Blog
-
SSL/TLS and SSH Keys and Certificates at Risk
A study (PDF), released Thursday by the Ponemon Institute and underwritten by Venafi, included the responses of 2,300 individuals in Germany, France, Australia, the UK and the U.S. I have provided a summary of the Cyber Risk’s identified in the study.
-
Operational Risk – What’s Important?
Brand and Reputation are important. Once lost, so is trust among consumers. Easy to agree with, but hard to manage without great processes, management and recovery plans when something goes wrong. That something can be a Cyber Attack that affects clients’ information, product tampering and so many other risks.
-
How Much Is Your Information Worth???
Information is wonderful, so wonderful that hackers want it. They want Personal Data, Corporate Espionage Data, Health Data, and so much more. The question is how much is your data worth to them? The second question is how much is your data worth to you.
-
2015 Operational Issues in Disaster Recovery and Business Continuity
I attended a great seminar this morning and different companies spoke about their issues. This Post is a summary of these issues that you can use as checklist and see if they apply to your Risk.
-
SEC Issues (Cyber) Risk Alert
The SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert notifying firms it will conduct IT security examinations of more than 50 registered broker-dealers and registered investment advisers.
-
Business Continuity Planning Training Budgets Being Pushed Aside
As a Continuity Professional, I have noticed more and more organizations cutting expenses by cutting planning for disasters. Budgets seem to be going toward Cyber Security. On first analysis this makes sense since Homeland Security beliefs are that Cyber Security is a very high possibility for a Terrorist Attack.
-
Creating Awesome Joint Cyber, DR, and BCP Tests/Exercises
What do Business Continuity Test/Exercise, Disaster Recovery Test/Exercise and Cyber Security Event Test/Exercise have in common? The most important thing is that all three are validating the organizations’ response capability.
-
Assessing and Managing Risks
Understanding how Management of Risk works: Risk is the effect (positive or negative) of an event or series of events that take place in one or several locations. It is computed from the probability of the event becoming an issue and the impact it would have.
-
ISO 22301 In A Nutshell
I created and delivered a one hour ISO 22301 Webinar for Compliance 4 All. This is a summary of ISO 22301. For an actual recording with more elaboration, please go to their site.
-
Implement ERM Program That Identifies, Evaluates and Controls Risks
An Enterprise Risk Management (ERM) program and processes should include all areas of enterprise risks and impacts that the entity may be exposed to. The risks weave back and forth affecting each other creating larger risks when viewed in a vacuum without looking at the 360 degree risk environment that can affect the organization.