Awareness

CMMC 2.0, NIST, and Risk Management

Apr 26, 2023 Lazarus Alliance 0 Comment

Cyber threats continue to grow in complexity and sophistication. To address this evolution, the Department of Defense has introduced the Cybersecurity Maturity Model Certification (CMMC) 2.0 to ensure that defense contractors maintain robust cybersecurity practices to protect Controlled Unclassified Information (CUI).

To address one of the most important processes in modern security (risk management), CMMC 2.0 includes some risk assessment requirements.

This article will explore risk management’s vital role in achieving CMMC 2.0 compliance and its connection to the National Institute of Standards and Technology (NIST) guidelines, specifically NIST SP 800-171. We will delve into the various control families of NIST 800-171 and 800-172, their impact on risk management, and the steps organizations can take to address potential risks effectively.

What Is OCTAVE and OCTAVE Allegro?

Apr 12, 2023 Lazarus Alliance 0 Comment

The importance of risk management cannot be overstated… and yet, many enterprises struggle with the practice due to a lack of standardization or expertise. And while the challenges that businesses face implementing risk management are understandable, they are no longer acceptable.

This article will provide an in-depth overview of OCTAVE Allegro, a framework developed to help small and mid-sized businesses effectively approach risk management. Whether you are an IT professional, security analyst, or business owner, understanding the capabilities of OCTAVE Allegro can help you better protect your organization from cyber threats.

What Is a Risk Appetite Statement?

May 11, 2022 Lazarus Alliance 0 Comment

Over the past few weeks, we’ve talked quite a bit about risk:

What it is.
How it applies to compliance.
How you can start to think about it as an aspect of your overall business strategy.

In many of the cases we’ve discussed, we’ve referred to risk in terms of mitigation–how to close the gap between your security capabilities and potential threats in the wild.

But what’s critical to understand about risk is that it is just as much about how much risk you want to take on as you want to remove. And, when discussing potential risks concerning business goals, you must consider your risk appetite statement.