Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management
 
Tag Archives | risk

Information Security Ratings for Organizations

An information security rating is an objective, data-driven, quantifiable measurement of an organization’s overall information security performance. It is often referred as cybersecurity rating. This post summarizes information security rating agencies that can assess organizations. List of Information Security Ratings for Organizations List: Black Kite BitSight CYRATING iTrust Panorays RiskRecon SecurityScorecard LEET Security Black Kite https://blackkite.com/technical-grade/ USA […]

Comments { 0 }

How to perform an IT Risk Assessment

This post tries to make an overview about how to perform a risk assessment of information technology (IT) assets. Steps to perform an IT risk assessment The summary of steps to be done are: Define scope Select a risk assessment methodology Identify asset types Identify threats Identify vulnerabilities List controls Assign controls to threats Identify […]

Comments { 0 }

IT Security Certifications

General IT Security Probably the most valued of this list are CISSP and CISM. SSCP Issued by (ISC)2. In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “SSCP” as “for new graduates”. CISSP Certified Information Systems Security Professional Issued by (ISC)² Requires 5 years of experience. Official link In the PECB ISO/IEC 27001 […]

Comments { 0 }

List of IT Risk Analysis Methodologies

This post summarizes some relevant IT risk analysis methodologies.   IT risk analysis methodologies List of IT risk analysis methodologies: NIST 800-30 ISO 27005 Magerit Mehari OCTAVE Microsoft’s Security Management Guide NIST 800-30 NIST Special Publication 800-30, abbreviated as NIST SP 800-30 or NIST 800-30, whose title is “Guide for Conducting Risk Assessment”, is issued […]

Comments { 0 }

Magerit IT Risk Analysis Methodology

Magerit, sometimes written as MAGERIT, is a methodology to manage information technology (IT) risk that it is issued and managed by institutions related to the Goverment of Spain. Because of this, this IT risk analysis methodology is recommended to be used on public institutions of Spain and organizations working for these public institutions.   Magerit […]

Comments { 0 }

Differences between Risk Analysis and Business Impact Analysis

Risk Management is a process aimed at achieving an optimal balance between realizing opportunities for gain an minimizing vulnerabilities and loss. Business Impact Analysis (BIA) is performed to determine the impact of losing the availability of any resources to an organization. Performing a BIA is part of Risk Management. Risk Assessment is part of Risk […]

Comments { 0 }
Política de privacidad
Studii Salmantini. Campus de excelencia internacional