Update on the Apache Log4j Vulnerability
A remote code execution vulnerability (CVE-2021-44228) in the Apache Log4j 2 Java library was announced on December 9th, 2021. The vulnerability has been assigned a Base Score of 10.0 Critical, [...]
VCISO: How We Help “Fix It” the risk3sixty Way
In the vCISO service line at risk3sixty, we see early on in engagements that many of our clients have found themselves caught in a break/fix cycle, which reminded me of [...]
Mobile Device Management Deep Dive
For most of my career, I’ve been responsible for environments that have leaned heavily on Mobile Device Management (MDM) to help facilitate, drive, and streamline business objectives. Much of this [...]
The Business Case for an Incident Response Program
The vCISO Advantage At Risk3Sixty, one of the critical components we focus on with each of our vCISO clients is their incident response program (IRP). The information security professionals working [...]
What to Do After Getting Your Risk Assessment Report
So, your security team or risk management consultants have finalized your risk assessment report, calling out risks and opportunities the organization faces. The report could be aligned with one of [...]
Who Should Be Interviewed During the Risk Assessment?
If you have read one of our previous posts around risk assessments, you probably have a good idea of why a risk assessment matters. You’re probably also familiar with compliance [...]
Who Should Be On Your Information Risk Council
The Information Risk Council (IRC), also known as the Risk Governance Council or Security Steering Committee, is a key component of an effective security program especially if aligned with ISO [...]
A GRC Tool is Not a GRC Program
A GRC tool can provide many benefits to your GRC program, as we’ve discussed before. However, before you go chasing shiny objects, you must understand what a GRC program is [...]
4 Benefits of a GRC Tool
A GRC tool can help an organization manage its governance, risk, and compliance program. But why use a GRC tool instead of managing your GRC program manually? GRC tools can [...]
How to Perform a Risk Assessment (Part 2)
After you perform a risk assessment, what do you do with the results? Find out the answers to that and other common risk assessment questions in part 2 of this series! [...]