Risk Management


Top 5 Predictions for InfoSec GRC in 2020

January 1 ushers in a new year, a new decade, and new challenges—as well as new dimensions and re-ordering of existing challenges. Reciprocity’s Team of GRC Experts share likely developments, trends to watch out for, and how your organization can navigate Information Security Risk, & Compliance in 2020. With foresight, an organization can proactively take steps to address the challenges of the future.


Business Continuity Checklist for Planning and Implementation

Having a comprehensive business continuity plan (BCP) in place will help ensure that your business doesn’t suffer any downtime in the event of a disaster, which may include natural disasters, such as floods, fire, weather-related events, and cyberattacks. If you’re not prepared, these disasters can have catastrophic consequences on your business, including loss of productivity, loss of revenue, as well as damage to your reputation and your relationships with your customers.


How Much Does It Cost to Become PCI Compliant?

How much does it cost to become compliant with the Payment Card Industry Data Security Standard (PCI DSS)? It is challenging to put a number or an actual figure of becoming PCI compliant. The reason exact dollar amounts become a problem to predict is it depends on the size of the organization, whether they are eligible for the PCI Self Assessment Questionnaire (PCI SAQ), and the way they handle and store customer information.

Featured Post

Project Management And Using a Risk Assessment Matrix

According to studies published over the last decade, over 90% of new businesses fold before they even go to market or reach their fifth anniversary. The failure rate has become so prevalent that some entrepreneurs have taken it to be normal. However, nothing about failure, especially where money is involved, is normal. Is it possible to reduce failure rates in the startup world with today's business intelligence tools? The answer would be a resounding "yes" if we look at it from a risk management perspective. Risk management involves identifying problems before they occur and preparing for them.

Plights of the Round Table - A Tale of Weighing Risk

In an ornate boardroom, a group of executives gathered at a large round table for their annual strategic planning meeting. Morgan, the CEO, was surrounded by Lana, the VP of Sales; Susan, the CISO, Smith, the COO; and Barbara, Chief Compliance Officer. There was much to get done in the next twelve months, so they were passionately debating how best to invest their limited budget to achieve their goals and to address various sources of risk.


HIPAA and Social Media: What You Need to Know

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law before the rollout of major social media sites such as Facebook, Twitter, and Instagram. And as such, there are no specific HIPAA rules for social media. However, some HIPAA laws and standards apply to the use of social media by health care organizations and their workers. Because of that, each health care organization must implement a HIPAA social media policy to decrease the risk of HIPAA violations.


How to Apply the Risk Management Framework (RMF)

The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for “Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004. This was the result of a Joint Task Force Transformation Initiative Interagency Working Group; it’s something that every agency of the U.S. government must now abide by and integrate into their processes.


IT Security Risk Assessment Methodology: Qualitative vs Quantitative

Formulating an IT security risk assessment methodology is a key part of building a robust information security risk management program. The two most popular types of risk assessment methodologies used by assessors are: A risk assessment is a process that aims to identify cybersecurity risks, their sources and how to mitigate them to an acceptable level of risk.