Business risk in the United States may be higher during the novel coronavirus pandemic than at any time in our generation, making risk management a must. What are your strategies for risk mitigation—not only in your enterprise but up and down your supply chain—amidst COVID-19 disease outbreaks? Business interruption is a growing concern right now.
As cybercriminals continue to use the novel coronavirus pandemic to launch cybercrime scams and cyber attacks on teleworking applications, virtual private networks (VPN), and other technologies associated with remote work, many organizations find themselves in crisis mode, as well. Your enterprise may be scrambling daily to protect your sensitive data, reduce the likelihood of data breach, and guard against malware and ransomware attacks as well as other cyber threats.
Beginning this month, Reciprocity will highlight companies that have earned compliance certifications for information security frameworks. Here’s our May 2020 roundup of compliance news from around the United States, and around the world.
Change is hard—and during the COVID-19 pandemic, it’s happening at breakneck speed. Your employees and business partners need to know now, more than ever before, that they can trust you to be honest and transparent with them. This is the essence of ethical leadership. We’re standing on shaky ground as the virus sweeps through our nation and upends our economy. People are losing their jobs, their health insurance, and perhaps even their savings.
As cybercriminals step up their efforts during the COVID-19 crisis to infiltrate your information systems, identity and access management (IAM) processes are more important for cybersecurity than ever. Aimed at preventing data breaches and unauthorized access to your systems, IAM becomes more critical as more of your employees perform their work from home. The firewalls that protected your system perimeter won’t suffice any longer, because there is no perimeter.
Internal audit and compliance departments benefit from having a comprehensive framework to use to perform corporate risk assessment and internal control testing as well as fight fraud. The most popular framework is the COSO Framework. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was originally formed in the United States in 1985 to combat corporate fraud.
Regulatory compliance is continuously evolving, which makes it increasingly imperative that everyone involved in the Compliance Management System (CMS) understand their responsibilities. Various sectors mandate oversight, including healthcare, finance, and cybersecurity. It is also a foundational business practice to safeguard company reputation and demonstrate integrity to consumers and the public. Compliance management is a top-down system, like most workplace cultures and business processes.
Business is inherently risky. Types of risk abound: financial, legal, regulatory, reputational and more. In the most extreme scenarios, failing to maintain an acceptable level of risk could result in injury or death, as in a factory; or, in the case of critical infrastructure, widespread economic catastrophe.
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53. NIST SP 800-53 provides a catalog of cybersecurity and privacy controls for all U.S. federal information systems except those related to national security. The IT security controls in the “NIST SP 800-171 Rev.