Performing Supplier Audits If you’re in business with a supplier, you’re going to want to make sure you perform regular audits as their business practices directly impact yours. Supplier audits are essential to document the relationship between different companies and verify a supplier’s compliance with required...
Importance of Implementing IT Compliance With the vast majority of businesses going digital, IT compliance is now more prevalent than ever. With that said, we wanted to utilize this blog post as an opportunity to educate our readers on the hot topic of IT compliance....
The downfall of Convenience The continuous advancement of technology is evergreen because of its advantages like easy access and instant gratification. From being able to shop for groceries from their living room, to having vehicles that drive themselves, consumers are loving the convenience that the cyber...
Financial Service Risk Over the last several years, the financial services industry has been hurdled with scandals and loss. Said scandals have cost financial companies millions of dollars and left them with a not so good look. Financial service risks are getting out of hand, so...
What is it? ISO 27001 is an international standard that provides a process for an Information Security Management System (ISMS). An ISMS is a framework containing policies and procedures for an organization to follow throughout its information risk management process. Following the process will ensure that...
Risk consultants are so busy managing risk for other companies that they often don’t realize that they themselves also have risks to face, such as: missing deadlines, misplacing client documents, difficulty scheduling client interviews and more. But overall, the biggest risk here is performance. How...
We live in a society where risk is ever present and impossible to avoid, no matter what industry you are in. It is no secret that some industries tend to face higher risk than others, therefor they must take additional precautions. PCI-DSS, HIPAA, and NERC-CIP-01...
What is ISO 31000? ISO 31000 is a security analysis methodology, or risk management process, that is used in various risk programs across a range of different industries. It helps standardize the steps you take to evaluate and manage risk, leaving you with a formal...
USING SPREADSHEETS FOR RISK ASSESSMENTS – WHY IT IS SUCH A BAD IDEA? Spreadsheets are user-friendly, inexpensive, and easy to use, which are key attributes. However, they fall short in several key areas when using them to perform Risk Assessments and Security Audits. The temptation for...
Alaska's Health and Social Services CSO Offers Lessons Learned Thor Ryan, chief security officer at the Alaska Department of Health and Social Services, offers lessons learned as a result of his organization's $1.7 million settlement following a HIPAA compliance investigation triggered by a small breach incident. The...