Risk or Compliance? I think you mean Risk and Compliance?

 

CyberOne is an end to GRC Saas platform for all-size companies and teams.

Like many of our clients, if you are heading into your audit season or just looking forward to building a stronger, more efficient security program based on the alarming and increasing trend in ransomware attacks and data breaches, then CyberOne can help. CyberOne engages your people, processes, and technology to build a culture of risk. From good governance to understanding your gaps and putting your risk data to work to make decisions that benefit the business, CyberOne is a single source of truth for your company to govern, protect, and build.

When we discuss compliance with our customers, we always encourage you to start the compliance journey by, first, understanding your risks. Before you take your auditor’s IRL and simply build controls against it, first, decide whether your company has risk in that area. Where there is no risk, there is likely no need for a control. By adopting this approach, you can quickly tailor the scope of your audit to what is relevant to your company only. Our clients estimate that this approach has helped reduce audit time and costs by 30%. You can read about what our clients say about us here on Capterra.

You can build your risk register and manage findings from all your different sources – compliance review, vulnerability scans, pen test, audits, assessments, more. Use our API integration with Nexpose, Nessus, Qualys, AWS, Microsoft to pull your data into CyberOne, and push out the workflow with our own automated notification process, or through Slack or Jira (Engineers love us!). Ultimately, you will see how easy it is to scale and build a security governance, risk and compliance program in CyberOne that is based on your company’s priorities, needs, and objectives. And, we have experts to support you every step of the way.

Start today with our free risk assessment. You can choose from ISO 27001, SOC 2, CMMC, or CAIQ. We will send you an assessment and help you build a roadmap to meet your security objectives.

Take our risk assessment here today for free.  

 

Make secure easy, and insecure obvious…  [Credit: A wise customer of CyberOne]

 

A security message from HRH the Queen on Independence Day

 

All freedom comes at a price. Good security helps maintain freedom by protecting your company from exposure to an increasingly threatening landscape. Help keep we pesky Brits and other “ne-er-do-wells” from invading (again) your systems and networks this coming Independence Day weekend.

 

It’s all about getting the Crown Jewels without paying a Queen’s ransom!

 
As you launch your search, here’s a quick, totally unbiased, summary of the capabilities you should require from your tool:
  1. Policy Management: Can you write, review, update and communicate policies and connect them to your internal controls and regulatory requirements?
  2. Asset Management: Can you attach controls to specific assets and monitor those assets in your tool?
  3. Control Management: Can you work with multiple regulations and consolidate your internal controls to meet multiple requirements?
  4. Evidence Collection: Can you automate evidence collection and use one piece of evidence to meet many controls?
  5. Control tests: can you validate evidence and create reports that demonstrate validation by control and assets?
  6. Issue Management: Can you create findings from findings, as well as view, prioritize and mitigate findings (corrective actions, issues) form all areas of the business (compliance review, vulnerability scans, vendor review, internal audit, etc.)
  7. Risk Management: Can you define risk metrics and objectives, and cascade risk > threat > issue > incident > controls > assets to understand for a comprehensive understanding of your risk and compliance status and environment?
  8. Data application: Can you take that data and apply it to organizational strategy?

 

CyberOne is cloud-based GRC automation. We bring governance, compliance, and risk together with purpose. If you are ready to go beyond the checkbox, reach out to CyberOne and we will tell you more.

See what HRH and our clients say about CyberOne here:

    

Completely unbiased advice for how to select the right GRC Tool

 

Do you need Compliance Certification? Does your soul begin to resemble a spreadsheet? Do you need a GRC tool? Do you think you only need a compliance tool? Do you know the difference?

It’s all about getting the Crown Jewels without paying a Queen’s ransom!

As you launch your search, here’s a quick, totally unbiased, summary of the capabilities you should require from your tool:
  1. Policy Management: Can you write, review, update and communicate policies and connect them to your internal controls and regulatory requirements?
  2. Asset Management: Can you attach controls to specific assets and monitor those assets in your tool?
  3. Control Management: Can you work with multiple regulations and consolidate your internal controls to meet multiple requirements?
  4. Evidence Collection: Can you automate evidence collection and use one piece of evidence to meet many controls?
  5. Control tests: can you validate evidence and create reports that demonstrate validation by control and assets?
  6. Issue Management: Can you create findings from findings, as well as view, prioritize and mitigate findings (corrective actions, issues) form all areas of the business (compliance review, vulnerability scans, vendor review, internal audit, etc.)
  7. Risk Management: Can you define risk metrics and objectives, and cascade risk > threat > issue > incident > controls > assets to understand for a comprehensive understanding of your risk and compliance status and environment?
  8. Data application: Can you take that data and apply it to organizational strategy?

CyberOne is cloud-based GRC automation. We bring governance, compliance, and risk together with purpose. If you are ready to go beyond the checkbox, reach out to CyberOne and we will tell you more.

See what our clients say about CyberOne here:

10 “more” security tips for working from home

Just recently, I had a conversation with a friend, who works for the U.S. Navy. She is overwhelmed with work as she teleworks from home because of the Covid-19. Her profession can easily be switched to telework, whereas other coworkers can’t, but that is no reason effective guidance cannot be provided. Here is what she had to say…

With the outbreak of Covid-19, we are dealing with an unforeseen occurrence, a black swan event. As a cyber professional, I hope organizations have a Continuity of Operations Plan (COOP) to initiate along with their Standard Operating Procedures (SOP). Many do have such plans, but for others, it is abundantly clear guidance is missing. It is not simply about “putting” the language into a document, “checking” the boxes, and copying off SANS Institute’s website. You need an AFFECTIVE plan than can be INITIATED, UNDERSTOOD and FOLLOWED by others.

My 10 Step Program

INFRASTRUCTURE IN PLACE:

Ensure internet connections work. Test your communication portals like Zoom, Skype, etc. Review security and privacy protocols, especially if you have roommates. Just because you are home, does not mean you be relaxed with security protocols. Consistency ensures efficiency. INVENTORY: Your organization should ensure you have access to the type of equipment you need to work remotely. You may need to take note what you have access to and communicate this effectively with management and make request for items you do not have. CLOUD-BASED CAPABILITIES: To ensure feasibility to the Internet, file-sharing, e-mail and unified communications via mobile applications, chat, etc., the right cloud-based tools need to be available. Check them.

INDIVIDUAL COMMITMENT:

As an employee, before reading up on any guides or joining a Team chat, make a commitment to yourself. This means planning, such as ensuring you cleared a space for yourself, not matter how small. Try to create a home office space, even at the kitchen table. This is your spot. Own it. STAY ORGANIZED: Create a personal “to-do list” each morning. Keep track of the time required (i.e. 8 hrs.). Consider creating your own timecard where you note hours spent on each ticket item. Ensure you have breaks and embrace the flexibility of working from home. But, at the end of the day, ensure you meet your objectives. WORK FLEXIBILITY: With being remote, you have flexibility with your start time and end time. Ideally, if doing 8 hours, you should commit to those hours. However, even I will scatter my time throughout the day or make it up on another day. It is all too easy to work during dinner, and before bed.

*Side note: I personally created my own classical music list off Spotify to ensure no distractions. I’m like a squirrel and can get excited about shiny objects, so my music keeps me on track and closed off to distractions.

COMMUNICATION:

Hopefully, your company has provided you with the right material to work remote. If not, no worries! Be accountable to yourself. You can ensure the chain of communication work. Some workers feel isolated, so it is important for your organization to maintain some sort of social contact with other employees. I suggest, if you have Office 365 or Zoom, to initiate a weekly Scrum Call at the beginning of the week and end. If this is not in place… be a star and create one or suggest it to management. DELEGATE: Embrace delegating. I’ve often come across employees who struggle with this. OVER-COMMUNICATE: Document everything to ensure colleagues are informed and information does not get lost through digital mail. I also create a Weekly Status Update or WSR (can download templates online) for my weekly meetings. I am amazed how organization and accountability and simple note taking can easily impress people.

PROFESSIONAL DEVELOPMENT AND ADVANCEMENT:

Take some time for you! Depending on how long you will be teleworking, being closed off can feel like you have fewer opportunities for training and professional development. With Covid-19, I personally think this is a great time for training! This challenge can easily be alleviated by communication between the supervisor and the employee, as well as effective performance monitoring on the part of the supervisor.