Aug 20, 2014 | Audit, Information Security, Risk Management
You’ve identified your risk. You’ve taken a big picture view of risk in context of the enterprise. You’ve calculated the residual risk and communicated your findings to management. What’s next? Monitor your risks! Some risk you monitor for...
Aug 20, 2014 | Audit, Information Security, Risk Management
Integrated Risk Management Part 5: Aggregating risk data and reporting to Executive Management By this point you should see your risk program coming together. Last week we talked about risk response and key risk indicators. Risk response from the owner is important...
Aug 20, 2014 | Audit, Information Security, Risk Management
Risk Response is the activity following the Risk Assessment when a Risk has been identified. The response to the risk identified is usually completed by the management (or risk owner) of the business unit for which the risk was identified. The response should...
Aug 20, 2014 | Audit, Compliance, Information Security, Payment Card Industry, Risk Management
The much anticipated PCI-DSS 3.0 is out, and the new Self Assessment Questionnaires (SAQ’s) have been released. We’ve had a lot of questions over the last month about what new changes actually mean to Merchants. One notable introduction is the SAQ-A EP for...