Part 2 Good Practices for Cyber Risk Management To manage cyber risk and assess cybersecurity preparedness of its critical operations, core business lines and other operations, services, and functions organisations may choose to use standardised tools that are aligned with common industry standards and best practices. Our preference is the National Institute of Standards and […]
Operational resilience is the ability to deliver operations, including critical operations and corebusiness function, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt,withstand, and recover from disruptions. Any organisation that operates in a safe and sound manner is able […]
Information Technology is a core business operation, it is now essential to most business operations. Technical staff – IT Mangers, Chief Information Officers, Chief Information System Officers now are being engaged by senior management and the board. Working at this level, board members are from all backgrounds and experiences, and you may be lucky to […]
Operational resilience is the ability to deliver operations, including critical operations and corebusiness function, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt,withstand, and recover from disruptions. Any organisation that operates in a safe and sound manner is able […]
Information Technology (IT) risk management in community based financal service entities involves identifying, assessing, and mitigating potential risks to the bank’s IT systems and data. This includes risks related to cyber security, data privacy, and compliance with regulations. They should have a comprehensive IT risk management program in place that includes regular risk assessments, security […]
Last month I was requested to sit in on a server replacement project. Sitting down with the CEO asking pertinent questions, we soon discovered that the initial project budget was way off target, the cost of the hardware was 1x, cost of the software migration (platform that was hosted on this server was 1y and […]
Steps to cyber risk assessment
Once that’s completed here are the steps needed to undertake a cyber risk audit.
1. Identify threat sources and events
2. Identify vulnerabilities and how they may be exploited
3. Estimate the likelihood of these threats occurring
4. Evaluate the potential impact on your business if they do occur
5. Determine the degree of risk involved
6. Rank the risks in order of priority
7. Prioritise actions and responses to critical risks
It is only by focusing on risk with, through and by your people, that you are going to truly solve your organisational risk exposure and drive transformational change.
Third parties ‘suppliers’ are a necessary part of your business. They are your suppliers, contractors and your partners. They are a core part of your business, without them, you typically can’t do business. Third parties may also provide cloud services, store sensitive data, and provide other important services. Unfortunately, third parties are also a major […]
It is time to rethink how we approach managing risk and to ask the question, how do the processes, policies, procedures and technology affect our employees?After all, they are the ones who interact and navigate challenges with your work environment.* Does your organisation’s risk management strategy help and support them to be successful? Or doesimpede […]
• The board and senior management should have accurate and adequate oversight of resilience activity, trends and remediation measures, which allows them to make the business decisions regarding investments and risk exposure
Without a prepared strategy in place, your exit from the failed relationship may be more akin to jumping out of the window of a burning building, rather than a calm exit using the stairs. Both get you out of immediate danger, but one is much more likely to end in a painful landing.
What matters is your ability to govern access to the data. That’s the IT asset: your ability to keep others from using that stolen iPad, or stolen access credentials. The asset is your collection of policies and procedures to evaluate relationships, study data usage patterns, raise alarms about suspicious behaviour, provision or de-provision user access, and so forth, and your database of customer interactions and records.
Board members need to insist on understanding IT / Cybersecurity risks. Only with this knowledge, can they properly discuss those risks at board level and achieve a consensus on setting the enterprise’s risk tolerance. When it comes to cybersecurity strategy, perhaps the single most important goal for boards and CEOs is defining the enterprise’s IT […]
Action Item Checklist Function Summary Description User Name and Password Protection Strictly enforce robust password security as per NIST Standards that include Upper and lower case letters, numbers and symbols Minimum of 8 characters, avoiding common words and dates Password not used for any other log in’s Changing passwords regularly – 3 months Using 2 […]
