NIST 800-30 and the Risk Assessment Framework

NIST SP 800-30 risk management featured

Risk assessment has been and continues to be, one of the more challenging cybersecurity practices that many organizations will put into place. Unlike simple security control implementation and maintenance, risk assessment calls for your organization to understand how adopting, or not adopting, particular controls, operations or processes can impact security.

As the federal government and the defense supply chain are turning more and more attention to the importance of cybersecurity (including President Biden’s Executive Order on the subject and the several bills in Congress addressing limitations in our security posture), businesses working in that area will be expected to implement risk-based compliance. This fact, in turn, means that you must understand critical government frameworks that speak about risk. 

In this article, we are discussing NIST 800-30 and how it serves as a foundation for risk assessment in government compliance. 

 

Read More

What is the Risk Management Framework (RMF)?

RMF featured

The Defense Industrial Base (DIB) supply chain is integral to the security and well-being of our country and includes everyone from government agencies to IT contractors providing software, applications and cloud services to those agencies. It seems obvious that the regulations pertaining to these companies and their products would be more stringent than others, and would include more than simple security measures. That’s where RMF plays a major role. 

In this article, we discuss RMF and how it breaks down into actionable steps. Furthermore, we will discuss the importance of risk management for DoD contractors and why you should work with experts in managing your own risk. 

Read More

Why Excel is so Old-School and how to be Cool-School

Cool School -vs- Old School compares assessments done with Excel and the IT Audit Machine.
We get it. We completely understand why you still use Excel as an assessment and audit tool. We suffered through it just the same but we believe that working smarter and not harder which is why we invented ITAM.

The IT Audit Machine (ITAM) is the patent pending, industry changing assessment questionnaire creation tool designed specifically for the governance, risk and compliance (GRC) market space but where infinite possibilities exist even outside of the GRC and cybersecurity realms due to the intelligence and simplicity of the patent pending ITAM application framework.

Typical usage includes Audit and Compliance Assessments associated with FedRAMP, PCI DSS, HIPAA, Sarbanes Oxley, ISO 27001 and all others; Risk Management Assessments associated with ISO 27005, NIST Special Publications and all others; and Governance and Policy Development to describe a few but not all possible use cases.

Excel has big limits in space, accessibility, presentation, sustainability and formatting making it a poor choice for assessment and audit work. ITAM has flipped that paradigm upside-down with Big Data management, collaborative SaaS access, theme driven aesthetics, long term analytics and trending functionality, intelligent logic and notifications and so much more.

Our GRC solutions break industry paradigms that have plagued both client organizations and service providers alike. We’d like to show you how we have taken our real-world expertise and created GRC solutions that are being touted as game-changing technology. Call Continuum GRC software solutions today at 1-888-896-7580 and schedule a demonstration.

Simply put, Excel is so old-school and ITAM is so cool-school!

Visit ContinuumGRC.com to get more information about the IT Audit Machine.