What Is NIST 800-161?

NIST 800-161 featured

With modern IT infrastructure becoming increasingly complex, intertwined systems managed through service providers and managing experts, the inevitable security problem rears its head. How can one organization, using several service providers, ensure their data security as it travels through those systems?

Over the past decade, enterprise and government specialists have refined the practice of risk management and security-focused on digital supply chain management. To support such efforts, the National Institute of Standards and Technology (NIST) released the newest revision, NIST 800-161, in May 2022. 

 

Read More

What Is a Risk Appetite Statement?

risk appetite featured

Over the past few weeks, we’ve talked quite a bit about risk:

  • What it is.
  • How it applies to compliance.
  • How you can start to think about it as an aspect of your overall business strategy. 

In many of the cases we’ve discussed, we’ve referred to risk in terms of mitigation–how to close the gap between your security capabilities and potential threats in the wild. 

But what’s critical to understand about risk is that it is just as much about how much risk you want to take on as you want to remove. And, when discussing potential risks concerning business goals, you must consider your risk appetite statement. 

 

Read More

What Are the Problems with Risk Management? 

risk management challenges featured

In our previous article, we discussed the concept of risk management–what it is and why it’s important. 

However, risk management in cybersecurity isn’t new, and many organizations are working towards normalizing risk as an approach for comprehensive cybersecurity and compliance efforts. 

While this move is a good one, we also find that many organizations will over-rely on frameworks as an end-all, be-all approach to security, which can prove more confusing than helpful. 

 

Read More