The lead risk assessor’s role in risk assessments
Embarking on an assessment of information security risks needs to be approached with a carefully planned strategy and project plan, to ensure that the risks and associated mitigating controls deliver...
View ArticleThe evolving world of risk and responsibility in information security
Lately in the press there have been repeated calls for the roles of CIO and Chief Information Security Officer (CISO) to be separated. The reasoning behind this is that corporate boards are relying on...
View ArticleConducting risk assessments with ISO27001: a primer
The international standard for information security, ISO27001, does not prescribe a specific risk assessment methodology, but it does require the risk assessment to be a formal process. This implies...
View ArticleAdditional reports and 3 new control sets are among the new features of the...
Ely, United Kingdom, 29 September 2014 – Vigilant Software has launched the latest version of its innovative and powerful risk assessment software, vsRisk™. vsRisk 2.4 is packed with new and enhanced...
View ArticleClik here to view.
ISO27005 and the Risk Assessment Process
The information security risk management standard, ISO/IEC 27005:2011, describes the risk management process for information and cyber security. The following article aims to clarify a few of the terms...
View ArticleClik here to view.
Appointing expert security personnel lead to average cost savings of...
The 2014 report on the global cost of cybercrime has revealed some interesting results about how and where security-conscious organisations should invest their efforts in the fight against cybercrime....
View ArticleFree webinar on how to conduct a cyber security risk assessment
Risk assessments are essential for effective information security management. The Global State of Information Security Survey indicates that security breaches are on the rise, and it comes as no...
View ArticleClik here to view.
The information security risk assessment: identifying threats
One of the first steps of an information security risk assessment is to identify the threats that could pose a risk to your business. According to the risk assessment process of ISO27005, threat...
View ArticleAssigning impact and likelihood values in an asset-based information security...
In ISO27001 and information security terms, when an asset is compromised, the confidentiality, availability and/or integrity (CIA) of the information held by the asset could be affected. When...
View ArticleVigilant Software develops unique online portal that simplifies the Cyber...
Ely, United Kingdom, 18 November 2014 – Vigilant Software, the leader in compliance software, has developed a unique online service that enables companies to apply for certification to Cyber...
View ArticleClik here to view.
Why the Board can be the biggest threat to information security
Nearly 60% of IT security professionals expect to experience a security breach within the next year, according to research conducted with 1,000 participants by Ponemon institute.1 A further 81% of...
View ArticleClik here to view.
An ISO 27001 risk assessment in nine simple steps
Getting organised to tackle a risk assessment for information security purposes requires quite a lot of planning and legwork. The following nine steps describe the basic process of conducting a risk...
View ArticleClik here to view.
Conducting an asset-based risk assessment in ISO 27001:2013
The nature of ISO27001 is that it is heavily focused on risk-based planning. This is to ensure that the identified information risks are appropriately managed according to the threats and the nature of...
View ArticleConducting risk assessments with ISO27001: a primer
The international standard for information security, ISO27001, does not prescribe a specific risk assessment methodology, but it does require the risk assessment to be a formal process. This implies...
View ArticleThe evolving world of risk and responsibility in information security
Lately in the press there have been repeated calls for the roles of CIO and Chief Information Security Officer (CISO) to be separated. The reasoning behind this is that corporate boards are relying on...
View Article