All businesses, job roles, departments and functions require performance management. Security is no different and this is now being seen as critical within the compliance and audit functions as part of the management of cyber risk.
Read MoreThe area of cyber security is one that is inundated with research and statistics – every year there are various “state of information security” surveys or “breach reports” including from organisations such as Verizon (The breaches), PwC (The cyber threats) and CIISec (The security industry survey).
Read MoreThe Cybersecurity Maturity Model Certification (CMMC) is a US initiative lead by the Office of the Assistant Secretary of Defense for Acquisition within the Department of Defense (DoD). It imposes requirements on DOD contractors and subcontractors to help safeguard information within the US Defense supply chain. This post is the second in a series where we analyse the CMMC and look at how you might achieve compliance or use it as a basis of your own information security programme. You can read the first post that gives an overview of CMMC, here.
Read MoreCyber security and regulatory compliance are frequent bedfellows. If compliance standards aren’t specifically driving security adoption, they are affecting wider areas, such as GDPR and privacy, which significantly impacts on security.
Read MoreThe importance of accurately identifying and communicating a business’s risk exposure has never been more critical. This is particularly true for audit and security managers who undertake cyber security audits.
Read MoreSecurity risks are prevalent in most organisations, yet the consistent management of all technical, process and personnel-related security problems can be difficult as multiple teams are often identifying and mitigating them. In a bid to address this, many organisations are now fusing their risks management technologies and approaches into one Integrated Risk Management (IRM) solution comprising the platforms and processes needed to unify this critical business function.
Read MoreAn increasing number of regulations and standards across many different industries are stipulating the cyber security controls that should be implemented by businesses and governments to protect their information. A recent collaboration between the Monetary Authority of Singapore (MAS) and the Bank of England (BofE) has seen them develop best practices for supervising cyber risk in banks and financial organisations. Standards are a great way to consistently explain the security target organisations should strive for, where they have a requirement to protect sensitive information like credit card numbers and personally identifying information. However, the issues relating to achieving cyber security compliance almost put the targets out of reach.
Read MoreAustralia’s Federal Government Attorney-General’s Department is taking a new approach to cyber security audits when assessing cybersecurity preparedness in government. Until recently, each department’s security controls were audited against the Protective Security Policy Framework (PSPF), with adherence to controls recorded as either a yes or no answer.
Read MoreSqueaky clean cyber hygiene has never been more important. Several Victorian hospitals in Australia were recently hit by a ransomware attack, causing many of their most important administrative systems to be shut down to prevent the malware from spreading. Included in those areas of the business affected by this attack were systems running their financial management, internet and email services, many of which have taken over a week to restore.
Read MoreCyber security is one of the largest and most critical risks facing businesses. It has had continued and increasing attention not only from within the IT security function itself but from the wider business at board level.
Read More