Tag: Cyber Security Roadmap
-
Defining Third-parties or Vendors from IT GRC perspective
The focus is on a risk-based approach to managing third-party vendors in IT governance, risk, and compliance. Instead of encompassing all vendors, a vendor portfolio with essential information is recommended. Maintaining current information and conducting litmus tests to identify critical vendors is crucial, especially those handling proprietary information.
-
Establishing a Third-party or Vendor Management program
The approach to integrating cyber security into the procurement process varies based on organization size and complexity. Companies with business experience typically have a Procurement and Contract Management (ProCam) program in place. Cyber security should assess vendor risk and advise on legal contracts. Stakeholders must be identified and a roadmap devised for future vendor management…
-
Creation of IT Asset Portfolio
An organization’s choice between using a spreadsheet, a purpose-built CMDB, or another GRC tool depends on present and future needs, asset information volume, and user/stakeholder access. A spreadsheet may suffice for initial asset management, but a purpose-built GRC tool is essential for long-term governance, offering robust information capture, user access control, and workflow automation.
-
Criticality of an IT Asset Portfolio
An IT Asset portfolio is crucial for IT governance, providing a clear understanding of an organization’s assets. Key information includes business owner, technology owner, location, platform, and business impact assessment results. Regular review and metadata inclusion enhance reliability. Commercial CMDB software caters to this, but it can be created with minimal resources if budget is…
-
Components of Cyber security Policy
A cybersecurity policy is crucial for protecting an organization’s information systems and data from cyberattacks. It helps in risk management, compliance with regulations, protecting assets, incident response, employee awareness, vendor management, and continuous improvement. Such a policy is essential for maintaining security posture and minimizing the impact of security breaches.
-
COBIT 2019 for beginners
This content advocates for the use of frameworks in cybersecurity implementation and governance, particularly focusing on the COBIT 2019 Framework. It highlights the intricate nature of COBIT, the importance of executive sponsorship and continuous support, the need for simplification for beginners, and how COBIT aligns with industry standards like ISO 27001, ITIL, and NIST SP…
-
Criticality of the Cybersecurity Policy
In today’s digital landscape, cybersecurity policies are crucial for protecting an organization’s digital assets, sensitive information, and infrastructure from cyber threats. To ensure policy effectiveness, focus on establishing a strong tone at the top, outlining high-level expectations in simple terms, and clearly communicating the consequences of non-adherence. Additionally, the policy should reference security, privacy, and…
-
Who should own the Cyber security Policy
The Information Security policy should be overseen by the highest-level executive to ensure organization-wide enforcement. Specific policies, such as Acceptable Use and Network security, should be owned by relevant department executives. The policy owner often doubles as the risk owner, ensuring accountability at every level.
-
A Pragmatic approach to maturing Cyber Security program
Systematically maturing Cyber security program of your Organization
You must be logged in to post a comment.