Reporting Risk Assessment Findings… enriching content with context

One of the greatest challenges to managing cyber risk is communications. Often the technologies and tools used to deploy effective countermeasures, monitor activity on networks, and online points of contact between an enterprise and its stakeholders, clients, customers, and partners are described using language uncommon to non-technical audiences. Also lost to those outside cybersecurity and[…]

Audit Processes Add Value and Objectivity to Cyber Risk and Security Programming – Part 2

This is the second of a Two-Part blog series on Cybersecurity’s impact on Audit Management, by guest blogger Simon Goldstein. Cyber Incident Investigation Partner with Audit to facilitate and enrich Incident Management. When a cyber incident occurs, the immediate need to bring the event to a halt is paramount.  At the same time, detailed investigation[…]

Audit Processes Add Value and Objectivity to Cyber Risk and Security Programming – Part 1

This is Part One of a Two-Part blog series on Cybersecurity’s impact on Audit Management, by guest blogger Simon Goldstein. When risk professionals think about integrating enterprise resources, they often exclude or overlook audit functions, internal and external.  Executive management relies upon Audit for trusted feedback into its enterprise governance efforts. Audit is a great[…]

The Oft Transparent Link in Cyber Security’s Risk Chain — People!

This is Part Five of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein. Too often cyber security, and related risk management, is viewed as a purely technological matter pertaining only to the processes and practices reliant upon IT assets, systems, partners and services. Reality is quite different.  Cyber Security is[…]

The Seven Performance Steps to Managing Risk, the NIST Way

This is Part Four of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein. Every approach to risk management, cyber-oriented, operational, IT, financial, and so on covers the core basics NIST describes as Identify, Protect, Detect, Respond, and Recover.  And there are also many ways to describe the performance operations needed[…]

What Senior Execs Need to Know about their Cyber Risk Program

This is Part Three of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein Senior Executives perform an important role in any effective cyber risk and security program. They are the executors of the governance function. They provide direction, resources, and policy leadership. They are neither a rubber stamp, nor simply[…]

Top