What Are the Problems with Risk Management? 

risk management challenges featured

In our previous article, we discussed the concept of risk management–what it is and why it’s important. 

However, risk management in cybersecurity isn’t new, and many organizations are working towards normalizing risk as an approach for comprehensive cybersecurity and compliance efforts. 

While this move is a good one, we also find that many organizations will over-rely on frameworks as an end-all, be-all approach to security, which can prove more confusing than helpful. 

 

Read More

What Is Risk?

risk management featured

Part 1: Risk and Security in Modern Systems

“Risk “is a term gaining real traction in any industry where cybersecurity regulations impact businesses. Many frameworks and regulations are turning to risk management as a proactive and comprehensive approach to security management. This shift can mean big changes for enterprises that aren’t generally considering risk as part of their security profile. 

This article is the first in a series of articles related to risk management as a challenge for modern businesses. Throughout this series, we will cover several topics related to risk management in modern business:

  • Why is risk management becoming the focus of cybersecurity?
  • Is abstract risk management detrimental to companies that would benefit from clearly-defined standards?
  • How does risk management apply to both enterprise and small businesses alike?
  • Is there a way to implement risk management with a standards-first approach?
  • Are their platforms, visualization tools, etc., that can change how we look at risk management?

Read More

CMMC 2.0 Updates: More Contractors Expected to Require Full CMMC Certification

CMMC featured

With the Department of Defense unveiling CMMC version 2.0 last November, many contractors breathed a sigh of relief. The relaxed assessment requirements and streamlined structure signaled a willingness from the DoD to work with assessors and contractors to find a way to promote security over Controlled Unclassified Information (CUI) without making the process harder than it needed to be. 

Read More