Introduction to Cyber Risk Assessment In our hyper-connected world, businesses face countless digital threats every day. Whether it’s phishing emails, malware, or ransomware attacks, no organization is immune. That’s why cyber risk assessment has become a fundamental part of modern cybersecurity strategies. It helps identify potential vulnerabilities, evaluate the risks they pose, and prioritize actions […]
Author Archives: David Lineman
HIPAA-HiTECH Compliance, Regulatory Compliance, Risk Assessment Policy
Are you doing a real Cyber Security Risk Assessment?
30
Apr
Apr
A Cyber Risk Assessment is required in most cyber security frameworks and regulations. Is your firm doing a real cyber risk assessment, or are you doing a scan or audit and calling it a Risk Assessment? Understand the different and don’t fall into the trap Regulatory Actions on Risk Assessment The Department Of Health and […]
04
Feb
Feb
Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.
22
Jan
Jan
Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.
26
Dec
Dec
If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect may need to assess the cyber risk of your organization. You may try to purchase Cyber Breach Insurance. Or maybe you are […]
Information Security Policies, Writing Security Policies
5 Elements of Effective Information Security Policies
25
Oct
Oct
Use these 5 rules to take your information security policies off the shelf and put them into action. Information Security Policies – The Foundation Information Security Policies are the foundation of your cyber security program. They create the “written rules” that define how controls are implemented and audited. They are typically the first set of […]
FTC Safeguard Compliance, GLBA Compliance, SEC Security Policies
Security Policies for Regulation S-P: GLBA Data Privacy
09
Oct
Oct
In 2024 the SEC formally adopted updates to “Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information.” The rules apply to financial institutions that collect and manage nonpublic personal information about consumers (PII). First adopted in 2000, the privacy requirements have continually evolved and major updates were approved in 2024. The updated privacy […]
FTC Safeguard Compliance, Information Security Policies, Press Releases
Simplify Compliance with EPA Cyber Security Requirements
04
Oct
Oct
Understand the key cyber security requirements of the Safe Drinking Water Act (SDWA) and see how to effectively build and maintain and written information security program to maintain compliance. NOTE: When this article was originally published, Cyber Audit were going to be part of the Sanitary Surveys. That requirement was removed. But the Cyber Security […]
HIPAA-HiTECH Compliance, third-party security policies, Vendor Risk Management
Healthcare Cyber Resilience: Third Party Cyber Risk Management
13
Aug
Aug
As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations to increase focus of third-party security. For organizations that are already short on resources and staff, adding Vendor Risk Management process can […]
01
Aug
Aug
Full updates to the Common Policy Library including AI, SBOM and regulatory mappings.