NIST is the abbreviated name of the National Institute of Standards and Technology. It’s one of many federal agencies under the U.S. Department of Commerce, and is one of the oldest physical science laboratories in the United States. The agency develops technology and security policies that help drive innovation in science and technology-related industries; and better prepares those industries to meet the requirements of the Federal Information Security Management Act (FISMA).

If your organization handles any type of payment processing, storage, or transmission of credit card data electronically, you’ll be very familiar with PCI DSS (formally known as the Payment Card Industry Data Security Standard). This standard exists to protect debit and credit cardholder data from unauthorized access via data breaches, ransomware, and other security breaches. However, with the rise in these breaches also comes the rise in changes and rules to the PCI DSS.

A famous 2011 article by security adviser Roger Grimes is intriguingly titled, “To beat hackers, you have to think like them.” In the article, Grimes explains that IT security professionals must view IT systems through the eyes of hackers — and search ways to break into these systems, identify weaknesses, and create robust security measures. That is exactly what penetration testing is all about.

From innocent but costly mistakes to fraudulent manipulations, all organizations are subject to significant risks that can jeopardize financial reporting or lead to the loss of corporate assets. That’s why it is imperative to establish a robust system of internal controls to reduce or prevent such threats to the organization.

Every company needs to undertake a certain amount of planning if it wants to grow. This includes not only strategic planning to expand operations and increase profits; executives also need to plan for risks they might encounter so they can anticipate and avoid threats. It makes sense, therefore, to integrate this planning throughout your organization so that no business function goes overlooked.

The phrase “governance, risk, and compliance” (GRC) was first introduced in the early 2000s by the Open Compliance and Ethics Group (OCEG). Since then, the concept has fundamentally changed how businesses operate. Although GRC is not a revolutionary idea by any means, it is integral to assuring that organizations can achieve, and maintain, optimal business continuity.

A supply chain is the ecosystem of processes, systems, and entities that work together to transform an idea into a final product and customer-ready offering. That lifecycle consists of multiple moving parts. As global supply chain complexity increases, organizations in every industry require robust and reliable supply chain management (SCM) tools, processes, and people. Coordination of the supply chain is critical for efficiency and optimization.

The first nine months of 2020 saw 2,953 publicly reported breaches — 51 percent more than the same period in 2019; by the end of 2020, another 1,000 breaches pushed the total to 3,950. On average, security professionals took 228 days to identify a security breach and 80 days to contain it.

If there’s one thing you can expect from cybercriminals, it’s that they’re always looking for new ways to locate and exploit your organization’s vulnerabilities. The National Institute of Standards and Technology (NIST) defines a vulnerability as a “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.”

It doesn’t matter which industry you work in or how large your business is: every company with a desire to stay competitive and relevant needs a cybersecurity risk management plan. New information technology comes online at a breakneck speed, making our business transactions and processes easier, smoother and faster.