The Difference Between Strategic and Operational Risk

Written by
Published 02/06/2020

Strategic risk and operational risk are both valuable to organizations and are critical in managing an organization’s overall risk management program. Organizations are finding that strategic risk management is something that can’t be done the same old way and requires new creative thinking in order to execute successfully. Operational Risk Management is important to make sure there are plans in place to remove roadblocks in order for organizations to execute against their strategic plans. Risk assessments are often performed in order to get a better idea of how well the operational risk program is performing. There are two other types of risk that organizations must also include in an overall risk management program; financial risk and compliance risk. Financial Risk…

Categorized in:

The Debut of Advanced ZenGRC Risk Management

Written by
Published 02/05/2020

Written by: Scott Nash, VP of Product   Reciprocity’s mission is to connect the people, processes, and technologies critical to our customers information security risk and compliance management. As InfoSec becomes increasingly more complex, our customers want to become more agile in their risk management strategy. It is important for them to have better visibility and be able to respond to changes quickly.   We’ve built upon ZenGRC’s core risk functionality to introduce a powerful new set of risk intelligence tools. The latest additions provide visibility on how multiple risks interact, its potential impact, probability occurrence, and remediation plans.  ZenGRC Risk Management helps organizations increase their risk intelligence and evolve towards a proactive risk management strategy.  Here’s what we’ve launched:   We’ve expanded…

Top 5 Predictions for InfoSec GRC in 2020

Written by
Published 01/08/2020

January 1 ushers in a new year, a new decade, and new challenges—as well as new dimensions and re-ordering of existing challenges.  Reciprocity’s Team of GRC Experts share likely developments, trends to watch out for, and how your organization can navigate Information Security Risk, & Compliance in 2020.  With foresight, an organization can proactively take steps to address the challenges of the future. Our expert panel explores what’s coming: 1. Risk-based, Layered Approaches Eclipse One-dimensional Efforts “Risk Management and Risk Assurance will overshadow other approaches to GRC as organizations satisfy operational needs”  – Gerard Scheitlin, Founder of RISQ Management “While the requirements on information security, privacy, and compliance will only continue to expand and tighten, organizations are realizing that it…

Business Continuity Checklist for Planning and Implementation

Written by
Published 12/31/2019

Having a comprehensive business continuity plan (BCP) in place will help ensure that your business doesn’t suffer any downtime in the event of a disaster, which may include natural disasters, such as floods, fire, weather-related events, and cyberattacks. If you’re not prepared, these disasters can have catastrophic consequences on your business, including loss of productivity, loss of revenue, as well as damage to your reputation and your relationships with your customers. A business continuity plan describes all the risks that can affect normal operations. Business continuity planning is important because it helps ensure that your employees and your assets are protected and your company can continue operating no matter what disasters you may face. However, a BCP is different than a disaster recovery plan, which centers around the recovery of your IT…

How Much Does It Cost to Become PCI Compliant?

Written by
Published 12/26/2019

How much does it cost to become compliant with the Payment Card Industry Data Security Standard (PCI DSS)? It is challenging to put a number or an actual figure of becoming PCI compliant. The reason exact dollar amounts become a problem to predict is it depends on the size of the organization, whether they are eligible for the PCI Self Assessment Questionnaire (PCI SAQ), and the way they handle and store customer information.  The good news is that an organization can look at the typical requirements around becoming PCI compliant and reverse engineer what costs might look like. PCI uses merchant levels to determine risk and ascertain the appropriate level of security for their businesses. Specifically, merchant levels determine the…

Tags: , ,
Categorized in:

Top Risk Management Issues Facing Higher Education

Written by
Published 12/24/2019

Institutions of higher education (IHEs) are besieged by risk, especially cybersecurity and information security risk. Risk management for these institutions is critical but also extremely challenging, like trying to juggle balls and lighted torches all at once. Colleges and universities are worlds in themselves, providing not only classroom learning but health care, living quarters, meals, athletics, entertainment, research opportunities, and more to students, faculty, and staff. To pull it off, higher education institutions must collect a lot of personal data such as health records, financial information, scholastic records, and insurance information. These are the details that enable colleges to meet the needs of so many people every day. But possessing all this data makes every college and state university an…

Cybersecurity Audit Checklist

Written by
Published 12/19/2019

Today’s network and data security environments are complex and diverse. There are hundreds of pieces to a security system and all of those pieces need to be looked at individually and as a whole to make sure they are not only working properly for your organization, but also safe and not posing a security threat to your company and your data or the data of your customers. Risk management and risk assessments are important parts of this process. Data loss and data breaches are detrimental to your organization and can make or break a company, especially if a breach causes other organizations to lose confidence in your ability to keep yours and their data secure. For this reason, it is absolutely critical for you to…

HIPAA and Social Media: What You Need to Know

Written by
Published 12/17/2019

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law before the rollout of major social media sites such as Facebook, Twitter, and Instagram. And as such, there are no specific HIPAA rules for social media.  However, some HIPAA laws and standards apply to the use of social media by health care organizations and their workers. Because of that, each health care organization must implement a HIPAA social media policy to decrease the risk of HIPAA violations. The HIPAA Privacy Rule forbids the use of protected health information on social media networks. Protected health information includes text, videos, and images about specific patients that can enable others to identify them. Health care providers can only use…

Tags: , ,
Categorized in:

PCI Certification vs. Compliance: What Is the Difference?

Written by
Published 12/12/2019

Organizations are often left wondering what is the difference between a certification granted by representatives of the Payment Card Industry (PCI) and that of obtaining compliance.  The Payment Card Industry Data Security Standard (PCI DSS) defines a framework for protecting cardholder data. The framework was developed by the Payment Card Industry Security Standards Council (PCI SSC) and enabled organizations to assess how well they are protecting cardholder data, training staff, and conducting PCI DSS audits. The PCI Security Standards Council enables organizations to become PCI DSS compliant. Accepting payment cards like Visa, Mastercard, American Express, Discover, and JCB are critical to a merchant’s ability to transact business. Cash and checks are becoming rarer in bricks and mortar companies and all…

Key Takeaways from the CCPA Audit Webinar with Dr. Maxine Henry

Written by
Published 12/06/2019

Dr. Maxine Henry, one of Reciprocity’s renowned GRC experts, led a webinar on the California Consumer Protection Act (CCPA). This sweeping legislation creates data privacy rights for covered consumers—which means it also imposes obligations on businesses to safeguard  personal information. Before implementation on January 1, 2020, Dr. Henry discusses how to prepare. Who Will CCPA Impact? CCPA protects California residents, recognizing all natural persons in the state as consumers.  Even companies not headquartered in California, perhaps without physical presence in California, will be subject to CCPA, because California residents are among their customers. CCPA imposes obligations on for-profit enterprises meeting any of these criteria:     Annual gross revenues over $25 million;     Handles, buys, shares, or sells personal…

Categorized in: ,