In our last blog, we explored the content and value of the New York State Department Of Financial Services 23 NYCRR 500; Cybersecurity Requirements For Financial Services Companies. In this article, we’ll explore how the application of a framework like NIST 800-53, or the NIST Cybersecurity Framework helps structure and achieve strong compliance with regulations[…]
Exploring the intent and value offered through the New York State Department Of Financial Services 23 NYCRR 500; Cybersecurity Requirements For Financial Services Companies From time to time it’s worthwhile to explore an example of a regulation put into place to help define, encourage, and oblige sound cybersecurity and risk management practices. Financial institutions are[…]
I’m old enough to remember a time before ATM’s, cell phones, the internet, and portable computing in any number of form factors. No, there were no dinosaurs stealing my school lunch, and I didn’t learn to write on a clay tablet with a stick (despite what my now grown children might think). But the depth[…]
Recently there was a malware attack discovered. “So?”, you might ask? “There’s always a malware attack of some sort or another being identified, reported and measured for its scope and impact.” Well, this one was unique in several ways: First, it seemed to target Mac OS, which is a rarity for technical (its UNIX roots)[…]
Choosing a risk management platform is an important process. First, and foremost, companies often think this software must reflect the priorities, practices, and processes of your current operating risk management processes— “model what we do and how we do it”, so to speak. This can be a fundamental, strategic error. If you are in the[…]
One of the greatest challenges to managing cyber risk is communications. Often the technologies and tools used to deploy effective countermeasures, monitor activity on networks, and online points of contact between an enterprise and its stakeholders, clients, customers, and partners are described using language uncommon to non-technical audiences. Also lost to those outside cybersecurity and[…]
This is the second of a Two-Part blog series on Cybersecurity’s impact on Audit Management, by guest blogger Simon Goldstein. Cyber Incident Investigation Partner with Audit to facilitate and enrich Incident Management. When a cyber incident occurs, the immediate need to bring the event to a halt is paramount. At the same time, detailed investigation[…]
This is Part One of a Two-Part blog series on Cybersecurity’s impact on Audit Management, by guest blogger Simon Goldstein. When risk professionals think about integrating enterprise resources, they often exclude or overlook audit functions, internal and external. Executive management relies upon Audit for trusted feedback into its enterprise governance efforts. Audit is a great[…]
This is the final part of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein. “If you don’t know where you are or where you are going, how will you know when you get there?” Sounds obvious enough, doesn’t it? But not very many years ago, when computerized charts and graphs[…]
This is Part Five of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein. Too often cyber security, and related risk management, is viewed as a purely technological matter pertaining only to the processes and practices reliant upon IT assets, systems, partners and services. Reality is quite different. Cyber Security is[…]