Cybersecurity, risk and compliance news and thought leadership

What is ISO 31000? ISO 31000 is a set of guidance developed by the International Organization for Standardization (ISO) that provides for the management of risk in projects. The..

What is ISO 31001? ISO/IEC 31001 is a standard that provides guidance on how to establish, implement, maintain, and improve risk management in an organization. It is based on the..

What is NIST CSF? The NIST CSF (cybersecurity framework) is a set of guidelines for organizing and improving the cybersecurity program of an organization. It was created with the..

What is ISO/IEC 27017:2015 ISO/IEC 27017:2015 provides organizations with the internationally accepted code of practice for infromation security controls based on ISO/IEC 27002..

A third-party risk management framework is a set of policies, procedures, and tools that an organization uses to identify, assess, and manage the risks associated with its..

What is third party risk assessment? Third party risk assessment is a process that organizations use to identify and evaluate the potential risks associated with working with..

Understanding the distinctions between threat, vulnerability, and risk is crucial in the realm of cybersecurity.

What is the NIST framework for cybersecurity? The NIST Cybersecurity Framework (CSF) is a set of guidelines and recommendations developed by the National Institute of Standards..

What is vulnerability lifecycle management?

The latest version, ISO 27001 2022 was released on October 25. It replaces the 2013 version of ISO 27001. Let’s find out what the key changes are and how the latest revision to..

While NIST CSF and NIST Special Publication 800-53 have some overlap, they serve different purposes and are not subsets of one another. However, these frameworks can be used..

What is a risk register? A risk register is a tool used to identify, assess, and prioritize risks in an organization. It typically includes a detailed description of each..