Risk Management Archives

Who Should Be On Your Information Risk Council

The Information Risk Council (IRC), also known as the Risk Governance Council or Security Steering Committee, is a key component of an effective security program especially if aligned with ISO [...]

By Phillip Lee|2021-08-24T13:58:15+00:00August 23rd, 2021|Cyber Risk Management|0 Comments

Implementing Continuity in Your GRC Program

Every company must deal with governance, risk, and compliance. Often abbreviated as GRC, this business function is responsible for ensuring that major risks are addressed, required compliance initiatives have been [...]

By Kendall Morris|2021-05-24T17:11:30+00:00May 24th, 2021|IT Audit and Compliance|0 Comments

4 Benefits of a GRC Tool

A GRC tool can help an organization manage its governance, risk, and compliance program. But why use a GRC tool instead of managing your GRC program manually? GRC tools can [...]

By Kendall Morris|2022-06-28T15:22:01+00:00May 3rd, 2021|Cyber Risk Management|0 Comments

Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word "audit" in the same [...]

By Jack Nguyen|2020-01-23T16:04:08+00:00December 2nd, 2019|ISO 27001 Compliance, IT Audit and Compliance, Regulatory Compliance|0 Comments

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today. On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to [...]

By Asher Andree|2021-03-31T13:59:14+00:00November 25th, 2019|Cyber Risk Management, Penetration Testing|1 Comment

Simplified Guidance on Developing a Cyber Security Baseline for the CIO and CTO

Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.

By Christian Hyatt|2023-06-06T14:07:42+00:00December 31st, 2018|CISO Discussions, Cyber Risk Management|0 Comments

How to Turn the Risk Committee Meeting into the Most Valuable Meeting on Your Calendar

Mention "Risk Committee" or "Enterprise Risk" to upper management and you will probably get an eye role. If you suggest a standing meeting about risk - it might get you [...]

By Christian Hyatt|2020-08-04T16:04:30+00:00April 23rd, 2018|CISO Discussions, Cyber Risk Management, IT Audit and Compliance|0 Comments

Advice for Studying and Passing the CISSP Exam

This past week I sat for the (ISC)2 CISSP exam and passed on my first attempt! With the entire preparation and test taking experience still fresh on my mind, I [...]

By Christian Hyatt|2023-09-26T14:09:14+00:00June 10th, 2016|Cyber Risk Management, IT Audit and Compliance|5 Comments

IT Audit Techniques – Inquiry, Observation, Inspection

The first thing I try to explain to new auditors (or clients going through an audit for the first time) is what techniques IT auditors use to audit. Most people [...]

By Christian Hyatt|2020-08-27T17:37:03+00:00April 13th, 2015|IT Audit and Compliance|1 Comment

Advice for Taking the CISA Exam

This past December I took the ISACA CISA exam and I’m pleased to announce that last week, I got my confirmation letter stating that I passed in the top 10 [...]

By Christian Hyatt|2020-12-03T21:00:40+00:00January 22nd, 2015|IT Audit and Compliance|29 Comments

12 Next