NIS2 Directive – Network and Information Security Directive
Why is the NIS2 directive so important? The NIS2 directive has recently been released with updated standard for cybersecurity. It is a European Union initiative to raise cybersecurity standards. This is timely as recent high-profile incidents have brought cybersecurity sharply into focus for regulators. International and local authorities are changing how organisations approach cybersecurity. One […]
Formal Operational Resilience Management Information to Build Operational Resilience (Part2):
Part 2 Good Practices for Cyber Risk Management To manage cyber risk and assess cybersecurity preparedness of its critical operations, core business lines and other operations, services, and functions organisations may choose to use standardised tools that are aligned with common industry standards and best practices. Our preference is the National Institute of Standards and […]
Formal Operational Resilience Management Information to Build Operational Resilience (Part1):
Operational resilience is the ability to deliver operations, including critical operations and corebusiness function, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt,withstand, and recover from disruptions. Any organisation that operates in a safe and sound manner is able […]
IT Chief Information Security Officer, CISO discussion with a board, what issues matter to them and how to engage them.
Information Technology is a core business operation, it is now essential to most business operations. Technical staff – IT Mangers, Chief Information Officers, Chief Information System Officers now are being engaged by senior management and the board. Working at this level, board members are from all backgrounds and experiences, and you may be lucky to […]
Formal operational resilience management information to build operational resilience
Operational resilience is the ability to deliver operations, including critical operations and corebusiness function, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt,withstand, and recover from disruptions. Any organisation that operates in a safe and sound manner is able […]
Cyber threats (IT Risks) pose a very real and significant, risk to their operations.
Steps to cyber risk assessment
Once that’s completed here are the steps needed to undertake a cyber risk audit.
1. Identify threat sources and events
2. Identify vulnerabilities and how they may be exploited
3. Estimate the likelihood of these threats occurring
4. Evaluate the potential impact on your business if they do occur
5. Determine the degree of risk involved
6. Rank the risks in order of priority
7. Prioritise actions and responses to critical risks
Risk Management vs. Compliance
What matters is your ability to govern access to the data. That’s the IT asset: your ability to keep others from using that stolen iPad, or stolen access credentials. The asset is your collection of policies and procedures to evaluate relationships, study data usage patterns, raise alarms about suspicious behaviour, provision or de-provision user access, and so forth, and your database of customer interactions and records.
What could go wrong? In your opinion, how likely is it to go wrong? Board of Directors.
Board members need to insist on understanding IT / Cybersecurity risks. Only with this knowledge, can they properly discuss those risks at board level and achieve a consensus on setting the enterprise’s risk tolerance. When it comes to cybersecurity strategy, perhaps the single most important goal for boards and CEOs is defining the enterprise’s IT […]
Cyber Security Check List
Action Item Checklist Function Summary Description User Name and Password Protection Strictly enforce robust password security as per NIST Standards that include Upper and lower case letters, numbers and symbols Minimum of 8 characters, avoiding common words and dates Password not used for any other log in’s Changing passwords regularly – 3 months Using 2 […]
Quick little Post on Policies and Asset Registers
We are currently working with two large companies and it is interesting on my behalf on how little emphasis there has been on asset registers. An asset register of IT equipment is one of the foundations of your IT systems and security, if you dont know what you own, then you dont know what keys […]