Audit, Cybersecurity, Evaluation and Risk Management

New from the IIA: Global Internal Audit Standard to Replace the IPPF

LogisManager

FEBRUARY 20, 2024

New from the IIA: Global Internal Audit Standard to Replace the IPPF Last Updated: February 20, 2024 The International Professional Practices Framework (IPPF) serves as the cornerstone for authoritative guidance from The IIA, offering internal audit professionals worldwide both mandatory and recommended guidance.

Audit

Audit Evaluation Government Cybersecurity

A Guide to Completing an Internal Audit for Compliance Management

Reciprocity

DECEMBER 20, 2022

Learn the best way to complete an internal audit for your compliance management program. The Basics of Internal Audits. Internal audits assess a company’s internal controls, including its governance, compliance, security, and accounting processes. What Is the Purpose of an Internal Audit?

Audit

Audit Management Evaluation Activation

How to Navigate the Cybersecurity Minefield of Remote Work

LogisManager

MARCH 19, 2024

How to Navigate the Cybersecurity Minefield of Remote Work Last Updated: March 19, 2024 While the debate over the productivity of employees working from home continues to rage, another factor that requires special attention in a hybrid or fully remote company is workplace cybersecurity. What Cybersecurity Risks Do Remote Workers Face?

Cybersecurity

Cybersecurity Risk Management Vulnerability Mitigation

How to Navigate the Cybersecurity Minefield of Remote Work

LogisManager

MARCH 19, 2024

How to Navigate the Cybersecurity Minefield of Remote Work Last Updated: March 19, 2024 While the debate over the productivity of employees working from home continues to rage, another factor that requires special attention in a hybrid or fully remote company is workplace cybersecurity. What Cybersecurity Risks Do Remote Workers Face?

Cybersecurity

Cybersecurity Risk Management Vulnerability Mitigation

Adversarial Risk Management

FS-ISAC

NOVEMBER 8, 2021

You can hire a professional audit firm to benchmark the bucket against peer buckets. But these approaches rely on tenets based on traditional operational and financial risk management. While “close enough” works in asset management for financial inventory, it can quickly prove useless in cybersecurity.

Risk Management

Risk Management Management Audit Asset Management

Audit Checklist for SOC 2

Reciprocity

DECEMBER 21, 2022

If your company is a service organization and your customers trust you with their data, you may need to pass a SOC 2 (System and Organization Controls 2) audit. Compliance and certification are the goals of a SOC 2 audit. The SOC 2 compliance audit gives them that assurance. Develop a SOC 2 Audit Framework. What is SOC 2?

Audit

Audit Gap Analysis Security Cybersecurity

Silicon Valley Bank (SVB) Failures in Risk Management: Why ERM vs GRC

LogisManager

MAY 9, 2023

Silicon Valley Bank (SVB) Failures in Risk Management: Why ERM vs GRC By Steven Minsky | May 5, 2023 Silicon Valley Bank (SVB) was closed by regulators and reminded us of the recession associated with Lehman Brothers and Washington Mutual Bank in 2008. However, the evidence was inconclusive so their strategy continued unchanged.

Banking

Banking Risk Management Management Corporate Governance

What is Vendor Risk Management (VRM)? The Definitive Guide

Reciprocity

MARCH 24, 2022

Vendor risk management (VRM), a part of vendor management, is the process of identifying, analyzing, monitoring, and mitigating the risks that third-party vendors might pose to your organization. Third-party risk management begins with due diligence before signing a contract, as with any risk management program.

Risk Management

Risk Management Management Audit Cybersecurity

What Is Enterprise Risk Management & Its Importance

Reciprocity

NOVEMBER 5, 2021

Here’s where enterprise risk management (ERM) comes in. It helps you manage, minimize, and in some cases eliminate risks, to keep your organization safe and in business. Enterprise risk management is a holistic, disciplined approach to identifying, addressing, and managing an organization’s risks.

Risk Management

Risk Management Management Audit Strategic

5 Steps to Implement Enterprise Risk Management (ERM)

Reciprocity

MARCH 28, 2022

Enterprise risk management is critical for business success. The fundamental components of ERM are evaluating significant risks and applying adequate responses. Factor analysis of information risk (FAIR) provides a common risk mitigation vocabulary to help you to address security practice weaknesses.

Risk Management

Risk Management Management Mitigation Strategic

5 Steps to Implement Enterprise Risk Management (ERM)

Reciprocity

AUGUST 18, 2022

Enterprise risk management (ERM) is critical for success in the modern business landscape. Your ERM program should encompass all aspects of risk management and response in all business processes, including cybersecurity, finance, human resources, risk management audit , privacy, compliance, and natural disasters.

Risk Management

Risk Management Management Mitigation Strategic

The Colonial Pipeline Hack: Failure in Risk Management

LogisManager

MAY 20, 2021

Colonial Pipeline Hack: Failure in Risk Management. Risks for all business scandals, like the one at Colonial Pipeline, are always known months in advance, making the consequences preventable. With strong Enterprise Risk Management (ERM), nearly 100% of all liabilities can be avoided.

Risk Management

Risk Management Management Authentication Hospitality

What is Zero Trust Architecture?

Pure Storage

MAY 2, 2024

Modern threats have proven that traditional approaches are no longer sufficient in cybersecurity. How a Zero Trust Architecture Is Implemented A zero trust architecture (ZTA) is not a catchall in cybersecurity, but it is a vast improvement on traditional network security techniques. Why Is Zero Trust Architecture So Important Today?

Architecture

Architecture Authentication Audit Activation

Risk Assessment vs Risk Analysis

Reciprocity

APRIL 4, 2022

Although people often use the words “assess” and “analyze” interchangeably, the terms are not synonymous in risk management. A risk assessment forms the backbone of your overall risk management plan. What Is a Risk Assessment? Here are some others: Financial risk. Audit risk.

All-Hazards

All-Hazards Mitigation Risk Management Hazard

ISO 27001 Certification Requirements & Standards

Reciprocity

DECEMBER 21, 2022

If using an ISO audit software tool to achieve ISO certification is on your compliance roadmap, here’s a quick primer to get you up to speed and jumpstart your ISO compliance efforts. The 27001 standard provides requirements for businesses to implement and operate an Information Security Management System, or ISMS.

Audit

Audit Accreditation Gap Analysis All-Hazards

3 Steps to Prepare for 2024 and Beyond with the Risk Maturity Model

LogisManager

MAY 22, 2023

3 Steps to Prepare for 2024 and Beyond with the Risk Maturity Model The world is becoming increasingly complex and uncertain, and organizations must be prepared to face a wide range of risks that could impact their success. In uncertain times, it is crucial to have resources to analyze and demonstrate risks.

Risk Management

Risk Management Evaluation Banking Benchmark

3 Steps to Prepare for 2024 and Beyond with the Risk Maturity Model

LogisManager

MAY 22, 2023

3 Steps to Prepare for 2024 and Beyond with the Risk Maturity Model The world is becoming increasingly complex and uncertain, and organizations must be prepared to face a wide range of risks that could impact their success. In uncertain times, it is crucial to have resources to analyze and demonstrate risks.

Risk Management

Risk Management Evaluation Banking Benchmark

IRM, ERM, and GRC: Is There a Difference?

Reciprocity

AUGUST 24, 2022

The various niches of risk management have become a veritable alphabet soup of acronyms. As a result, we now have: Enterprise risk management (ERM). Governance, risk management, and compliance (GRC). Integrated risk management (IRM). The advent of the digital age is partly to blame.

Risk Management

Risk Management Audit Insurance Insurance

TSPs: Making the Case to Invest in Risk and Resiliency

Fusion Risk Management

SEPTEMBER 12, 2022

Yes, there are some aspects of technology and data protection that fall within the parameters of privacy and cybersecurity laws. A recent study by OCEG indicates that operational risk programs are viewed as unnecessary overhead by business units. Or, as so well articulated by the great British writer C. Contractual Obligations.

Resilience

Resilience Insurance Insurance Audit

Tips for Managing Third-Party Risk in Health Care

Reciprocity

SEPTEMBER 30, 2022

Such valuable data creates immense cybersecurity risks in healthcare. Third parties generate, manage, or hold this data, resulting in even more severe threats to healthcare organizations and their information security. This is why third-party risk management and healthcare data security are critical. Access to PII.

Healthcare

Healthcare Management Risk Management Vulnerability

The Difference Between Strategic and Operational Risk

Reciprocity

AUGUST 17, 2022

New technologies, increasing digitization, and evolving customer demands create risks that can disrupt operations, weaken cybersecurity, and harm the organization’s reputation or financial position – and above all, leave the organization unable to achieve its business objectives. Enterprise Risk Management (ERM).

Strategic

Strategic Risk Management Mitigation Evaluation

What Does a Compliance Management System Look Like?

Reciprocity

AUGUST 15, 2022

Specifically, a compliance management system looks like a collection of policies, procedures, and processes governing all compliance efforts. But as more companies use technology across all parts of the enterprise and more compliance requirements focus on cybersecurity, IT security is becoming an increasingly central part of the CMS.

Management

Management Audit Banking Risk Management

ISO 27001 Requirements Checklist: Steps and Tips for Implementation

Reciprocity

OCTOBER 1, 2022

The core of an ISMS is rooted in the people, processes, and technology through a governed risk management program. Be aware, however, that certification is evaluated and granted by an independent third party that conducts the certification audit. Technical vulnerability management is covered in Annex A.12.6,

Gap Analysis

Gap Analysis Audit Security Asset Management

Important KPIs for Successful Vendor Management

Reciprocity

AUGUST 24, 2022

Every risk management program should include risks posed by your vendors. Beware, however: vendor risk management is a complex process unto itself, requiring ongoing monitoring and measurement. What Are Vendor Risk Management Metrics? What Are the Most Common Vendor Risks? Cybersecurity.

Management

Management Risk Management Cybersecurity Strategic

What is Zero Trust Architecture?

Pure Storage

OCTOBER 23, 2023

Modern threats have proven that traditional approaches are no longer sufficient in cybersecurity. How a Zero Trust Architecture Is Implemented A zero trust architecture (ZTA) is not a catchall in cybersecurity, but it is a vast improvement on traditional network security techniques. Why Is Zero Trust Architecture So Important Today?

Architecture

Architecture Authentication Audit Activation

33 Data Privacy Week Comments from Industry Experts in 2023

Solutions Review

JANUARY 25, 2023

As part of Data Privacy Week (January 22-28) we called for the industry’s best and brightest to share their Identity Management , Endpoint Security , and Information Security comments. New systems will be a collection of smaller applications working harmoniously for better risk management and future outlook.

Government

Government Backup Application Security

Data Privacy Awareness Month 2024: Roundup of Expert Quotes

Solutions Review

FEBRUARY 1, 2024

We’ve seen US states such as California passing their own privacy laws and drafting detailed regulations on cybersecurity audits, risk assessments, and automated decision making privacy by design in practice a must-do to be able to effectively respond to the demands of augmented privacy regulatory frameworks.

Healthcare

Healthcare Security Cybersecurity Government

Data Privacy Day 2024: The Definitive Roundup of Expert Quotes

Solutions Review

JANUARY 28, 2024

We’ve seen US states such as California passing their own privacy laws and drafting detailed regulations on cybersecurity audits, risk assessments, and automated decision making privacy by design in practice a must-do to be able to effectively respond to the demands of augmented privacy regulatory frameworks.

Healthcare

Healthcare Security Cybersecurity Government

Continuity Professionals Pulse

New from the IIA: Global Internal Audit Standard to Replace the IPPF

A Guide to Completing an Internal Audit for Compliance Management

Trending Sources

How to Navigate the Cybersecurity Minefield of Remote Work

How to Navigate the Cybersecurity Minefield of Remote Work

Adversarial Risk Management

Audit Checklist for SOC 2

Silicon Valley Bank (SVB) Failures in Risk Management: Why ERM vs GRC

What is Vendor Risk Management (VRM)? The Definitive Guide

What Is Enterprise Risk Management & Its Importance

5 Steps to Implement Enterprise Risk Management (ERM)

5 Steps to Implement Enterprise Risk Management (ERM)

The Colonial Pipeline Hack: Failure in Risk Management

What is Zero Trust Architecture?

Risk Assessment vs Risk Analysis

ISO 27001 Certification Requirements & Standards

3 Steps to Prepare for 2024 and Beyond with the Risk Maturity Model

3 Steps to Prepare for 2024 and Beyond with the Risk Maturity Model

IRM, ERM, and GRC: Is There a Difference?

TSPs: Making the Case to Invest in Risk and Resiliency

Tips for Managing Third-Party Risk in Health Care

The Difference Between Strategic and Operational Risk

What Does a Compliance Management System Look Like?

ISO 27001 Requirements Checklist: Steps and Tips for Implementation

Important KPIs for Successful Vendor Management

What is Zero Trust Architecture?

33 Data Privacy Week Comments from Industry Experts in 2023

Data Privacy Awareness Month 2024: Roundup of Expert Quotes

Data Privacy Day 2024: The Definitive Roundup of Expert Quotes

Stay Connected