NIS2 Directive – Network and Information Security Directive

online_bank

Why is the NIS2 directive so important? The NIS2 directive has recently been released with updated standard for cybersecurity. It is a European Union initiative to raise cybersecurity standards. This is timely as recent high-profile incidents have brought cybersecurity sharply into focus for regulators. International and local authorities are changing how organisations approach cybersecurity. One […]

Formal Operational Resilience Management Information to Build Operational Resilience (Part2):

Call-center-worker

Part 2 Good Practices for Cyber Risk Management To manage cyber risk and assess cybersecurity preparedness of its critical operations, core business lines and other operations, services, and functions organisations may choose to use standardised tools that are aligned with common industry standards and best practices. Our preference is the National Institute of Standards and […]

Formal Operational Resilience Management Information to Build Operational Resilience (Part1):

Operational resilience is the ability to deliver operations, including critical operations and corebusiness function, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt,withstand, and recover from disruptions. Any organisation that operates in a safe and sound manner is able […]

Formal operational resilience management information to build operational resilience

staff_meeting

Operational resilience is the ability to deliver operations, including critical operations and corebusiness function, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt,withstand, and recover from disruptions. Any organisation that operates in a safe and sound manner is able […]

IT Risk Management In Community Based Financial Service

meeting

Information Technology (IT) risk management in community based financal service entities involves identifying, assessing, and mitigating potential risks to the bank’s IT systems and data. This includes risks related to cyber security, data privacy, and compliance with regulations. They should have a comprehensive IT risk management program in place that includes regular risk assessments, security […]

What device replacement strategies do you use?

working_on_pc

Last month I was requested to sit in on a server replacement project. Sitting down with the CEO asking pertinent questions, we soon discovered that the initial project budget was way off target, the cost of the hardware was 1x, cost of the software migration (platform that was hosted on this server was 1y and […]

Cyber threats (IT Risks) pose a very real and significant, risk to their operations.

Steps to cyber risk assessment
Once that’s completed here are the steps needed to undertake a cyber risk audit.
1. Identify threat sources and events
2. Identify vulnerabilities and how they may be exploited
3. Estimate the likelihood of these threats occurring
4. Evaluate the potential impact on your business if they do occur
5. Determine the degree of risk involved
6. Rank the risks in order of priority
7. Prioritise actions and responses to critical risks

Why is third-party risk management important?

Third parties ‘suppliers’ are a necessary part of your business. They are your suppliers, contractors and your partners. They are a core part of your business, without them, you typically can’t do business. Third parties may also provide cloud services, store sensitive data, and provide other important services. Unfortunately, third parties are also a major […]