All NIST articles – Page 2
-
Blog
NIST seeks comment on cyber-security framework update
A leading framework for addressing cyber-security is getting an update, and the National Institutes of Standards and Technology is looking for input. Tammy Whitehouse reports.
-
BlogCAQ: Audit’s role in cyber-security exams
Public company auditors are suggesting that companies voluntarily submit to an independent cyber-security examination separate from the existing financial statement audit. Tammy Whitehouse explores a new process for examining and reporting on a company’s cyber-security risk management.
-
Article
How to Simplify Cyber-Security Controls Amid Abundant Laws
By now every compliance officer has already heard the warning that it’s a matter of when you suffer a cyber-security breach, not if. Then comes compliance with breach disclosure rules—and those demands are becoming as perplexing as the cyber-threat itself. Overwhelmed, compliance officers are seeking ways to navigate these demands ...
-
Article
Eliminating Cyber-Threats From the IT Supply Chain
Image: The longer a global supply chain grows, the less assurance corporations have in the integrity and security of their products and operations. Now NIST is trying to pierce that fog with new guidance, and compliance officers in the private sector might want to take notice. “Cyber-supply chain risk management ...
-
Article
Smarter Assessments of Cyber-Risk
Image: Every compliance and audit executive wants to manage cyber-security risks. That assumes, however, that the whole organization agrees on what a cyber-security risk is. Taxonomies do exist to build a more disciplined approach to cyber-security. Try to take all steps to manage all such risks, and “it’s going to ...
-
Article
COSO Tacks Toward Cyber-Security
As cyber-security works its way onto the corporate board agenda, COSO is suggesting ways that its frameworks for internal control and risk management can be a starting point for companies to anticipate fast-emerging risks. “Just as the board is responsible for enterprise risk management, this is very similar,” says Mike ...
-
Blog
Another Step Forward in Tackling Cyber-Security Risk
Image: Dec. 31—COSO’s Internal Control — Integrated Framework talks a good game about being useful beyond financial reporting risks, but Compliance Week Editor Matt Kelly has always wondered how that works in practice. Then came a nifty piece of guidance: a taxonomy of operational risks in cyber-security, published by the ...
-
Blog
Bank CEOs, Boards Get Another Batch of Cyber-Security Help
Bank CEOs and boards have a fresh batch of cyber-security guidance to evaluate. On Wednesday, The Conference of State Bank Supervisors released “Cybersecurity 101: A Resource Guide for Bank Executives,” a document that collects industry-recognized standards and best practices that are currently used within the financial services industry.
- Previous Page
- Page1
- Page2
- Next Page