Janelle Drolet is vice president of operations and sales for Towerwall, a cybersecurity consulting firm in Framingham.
Updated: June 24, 2024
Advice
10 Things I know about ... Compliance risk
By Janelle Drolet
10) No place to hide: The regulations, laws, and frameworks an organization needs to comply with will depend on its industry, location, and the type of data it processes. IBM cites the average cost of a data breach at $4.45 million.
9. Definition: A compliance risk assessment is a full review of all the requirements, control frameworks, and regulations for an industry from a cybersecurity standpoint.
8. A scheduled process: Companies should strive to make compliance risk assessments a regular process, to identify unforeseen gaps.
7. Regulatory risk: Broader than a compliance risk assessment, a regulatory and compliance risk plan includes building remediation plans and monitoring and mitigating risks.
6. Know your gaps: Evaluate your security controls and processes. Take time to discover any potential gaps. Come to an agreement on your company’s risk tolerance. Because no two cybersecurity risks are equal, it’s important to evaluate its likelihood, its potential impact, what programs are in place and tools are being used to monitor, mitigate, or block it.
5. Have a remediation plan: Organizations need to have a playbook ready to mitigate any potential data compromise. Define remediation steps, assign roles and responsibilities, lay out timelines, costs, and resource needs. Test, test, and re-test.
4. Remediation strategies: Consider building a cybersecurity strategy for your organization including the 4 P’s: people, process, partners, and products. Train employees in security awareness. Offer phishing simulation exercises.
3. Review and iterate: Test your plan to measure its effectiveness. Update the plan based on the risk assessment, remediation, and any changes in regulations, business operations, or risk tolerance.
2. Seek expertise: To avoid mismanagement, document your security program and processes thoroughly. Remain objective, which is difficult when it’s your own company. Many companies opt to involve security experts and automation tools.
1. Foster a compliance culture: Investing in employee training, creating clear policies, and promoting good compliance behavior among employees will help improve overall security.
WBJ Web Partners
Most Recent
Most Recent
0 Comments