blog

Who Should Be On Your Information Risk Council

The Information Risk Council (IRC), also known as the Risk Governance Council or Security Steering Committee, is a key component of an effective security program especially if aligned with ISO 27001 or SOC 2. This committee helps establish the vision for the organization’s security program, drives the strategy, and sets

Read More
GRC Program Blog

Implementing Continuity in Your GRC Program

Every company must deal with governance, risk, and compliance. Often abbreviated as GRC, this business function is responsible for ensuring that major risks are addressed, required compliance initiatives have been investigated, and the organizational structure supports these objectives. GRC Program Continuity Events Continuity events are typically thought of as natural

Read More
GRC Tool Blog

4 Benefits of a GRC Tool

A GRC tool can help an organization manage its governance, risk, and compliance program. But why use a GRC tool instead of managing your GRC program manually? GRC tools can be invaluable for teams that are working with multiple frameworks, managing a wide array of risks, or want more transparency

Read More

Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word “audit” in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If

Read More

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today. On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world.

Read More
CISSP Advices for Studying and Passing

Advice for Studying and Passing the CISSP Exam

This past week I sat for the (ISC)2 CISSP exam and passed on my first attempt! With the entire preparation and test taking experience still fresh on my mind, I felt I should take time to document my experience and study approach similar to when I sat for the CISA

Read More