Security Risk Assessments

Threat Assessment and Risk Management using CIS Benchmark - DISA STIGS  and multiple platform- NIST 800-53 v4 - PCI DSS 3.2 - SOC2 2016 - HIPAA HITECH CSF - CSF Cyber Security Framework - ISO27002 - CIS CSC Top 20 - RMF - FedRamp - CJIS - UK CyberEssentials - FFIEC - GLBA - Any custom ISMS or ITGCC

Manage Cyber Risk

IT & Enterprise Assurance

EnterpriseGRC will prepare your people, process, and programs for those critical and mandated risk conversations, such as SOC 2, ISO27001 RA, FedRamp, and HIPAA attestations. We train and support your second layer defense, improving your enterprise security effectiveness - Certified resources design and prepare evidence of SOX, SOC 2, PCI, ISO27, CJIS, HIPAA, NIST CSF CyberSecurity internal compliance policies, programs, and implemented systems. EnterpriseGRC understands the security product landscape and how to leverage your security architecture to demonstrate continuous and event driven compliance.   

ERM, Cybersecurity and Incident Response

PMO Business Continuity & DR

Emergency Crisis Management Command Center, BCP Project initiation and management, Disaster Recovery (DR) Scope, Business Impact Analysis, Security - Identify and Prioritize, Assess Exposure, Establish, Document and Refine, Facility and Contract Management, Cybersecurity incident response exercises and planning

BCP Framework and Supply Chain Risk

You Need an Innovation Strategy

Innovation and Strategy - By Barbara Adey

Read More...

The Agile Organization

Agile Development + Agile Change + Agile Compliance = The Agile Organization

Read More...

Facilitating Compliance of your Regulatory DNA

Can you translate your product or industry to the most current regulatory requirements?  Can you...

Read More...

A Fistful of Data: Covering Your Ass-ets and Cybersecurity Gaps

Written by , Edtech Entrepreneur, Education Evangelist, Exercise Enthusiast The ‘Wild...

Read More...

Recommended Reading

EnterpriseGRC Solutions Reading Room (out of date - to be updated soon)

Read More...

CISSP Study Glossary

Here's the vocabulary you need to navigate any security publication.  Sitting on the train?  Do a...

Read More...

Telecom Complexity

Telecom complexity is a series of Visio diagrams developed through a collaborative process while...

Read More...

GRC Stack CSA Initiative

This is an iframe.  The CSA site uses cookies.  Please identify the important content from this...

Read More...

Data Centric Security and General Data Protection Regulation (GDPR)

While 15% of EU citizens report not trusting businesses with their information, they also lack the...

Read More...

Infographics at the NCSC

Infographics at the NCSC - NCSC Site © Crown...

Read More...

Virtual Vocab

Virtual Vocabulary - can you navigate an interview involving all these terms?

Read More...

Usability, Security, ROI, and Privacy - Why FIDO Alliance

What is FIDO? FIDO is the World’s Largest Ecosystem for Standards-Based, Interoperable...

Read More...

Process Diagrams

Did you know you can export a visio html map of your UML (Unified Model Language) diagram?

Read More...

Meet PAT and NAT - Our Firewall Friends

Firewall Planning and Design

Read More...

Cybersecurity Risk Management Program

Effective April 17th 2017, AICPA's New Cybersecurity Risk Management Examination Report

Read More...

Beware of Tax Scams and Identity Theft through Phishing

I went to buy a bed with my sister the other day and the salesman was chatting away telling us how he...

Read More...

ICT Infrastructure Overview

We Know Telecom, Enterprise, and Cloud Security Pain Fractured market expectations where converged...

Read More...

Compliance Assessment

Assessment Services - EnterpriseGRC Solutions, Implementing a Compliance Framework

Read More...

Sarbanes-Oxley Compliance - CobiT and COSO

The foundations of Control Objectives for Information Technology, or Cobit, are especially useful...

Read More...

Security Assessment

Can you pen test?  Can you do it better than a blackhat? 

Read More...
CISO Summit

CISO Summit - Security Automation on Steroids

CISO Forum 2016 at the Ritz-Carlton Half Moon Bay

Read More...

Denial of Service and Bad Poodles

Denial-of-Service Attacks Prevents systems from processing or responding to legitimate traffic Transmits data...

Read More...

Business in the Cloud

EnterpriseGRC Solutions assists clients to navigate risks and opportunities in cloud...

Read More...

GRC Strategy 4Point Real World Use Case

4Point GRC, introduced in 2004 by Phoenix Business and Systems Process, evolved in 2007 and 2008,...

Read More...

Change Management for Virtualization - Operating Model for Service Provisioning

The goals of Change Management haven't changed, just everything in the path of their achievement - View...

Read More...

Just Cuz We Work Like Bots Doesn't Mean We're Bots

I wonder if you can help us?  We're sincerely dedicated to supporting our ISACA, (ISC)2, Security and...

Read More...

ERM, Cybersecurity and Incident Response

Why Risk Management? Enterprise Risk Management has become a mandated business function involving...

Read More...

Stand Your Your Conscience

Since the 2017 travel ban and the intense turmoil over relations in and out of the United States,...

Read More...

No SOC No $ervice

AICPA Service Organization Control Reports - SOC 2 “If your company currently uses third-party vendors to...

Read More...

RunBook UML

Did you know you can export a visio html map of your UML (Unified Model Language) diagram?

Read More...

Ten Rules of Data

(These rules were first published in The Perils of Mount Must Read, December 2005 and posted and...

Read More...

Make the right decisions faster; CIS CSC Top 20

Center For Internet Security Critical Security Controls V.6.1

Read More...

Virtualization Wordsearch

 Virtualization Wordsearch - When you have a virtual vocab, you can listen to the engineering...

Read More...
Perfect Trap

Can You Set A Perfect Trap

Challenge - Can you describe a fraud event that would not have been caught by any of these six...

Read More...

RiskWatch

RiskWatch Implementation Rescue - Total Implementation in Eight Weeks or Less

Read More...

Security Concepts Quiz One

Think you got it now?  Are you ready to try a test?  Security Concepts Quiz...

Read More...

Walk This Way

If Steven Tyler did security, it would be really cool security.

Read More...

Business Continuity Program Framework and Supply Chain Risk

Often those unfamiliar with building a comprehensive Business Continuity Program will not be aware that...

Read More...

INTERNET of THINGS RESEARCH STUDY

INTERNET of THINGS RESEARCH STUDY - SECURITY AND VULNERABILITY ASSESSMENT

Read More...

Cloud Data Centers Tend To Get It Right

World Class Data Centers tend to get Virtualization and Cloud right - If you want to adapt your...

Read More...

GreenGRC Use Case

Climate Change isn't the only reason to care about GREEN Governance. View Real World GRC...

Read More...

CIS-CAT Pro

To effectively use this critical security content, you need to do two things; become a CIS member, (it...

Read More...

Networking & Security

Networking and Security concepts are critical to assessing security policy in networked and cloud...

Read More...

Procedure Guidelines and Controls Documentation

Procedure Guidelines and Controls Documentation December 11, 2005 © Robin Basham, M.Ed., M.IT,...

Read More...
Virtualization Risk

Virtualization Risks

Cloud Computing is easily the highest rated topic in current technology design, implementation,...

Read More...

Office 365 Audited Controls for NIST 800-53A (Rev. 4)

This is -- Scott Schnoll, Senior Program Manager, Office 365 Customer Experience If this is the...

Read More...

ICT Infrastructure Overview

We Know Telecom, Enterprise, and Cloud Security Pain Fractured market expectations where converged...

Read More...

Center For Internet Security Critical Security Controls

Center For Internet Security Critical Security Controls V.6.1

Read More...

What Is My Regulatory DNA?

Can you translate your product or industry to the most current regulatory requirements?  Can you...

Read More...

Urkel You're In the Cloud! or "Did I do that?"

Whether you understand Cloud frameworks, operating models, taxonomies and deployment options, or...

Read More...

Does Audit Make Us Secure?

Does Audit Make us Secure?  Presented at ISACA SV Spring Conference, May 15th, 2015 Robin Basham,...

Read More...

Governance Risk Compliance Answers to a Tripled Bottom Line

Factors impacting Governance Risk and Compliance have easily tripled since the term first hit our...

Read More...

New York Department of Financial Services (“DFS”) Cybersecurity Regulation

New York State Department of Financial Services (DFS)  first-in-the-nation cybersecurity regulation to...

Read More...

Data in the Cloud

How old is your facebook picture? (No, don't tell me, I don't care.)  How much of our privacy...

Read More...

RunBook Service Catalog

RunBooks Service Catalogue Management

Read More...

Networking & Security Monitoring Concepts

Networking and Security concepts are critical to assessing security policy in networked and cloud...

Read More...
White Hat With No Permission

Security Programs Overview

Can you pen test?  Can you do it better than a blackhat? View this presentation full...

Read More...

Data Loss Protection

How many unauthorized data exfiltration attempts have been detected recently by the organization's Data Loss...

Read More...
CISO Summit

How Industry Security Requirements Drive Cyberthreat Resilience

We’ve been having a continuous compliance conversation, but did you know that compliance is a...

Read More...

ERM and Incident Response

Why Risk Management? Enterprise Risk Management has become a mandated business function involving...

Read More...