Using a Risk Assessment to Report Consumer Risk Because there are so many different laws that regulate how and when an organization must give notice if it has had a data security breach, understanding what the correct plan of action is for your organization or determining how to report consumer risk from breaches might be daunting. Nevertheless, the laws do have one major commonality: does the consumer suffer a…
by
Sarah Harvey / June 12th, 2018
Effective Vendor Risk Management An effective risk management strategy includes a strategic process for assessing and monitoring vendor compliance. Some vendors go to great lengths to secure their services and processes, but others may leave you with consequences to pay. Vendors need to prove what they are doing to reduce risk to you and your customers. You’re putting a great deal of control into the vendors' hands, so managing vendor…
by
Sarah Harvey / April 3rd, 2018
Advancements in cloud technology have completely changed the way organizations use, store, process, and share data, applications, and software. Cloud environments tend to be more cost-efficient and time-efficient…so why wouldn’t you put your data in the cloud? Because so many organizations are putting so much sensitive data into cloud environments, they have inevitably become targets for malicious attackers. New security vulnerabilities are consistently being discovered and, in a vicious cycle,…
by
Joseph Kirkpatrick / March 27th, 2018
What is the Purpose of a Risk Assessment? Most information security frameworks require a formally documented, annual risk assessment. You will see this requirement over and over again in your pursuit of SOC 1, SOC 2, PCI DSS, HIPAA, or HITRUST CSF compliance. But what exactly is a risk assessment and why is it so important to information security frameworks? Let's find out. What is a Risk Assessment? A risk…
by
Sarah Harvey / October 13th, 2017
As cyber threats continue to be a major concern for business owners, not having a cybersecurity strategy in place is no longer an option. You must be prepared to defend your business from cyber threats and be proactive with your cybersecurity prevention strategies. Here are 5 easy ways to defend your business from cyber threats. 1. Know Your Risks As auditors, we frequently talk about risk assessment and risk management…
