Preview Mode Links will not work in preview mode

CyberSecurity Sense is LBMC's monthly podcast that will provide insights and updates on such information security topics as: Penetration Testing, Ransomware events, Digital Forensic Analysis, Electronic Discovery and Litigation Support, Risk Assessments, Security Program Planning, Web Application Security, HIPAA Compliance, HITRUST Certifications, NIST 800-171 Certifications, PCI Data Security Standards, SOC Reporting and SOX Compliance.

Mar 19, 2018

No matter the industry—government, healthcare, financial, or even smaller, mom-and-pop businesses—each deal with some type of sensitive customer information, and each has decisions to make when it comes to managing risk. Most security and audit frameworks (HIPAA, ISO, PCI, NIST, SOC 2, etc.) have requirements for risk assessment, making them one of the first things auditors or regulators ask for. Many companies are still using spreadsheets when it comes to performing risk assessments, which can be ineffective and insecure. Such a lack of functionality can keep a company from moving beyond assessment and into true risk management.

In this podcast from the Institute of Internal Audit meeting in Knoxville, LBMC Information Security’s Bill Dean and Mark Fulford discuss the importance of risk management, including the effectiveness of risk assessments and how BALLAST can help organizations automate the risk assessment process.

Listen, and discover these key takeaways:

  • Understanding what’s important to your organization when it comes to managing risks
  • Reasons to consider more targeted risk assessments
  • Why you shouldn’t just do gap assessments
  • How to automate the risk assessment process
  • Why not to stop at the assessment phase