Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Previously we published an article discussing some of the best practices surrounding cloud security, in this article, we will discuss cloud a little more specifically by focusing on one in particular provider Google. Google offers several different solutions for customers known as GCP or the Google Cloud Platform. GCP is set infrastructure tools and services which customers can utilize to build environments they need in order to facilitate a solution for their business.

In an ornate boardroom, a group of executives gathered at a large round table for their annual strategic planning meeting. Morgan, the CEO, was surrounded by Lana, the VP of Sales; Susan, the CISO, Smith, the COO; and Barbara, Chief Compliance Officer. There was much to get done in the next twelve months, so they were passionately debating how best to invest their limited budget to achieve their goals and to address various sources of risk.

The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for “Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004. This was the result of a Joint Task Force Transformation Initiative Interagency Working Group; it’s something that every agency of the U.S. government must now abide by and integrate into their processes.

Formulating an IT security risk assessment methodology is a key part of building a robust information security risk management program. The two most popular types of risk assessment methodologies used by assessors are: A risk assessment is a process that aims to identify cybersecurity risks, their sources and how to mitigate them to an acceptable level of risk.

A vendor risk management questionnaire (also known as a third-party risk assessment questionnaire or vendor risk assessment questionnaire) is designed to help your organization identify potential weaknesses among your third-party vendors and partners that could result in a data breach, data leak or other type of cyber attack.

Vendor risk management is the practice of governing third-party access to company data. This is a critical aspect of an organization since vendors view your business information when providing their services. For some, this can turn into a severe vulnerability that can lead to data breaches. In fact, in the past five years, vendors like Home Depot and Target were responsible for those incidents, as reported by Forbes.