Skip to content

Category: Planning, Management, and Controls

Published on Leave a comment on Term of the Week: Business Impact Assessment (BIA)

What is it?

A systematic process by which an organization gathers information about its essential business functions and processes and evaluates the potential impact to the organization if those functions and processes were interrupted or otherwise adversely affected. Also referred to as a business impact analysis.

Why is it important?

This term is important because it helps organizations prioritize the allocation of time and resources to prevent, manage, and recover from incidents that affect critical business operations and assets. A business impact assessment also provides information to help create an incident response plan and a business continuity plan.

...continue reading "Term of the Week: Business Impact Assessment (BIA)"

Published on Leave a comment on Term of the Week: Vulnerability Assessment

What is it?

A process for defining, identifying, classifying, and prioritizing potential weaknesses in an organization’s computer, network, and communications infrastructure, also known as vulnerability analysis or security assessment.

Why is it important?

When conducted correctly, results from a vulnerability assessment can be used to define or update an organization’s internal and external network as well as its information security policies.

...continue reading "Term of the Week: Vulnerability Assessment"

Published on Leave a comment on Term of the Week: Application Risk Governance

What is it?

Controls to ensure that software applications are developed and operated in accordance with an organization’s requirements and risk tolerance levels(NIST 2017).

Why is it important?

Application risk governance provides a framework to ensure an appropriate balance between security and operations.
...continue reading "Term of the Week: Application Risk Governance"

Published on Leave a comment on Term of the Week: Governance, Risk Management, Compliance (GRC)

What is it?

A combination of three approaches that organizations use to demonstrate compliance with international standards, global rules, laws, and state regulations. Referred to as IT GRC when a company uses information technology (IT) to apply GRC.

Why is it important?

Governance, risk management, compliance (GRC) is often implemented by companies that are growing globally to maintain consistent policies, processes, and procedures across all parts of the organization. It is important for business professionals to understand and follow the internal information security rules, company risk factors, and industry requirements that drive the implementation of GRC in order to ensure that the company as a whole remains compliant.
...continue reading "Term of the Week: Governance, Risk Management, Compliance (GRC)"