Enterprise Risk Management

Risk Management (VRM) allows organizations to proactively manage

IT security risks by combining asset business context, actionable threat intelligence,

vulnerability assessment results, and comprehensive workflows

– More secure organization with proactive

management of IT security risks

– Accurate identification and prioritization of

vulnerability issues

– Link audit procedures and results to enterprise risks and controls.

– Assign, measure, and report on vulnerability program KPIs

 

Blockchain and whistle blowers

A whistleblower is a person who comes forward and shares his/her knowledge on any wrongdoing which he/she thinks is happening in the whole organisation or in a specific department. A whistleblower could be an employee, contractor, or a supplier who becomes aware of any illegal activities.

To protect whistleblowers from losing their job or getting mistreated there are specific laws. Most companies have a separate policy which clearly states how to report such an incident.

A whistleblower can file a lawsuit or register a complaint with higher authorities who will trigger a criminal investigation against the company or any individual department.

There are two types of whistleblowers: internal and external. Internal whistleblowers are those who report the misconduct, fraud, or indiscipline to senior officers of the organisation such as Head Human Resource or CEO.

External whistleblowing is a term used when whistleblowers report the wrongdoings to people outside the organisation such as the media, higher government officials, or police.

The Whistleblower Protection Act, 2011 in chapter V “PROTECTION TO THE PERSONS MAKING DISCLOSURE “ gives in detail the policy and laws against Safeguards against victimisation, Protection of witnesses and other persons, Protection of identity of complainant.

But what if we can provide a platform where the whistleblower does not require any kind of protection as the identity remains unknown to all only the whistleblower himself. Blockchain provides just the thing.

Here’s how block chain works:

  1. Makes permanent copies of every transaction.
  2. Gives a copy to everyone in the system every time.
  3. Uses cryptography to guard against fraud.

 

The identity of any whistleblower no matter how big or small the fraud is needs to be protected and blockchain helps in keeping all the information secure and extremely difficult to acquire by any means. Blockchain whistle blower will help protect lives of every whistleblower and provide all the information of any fraudulent activity to the right authority.

Why asset important for information Security Management

There is a lot to know about asset management because it has become more of a necessity for businesses across all verticals.

Let's first understand - what is an asset ??

Anything that has value to the organization is known as asset.

Now the question arise who should be the asset owner?

Asset owner can normally be a person who operates the asset and make sure that information related to this asset is protected.

 

why are assets important for information security management??

There are 2 reasons responsible for this :-

  1. Risk assessment
  2. Responsibility assignment

In risk assessment, we identify risk, threat and vulnerabilities whereas, in responsibility assignment we define asset owners.

Therefore, asset management is a set of business process design to manage lifecycle of assets.

If we talk about the benefits then

  1. It lowers IT costs,
  2. Reduces IT risk and
  3. Improves productivity

Asset management clauses are

8.1  (Responsibility for assets)

8.2 (Information classification)

8.3 (Media handling)

The purpose of the IT Asset Management Policy is to maintain accurate records of the organization physical
computer assets. This document establishes procedures to ensure that organization comply with government
regulations, legal industry standards and to ensure accurate reporting of physical assets.

Since ISO 27001 focuses on the preservation of confidentiality, integrity and availability of information, this means that assets can be:

Hardware – e.g. laptops, servers, printers, but also mobile phones or USB memory sticks.
Software – not only the purchased software but also freeware.
Information – not only in electronic media (databases, files in PDF, Word, Excel, and other formats) but also in paper and other forms.
Infrastructure – e.g. offices, electricity, air conditioning – because those assets can cause lack of availability of information.

An asset management policy guides how we purchase and maintain e-equipment and other assets. This ensures that purchases are made wisely, making the best use of our available resources and that we protect these investments by ensuring and maintaining them in good working order.