RiskOptics

How To Ensure Compliance with Policies

Jan 10, 2019 By Karen Walsh In RiskOptics

The first step to cybersecurity compliance lies in creating controls. Nearly every standard or regulation requires you to establish policies, procedures, and protocols. However, the adage holds: “actions speak louder than words.” Ensuring that everyone within the organization complies with policies and procedures can sometimes be a more formidable process than creating them.

Read Post

RiskOptics

Read more about How To Ensure Compliance with Policies

Risk Management Planning: What Is It?

Jan 7, 2019 By RiskOptics In RiskOptics

We all live in a world full of "what ifs." In data protection, the "what ifs" of data security control effectiveness can drastically change in a spur of the moment. If a malicious actor finds a zero-day exploit or even a previously unknown vulnerability, he/she can cause a domino effect data breach that cuts across your entire IT supply chain.

Read Post

RiskOptics

Read more about Risk Management Planning: What Is It?

What Does a Compliance Management System Look Like?

Jan 2, 2019 By Karen Walsh In RiskOptics

While automated tools often enable your compliance management system (CMS), the CMS is less a technology and more a corporate compliance program. A compliance management system looks like a series of policies, procedures, and processes governing all compliance efforts. However, as more companies embed technology across the enterprise and more compliance requirements focus on cybersecurity, information security integrates across the CMS.

Read Post

RiskOptics

Read more about What Does a Compliance Management System Look Like?

Vendor Risk Management: The Basic Need for It. The Basic Principle of It.

Jan 1, 2019 By RiskOptics

This paper explores several dimensions of Vendor Risk Management. First, why are vendor risks proliferating-why now, and where do they come from? Second, what steps are necessary to manage vendor risks? And third, how can CISOs and compliance officers implement those steps in a practical way, so you don't spend all your time chasing vendors with risk management protocols?

Get EBook

RiskOptics

Read more about Vendor Risk Management: The Basic Need for It. The Basic Principle of It.

PCI-DSS: Steps to Successful Scoping

Jan 1, 2019 By RiskOptics

Learn how to scope PCI-DSS requirements for your business.

Get EBook

RiskOptics

Read more about PCI-DSS: Steps to Successful Scoping

Risk Appetite vs Risk Tolerance

Dec 20, 2018 By Karen Walsh In RiskOptics

Although often used interchangeably, risk appetite and risk tolerance distinguish themselves from one another in a nuanced way. While most regulations and standards focus on the risk management process, few clearly define the differences between these terms in a meaningful way. However, to create an effective cybersecurity program, you need to be able to separate risk appetite from risk tolerance so that you can develop appropriate controls to protect data.

Read Post

RiskOptics

Read more about Risk Appetite vs Risk Tolerance

Compliance Management Best Practices: When Will Excel Crush You?

Dec 1, 2018 By RiskOptics

When companies first determine they need a formal compliance program, many are unclear if they need a compliance tool to manage it. Many companies turn to Microsoft Excel as the compliance tool of choice when first undertaking a GRC program. This eBook covers where Excel makes sense and how to know when your program has outgrown Excel.

Get EBook

RiskOptics

Read more about Compliance Management Best Practices: When Will Excel Crush You?

The Insider's Guide to Compliance: How To Get Compliant and Stay Agile

Dec 1, 2018 By RiskOptics

Compliance is a process and you need to understand the right steps to take at the right time. This eBook provides a roadmap for understanding where you fit on the compliance spectrum, how to measure trade offs between growth and compliance, and practical tips for dealing with auditors as you move through the compliance process.

Get EBook