All Episodes
Displaying 21 - 40 of 113 in total
GV.RR-02 - Clarifying Cybersecurity Roles and Responsibilities
GV.RR-02 focuses on defining and disseminating clear roles, responsibilities, and authorities for cybersecurity risk management across the organization. This clarity e...
GV.RR-03 - Allocating Resources for Cybersecurity Success
GV.RR-03 ensures that sufficient resources—people, processes, and technology—are allocated to support the organization’s cybersecurity risk strategy and assigned roles...
GV.RR-04 - Embedding Cybersecurity in HR Practices
GV.RR-04 integrates cybersecurity considerations into human resources processes, such as hiring, onboarding, training, and offboarding, to enhance organizational secur...
GV.PO-01 - Establishing a Cybersecurity Risk Management Policy
GV.PO-01 involves creating a formal cybersecurity risk management policy that reflects the organization’s unique context, strategy, and priorities. This policy outline...
GV.PO-02 - Keeping Cybersecurity Policies Current
GV.PO-02 ensures that the cybersecurity risk management policy remains dynamic, undergoing regular reviews to adapt to evolving threats, technologies, legal requiremen...
GV.OV-01 - Reviewing Cybersecurity Strategy Outcomes
GV.OV-01 focuses on evaluating the outcomes of the cybersecurity risk management strategy to refine its direction and effectiveness. This involves measuring how well t...
GV.OV-02 - Adjusting Strategies for Comprehensive Risk Coverage
GV.OV-02 involves periodic reviews of the cybersecurity risk management strategy to confirm it addresses all organizational requirements and emerging risks. This inclu...
GV.OV-03 - Evaluating Cybersecurity Performance
GV.OV-03 emphasizes measuring and reviewing the organization’s cybersecurity risk management performance using indicators like KPIs and KRIs. This evaluation identifie...
GV.SC-01 - Building a Supply Chain Risk Management Program
GV.SC-01 focuses on creating a structured cybersecurity supply chain risk management program that includes a clear strategy, objectives, policies, and processes, all e...
GV.SC-02 - Defining Cybersecurity Roles in the Supply Chain
GV.SC-02 emphasizes defining and sharing cybersecurity roles and responsibilities for all parties in the supply chain—suppliers, customers, and partners—as well as wit...
GV.SC-03 - Integrating Supply Chain Risks into Broader Frameworks
GV.SC-03 integrates supply chain risk management into the organization’s broader cybersecurity and enterprise risk management (ERM) frameworks, ensuring a unified appr...
GV.SC-04 - Prioritizing Suppliers by Criticality
GV.SC-04 requires organizations to identify all suppliers and rank them based on their criticality to operations, considering factors like data sensitivity or system a...
GV.SC-05 - Setting Cybersecurity Requirements for Suppliers
GV.SC-05 establishes and prioritizes cybersecurity requirements for suppliers, embedding them into contracts and agreements to enforce consistent security standards. T...
GV.SC-06 - Conducting Due Diligence Before Supplier Partnerships
GV.SC-06 mandates thorough planning and due diligence before engaging suppliers or third parties, assessing their cybersecurity capabilities and risks. This proactive ...
GV.SC-07 - Managing Supplier Risks Throughout Relationships
GV.SC-07 ensures ongoing understanding and management of risks from suppliers and third parties throughout their relationship with the organization. This involves docu...
GV.SC-08 - Including Suppliers in Incident Response Planning
GV.SC-08 integrates key suppliers and third parties into the organization’s incident planning, response, and recovery efforts, ensuring coordinated action during cyber...
GV.SC-09 - Monitoring Supply Chain Security Practices
GV.SC-09 embeds supply chain security practices into cybersecurity and enterprise risk management, ensuring consistent oversight from acquisition to disposal of produc...
GV.SC-10 - Planning for Post-Partnership Security
GV.SC-10 ensures that supply chain risk management plans address post-relationship activities, such as terminating supplier access or managing data disposal. This invo...
ID.AM-01 - Tracking Organizational Hardware Assets
ID.AM-01 requires organizations to maintain comprehensive inventories of all hardware assets under their control, including IT, IoT, OT, and mobile devices. This ongoi...
ID.AM-02 - Managing Software and Service Inventories
ID.AM-02 focuses on maintaining detailed inventories of software, services, and systems, covering everything from commercial applications to cloud-based offerings and ...