News & Thoughts from the Axenic Team
With the fast-paced business style, organisations nowadays heavily rely on third parties such as vendors, suppliers, logistics partners, cloud services providers, etc. These partnerships can offer great benefits but also could expose your organisation to risks. That’s where third-party risk management (TPRM) comes into play. TPRM provides a structured approach to evaluating and mitigating these potential risks.
Ready to take control and protect your business? Let’s dive into the world of TPRM!
Integrating insights from threat modelling into your risk assessments enhances your security by helping you get a better view of your risks. While threat modelling is highly effective for helping to secure software systems, it is not as commonly used in broader risk assessments due to its specialised nature and focus on technical threats within software development.
Bear with me for a bit. When my son started intermediate school he wanted to scoot there. He had a flash scooter, so we got him a padlock and insisted he use it. Over the next few weeks we checked that this was happening. 6 months later we discovered that his padlock had seized up and he couldn’t use it. I reached for that old NZ standby – CRC – and got it working again.
Recently I’d been helping a customer negotiate their cyber security insurance – which turned out to be trickier than I expected. This got me thinking about the role that insurance played in cyber security. Then – coincidentally – I was reading a book on security (Paul Martin’s great “The Rules of Security”) and came across this sentence: “Insurance is sometimes described as a means of transferring risk, but it is really more of a mechanism for softening the financial impact of a loss.” (p 73). It got me wondering – at Axenic have we been thinking about insurance all wrong?
Hot off the “virtual” press is our March newsletter. This month we discuss cyber news such as Accellion vulnerability and consider a use for blockchain and of course the associated risk that comes with this. We also highlight some useful resources such as the OPC’s Principle 12 tools and our very own flexible virtual roles to help you add some extra security muscle to your organisation. Click here to get the full picture.
Information security is all about context!
In my previous two articles in this series focused on developing an Information Security Management System (ISMS) based on ISO 27001:2013, I presented the common myths associated with the standard. In this article, I am going to provide an overview of the standard and section 4 Context of the organisation.