Information Technology (IT) risk management in community based financal service entities involves identifying, assessing, and mitigating potential risks to the bank’s IT systems and data. This includes risks related to cyber security, data privacy, and compliance with regulations. They should have a comprehensive IT risk management program in place that includes regular risk assessments, security […]
Last month I was requested to sit in on a server replacement project. Sitting down with the CEO asking pertinent questions, we soon discovered that the initial project budget was way off target, the cost of the hardware was 1x, cost of the software migration (platform that was hosted on this server was 1y and […]
Steps to cyber risk assessment
Once that’s completed here are the steps needed to undertake a cyber risk audit.
1. Identify threat sources and events
2. Identify vulnerabilities and how they may be exploited
3. Estimate the likelihood of these threats occurring
4. Evaluate the potential impact on your business if they do occur
5. Determine the degree of risk involved
6. Rank the risks in order of priority
7. Prioritise actions and responses to critical risks
It is only by focusing on risk with, through and by your people, that you are going to truly solve your organisational risk exposure and drive transformational change.
Third parties ‘suppliers’ are a necessary part of your business. They are your suppliers, contractors and your partners. They are a core part of your business, without them, you typically can’t do business. Third parties may also provide cloud services, store sensitive data, and provide other important services. Unfortunately, third parties are also a major […]
It is time to rethink how we approach managing risk and to ask the question, how do the processes, policies, procedures and technology affect our employees?After all, they are the ones who interact and navigate challenges with your work environment.* Does your organisation’s risk management strategy help and support them to be successful? Or doesimpede […]
• The board and senior management should have accurate and adequate oversight of resilience activity, trends and remediation measures, which allows them to make the business decisions regarding investments and risk exposure
Without a prepared strategy in place, your exit from the failed relationship may be more akin to jumping out of the window of a burning building, rather than a calm exit using the stairs. Both get you out of immediate danger, but one is much more likely to end in a painful landing.
What matters is your ability to govern access to the data. That’s the IT asset: your ability to keep others from using that stolen iPad, or stolen access credentials. The asset is your collection of policies and procedures to evaluate relationships, study data usage patterns, raise alarms about suspicious behaviour, provision or de-provision user access, and so forth, and your database of customer interactions and records.
Board members need to insist on understanding IT / Cybersecurity risks. Only with this knowledge, can they properly discuss those risks at board level and achieve a consensus on setting the enterprise’s risk tolerance. When it comes to cybersecurity strategy, perhaps the single most important goal for boards and CEOs is defining the enterprise’s IT […]
Action Item Checklist Function Summary Description User Name and Password Protection Strictly enforce robust password security as per NIST Standards that include Upper and lower case letters, numbers and symbols Minimum of 8 characters, avoiding common words and dates Password not used for any other log in’s Changing passwords regularly – 3 months Using 2 […]
We are currently working with two large companies and it is interesting on my behalf on how little emphasis there has been on asset registers. An asset register of IT equipment is one of the foundations of your IT systems and security, if you dont know what you own, then you dont know what keys […]
Much of the business discussion around cybersecurity relates to protection of key assets such as customer information and intellectual property, often after the news that another company has suffered a large data breach. While strengthening defenses against cyber attackers is important, companies also must be prepared to handle the reputational and financial hits that a […]
Cybersecurity/ IT Risk Management is (or should be) on the agenda of boards. Information Technology is ranked by many as a top 10 risk, but does your board treat it accordingly? Working on and with Boards of Directors, I understand that the agenda is pretty full on, despite Zoom decreasing the actual meeting times. Since […]
Employee Data Theft When most of us think about a cybercriminal, we usually think of a person from home, and probably not in your own country. But did you ever consider that a hacker could be inside your own organisation? While most business owners assume that attacks on their company, data, website or operations are […]