Filter By:

Recent Blogs & Podcasts

Insights

\ GRC 



November 13, 2017 | Enterprise and IT Compliance Management

 HIPAA Risk Assessment Template

The Health Insurance Portability and Accountability Act (HIPAA) Risk Assessment Template is designed to help organizations remain compliant with HIPAA. It describes a thorough risk analysis process organizations can take and identifies which supporting documents should be included as appendices.

Read More »


October 30, 2017 | Risk Management
By Josh More, IANS Faculty

 Create a Simple Risk Taxonomy for the Enterprise

When discussing risks and prioritizing controls, it's important that security and the business use a common language to collaboratively communicate recommendations to upper management. In this Ask-an-Expert written response, IANS Faculty Josh More details how the CIS Critical Controls can provide a simple risk taxonomy that helps keep everyone on the same page.

Read More »


October 24, 2017 | Enterprise and IT Compliance Management
By Andrew Carroll, IANS Faculty

 Meet PCI Standards for Penetration Testing

PCI DSS requires Level 1 merchants to perform an annual penetration test and mitigate any vulnerabilities found, but what does the whole process entail? In this Ask-an-Expert written response, IANS Faculty Andrew Carroll explains exactly what PCI DSS requires and offers tips for ensuring compliance.

Read More »


October 24, 2017 | Risk Management

 IANS Risk Register Tool

Building a Risk Register is a critical undertaking for organizations of all sizes, and there are a number of factors that contribute to its accuracy and success. This tool offers a step-by-step guide for identifying risk and harm, calculating exposure and adopting appropriate security controls. 

Read More »


October 23, 2017 | Risk Management
By Josh More, IANS Faculty

 Suit Your Risk Framework to Your Risk Types

When it comes to managing risk, no one risk framework can truly rule them all. In this Ask-an-Expert written response, IANS Faculty Josh More explains that organizations face different types of risks (strategic, tactical and operational) and details some ways to address them all without force-fitting a framework, bogging down processes or oversimplifying the analysis.

Read More »


October 16, 2017 | Risk Management

 Employee Termination Checklist

Former employees at many organizations still have access to corporate applications after they leave their jobs. Even the most basic security missteps can leave an organization vulnerable to unauthorized access or breaches long after an employee leaves a job. This checklist offers information security best practices and actions to take when an employee leaves an organization.

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) Assessment Tool

One way to assess organizational maturity around information security is to use the CIS Critical Security Controls (CSC). Use this tool to perform an initial assessment of your maturity level and track your progress on what percentage of CSC your organization is currently following. 

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) 20 Master Mapping Tool

Understanding and managing different security frameworks can be a daunting task. This tool offers a detailed matrix for mapping the CSC 20 to a number of different frameworks, including the NIST CSF, ISO 27002, NSA MNT and many more. 

Read More »


September 25, 2017 | IT Service Management
By George Gerchow, IANS Faculty

 Top 5 GRC Solutions to Consider

The market for governance, risk management and compliance (GRC) solutions continues to evolve, but certain vendors consistently work their way to the top of most organizations' short lists. In this Ask-an-Expert written response, IANS Faculty George Gerchow offers his take on five top vendors: LockPath, MetricStream, ZenGRC, RSA Archer and ServiceNow.

Read More »