Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

CyTRAP Labs checklist – risk exposure – data protection and data security

December 9th, 2007 · No Comments ·

Related stories

risk assessment and risk management – Scandinavian Airlines fails to use the six-step process

SMEs and security metrics – where should one start?

Today, legal and regulatory compliance issues are a major focus for businesses. The threat of being found personally liable by the government, or industry governing bodies, is a major worry for many executives.

hence, risk exposure that is based on a thorough risk assessment and risk management matters to management as well as the board of directors
Below is a list of five questions that management must have an answer to:

risk exposure – 7 questions that management must have an answer to(Please click on the link, choose the option Login as guest – click on this link again and voila free access)
1 what is your current level of risk exposure (define, explain)?
2 using risk assessment, is your current level of risk exposure increasing, stable or declining?
3 what are your 7 top security risks?
4 how susceptible or vulnerable are you to the next cyber threat or worm outbreak?
5 are you in compliance (compliance barometer) with your documented security policies (i.e. violations are being recorded and followed up on – internal controls)?
6 how effective are your security initiatives and recent investments in terms of reducing risk?
7 are you systematically monitoring legislative changes and developments (e.g., EU directives) to assure legal compliance (Urs+Nahum’s Security Checklist) while documenting changes made to assure compliance?

There are four dimensions of risk exposure (Please click on the link, Login as guest – click on this link again and voila free access).

These four factors can all affect affect risk management. Hence it is necessary to determine carefully and systematically which particular risk factors could make things worse and expose the firm to risks that may affect trust and its image negatively.

The above checklist is a start and should get you going to arrive at answers and strategies to address some risks that you cannot live with before disaster strikes.



CyTRAP Labs invites you to get info about our zero-day exploits, tools, benchmarking and regulatory intell or just become one of our readers by subscribing right now


Also related:

Regulation that matters: What is the difference between a standard, policy, guideline and a procedure?

CyTRAP Labs checklist – 7 lessons learned from the disastrous UK data loss – electronic patient records
# 1 – Greek mobile phone scandal – what does it tell us?

Standards that matter – COSO and COBIT


→ No CommentsTags: declining · documented · exposure · initiatives · investments · outbreak · susceptible · worm