What Is Risk?

Apr 20, 2022 Lazarus Alliance 0 Comment

Part 1: Risk and Security in Modern Systems

“Risk “is a term gaining real traction in any industry where cybersecurity regulations impact businesses. Many frameworks and regulations are turning to risk management as a proactive and comprehensive approach to security management. This shift can mean big changes for enterprises that aren’t generally considering risk as part of their security profile.

This article is the first in a series of articles related to risk management as a challenge for modern businesses. Throughout this series, we will cover several topics related to risk management in modern business:

Why is risk management becoming the focus of cybersecurity?
Is abstract risk management detrimental to companies that would benefit from clearly-defined standards?
How does risk management apply to both enterprise and small businesses alike?
Is there a way to implement risk management with a standards-first approach?
Are their platforms, visualization tools, etc., that can change how we look at risk management?

What is ISO 31000?

Feb 24, 2022 Lazarus Alliance 0 Comment

Many enterprises are looking for ways to increase their security and to protect their interests. As the world of cybersecurity, legal risk and operational challenges become more and more complex, checklist compliance regulations just aren’t going to cut it. That’s why governments and private organizations are increasingly turning to risk management as a tool for security and compliance. That’s why ISO 31000, a standardization guide for risk management frameworks, is so important.

NIST 800-30 and the Risk Assessment Framework

Sep 16, 2021 Lazarus Alliance 0 Comment

Risk assessment has been and continues to be, one of the more challenging cybersecurity practices that many organizations will put into place. Unlike simple security control implementation and maintenance, risk assessment calls for your organization to understand how adopting, or not adopting, particular controls, operations or processes can impact security.

As the federal government and the defense supply chain are turning more and more attention to the importance of cybersecurity (including President Biden’s Executive Order on the subject and the several bills in Congress addressing limitations in our security posture), businesses working in that area will be expected to implement risk-based compliance. This fact, in turn, means that you must understand critical government frameworks that speak about risk.

In this article, we are discussing NIST 800-30 and how it serves as a foundation for risk assessment in government compliance.