NIS2 Directive – Network and Information Security Directive
Why is the NIS2 directive so important? The NIS2 directive has recently been released with updated standard for cybersecurity. It is a European Union initiative to raise cybersecurity standards. This is timely as recent high-profile incidents have brought cybersecurity sharply into focus for regulators. International and local authorities are changing how organisations approach cybersecurity. One […]
Formal Operational Resilience Management Information to Build Operational Resilience (Part2):
Part 2 Good Practices for Cyber Risk Management To manage cyber risk and assess cybersecurity preparedness of its critical operations, core business lines and other operations, services, and functions organisations may choose to use standardised tools that are aligned with common industry standards and best practices. Our preference is the National Institute of Standards and […]
Formal Operational Resilience Management Information to Build Operational Resilience (Part1):
Operational resilience is the ability to deliver operations, including critical operations and corebusiness function, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt,withstand, and recover from disruptions. Any organisation that operates in a safe and sound manner is able […]
IT Chief Information Security Officer, CISO discussion with a board, what issues matter to them and how to engage them.
Information Technology is a core business operation, it is now essential to most business operations. Technical staff – IT Mangers, Chief Information Officers, Chief Information System Officers now are being engaged by senior management and the board. Working at this level, board members are from all backgrounds and experiences, and you may be lucky to […]
Formal operational resilience management information to build operational resilience
Operational resilience is the ability to deliver operations, including critical operations and corebusiness function, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt,withstand, and recover from disruptions. Any organisation that operates in a safe and sound manner is able […]
IT Risk Management In Community Based Financial Service
Information Technology (IT) risk management in community based financal service entities involves identifying, assessing, and mitigating potential risks to the bank’s IT systems and data. This includes risks related to cyber security, data privacy, and compliance with regulations. They should have a comprehensive IT risk management program in place that includes regular risk assessments, security […]
What device replacement strategies do you use?
Last month I was requested to sit in on a server replacement project. Sitting down with the CEO asking pertinent questions, we soon discovered that the initial project budget was way off target, the cost of the hardware was 1x, cost of the software migration (platform that was hosted on this server was 1y and […]
Cyber threats (IT Risks) pose a very real and significant, risk to their operations.
Steps to cyber risk assessment
Once that’s completed here are the steps needed to undertake a cyber risk audit.
1. Identify threat sources and events
2. Identify vulnerabilities and how they may be exploited
3. Estimate the likelihood of these threats occurring
4. Evaluate the potential impact on your business if they do occur
5. Determine the degree of risk involved
6. Rank the risks in order of priority
7. Prioritise actions and responses to critical risks
Empower your people to be your organisation’s greatest risk management asset
It is only by focusing on risk with, through and by your people, that you are going to truly solve your organisational risk exposure and drive transformational change.
Why is third-party risk management important?
Third parties ‘suppliers’ are a necessary part of your business. They are your suppliers, contractors and your partners. They are a core part of your business, without them, you typically can’t do business. Third parties may also provide cloud services, store sensitive data, and provide other important services. Unfortunately, third parties are also a major […]