Category: Enterprise Risk Mitigation (ERM)

Risk Assessment Checklist NIST 800-171

Written by
Published 05/10/2020

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53.  NIST SP 800-53 provides a catalog of cybersecurity and privacy controls for all U.S. federal information systems except those related to national security.  The IT security controls in the “NIST SP 800-171 Rev. 2 – Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” are mandatory when nonfederal entities share, collect, process, store, or transmit controlled unclassified information (CUI) on behalf of federal agencies. CUI is defined as any information that requires safeguarding or dissemination controls pursuant to federal law, regulation, or governmentwide policy.   This NIST SP 800-171 checklist will help you comply with NIST standards…

The Debut of Advanced ZenGRC Risk Management

Written by
Published 02/05/2020

Written by: Scott Nash, VP of Product   Reciprocity’s mission is to connect the people, processes, and technologies critical to our customers information security risk and compliance management. As InfoSec becomes increasingly more complex, our customers want to become more agile in their risk management strategy. It is important for them to have better visibility and be able to respond to changes quickly.   We’ve built upon ZenGRC’s core risk functionality to introduce a powerful new set of risk intelligence tools. The latest additions provide visibility on how multiple risks interact, its potential impact, probability occurrence, and remediation plans.  ZenGRC Risk Management helps organizations increase their risk intelligence and evolve towards a proactive risk management strategy.  Here’s what we’ve launched:   We’ve expanded…

Top Risk Management Issues Facing Higher Education

Written by
Published 12/24/2019

Institutions of higher education (IHEs) are besieged by risk, especially cybersecurity and information security risk. Risk management for these institutions is critical but also extremely challenging, like trying to juggle balls and lighted torches all at once. Colleges and universities are worlds in themselves, providing not only classroom learning but health care, living quarters, meals, athletics, entertainment, research opportunities, and more to students, faculty, and staff. To pull it off, higher education institutions must collect a lot of personal data such as health records, financial information, scholastic records, and insurance information. These are the details that enable colleges to meet the needs of so many people every day. But possessing all this data makes every college and state university an…

Applying Big Data to Risk Management

Written by
Published 06/13/2019

The era of Big Data is here. Information now exceeds fantastic proportions, globally measured in zettabytes (each zettabyte is a billion terabytes) and growing at an exponential rate that defies comprehension. According to the IDC, global data is expected to grow from 23 Zettabytes (ZB) in 2017 to 175 ZB by 2025. And depending on your industry and specific organization, you likely have plentiful external and internal data sources readily available for mining, applying predictive analytics and creating viable projections. Leveraging data allows companies the ability to improve income streams, more effectively direct operations and enhance the customer experience. Overall your organizational health improves dramatically when data is accurately assessed. But big data also is a powerful – and vital–tool…