Any members in the Risk & Compliance space here?Information Assurance, Governance, Risk and Compliance

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Information Assurance, Governance, Risk and Compliance Any members in the Risk & Compliance space here?

This topic contains 22 replies, has 19 voices, and was last updated by  mizazga 2 years, 8 months ago.

Viewing 20 posts - 1 through 20 (of 23 total)
  • Author
    Posts
  • #52037

    inpsyder
    Participant

    Hello All!
    Just trying to reach out to other Risk & Compliance professionals learning they’re way thru cybrary.it!

    #53856

    Franck KAMGAING
    Participant

    ok

    #54262

    airgap
    Participant

    Exposure to risk and compliance as I’m a blueteam leader. Welcome to Cybrary!

    #54635

    mayanky
    Participant

    yes

    #54974

    addyk
    Participant

    such things have now been taken over by automated solutions, like GRC software etc.

    #54986

    cisatrainee1
    Participant

    Yes…..been working in the GRC field for two years now (have several years of security experience…)

    #55503

    mayanky
    Participant

    last one year

    #56381

    mknapp
    Participant

    I have a couple clients who are heavily compliance oriented. I do their GRC management and lead their Security Committees.

    Work in the financial sector, as well as PCI, ISO27001, and SSAE-16.

    #56549

    gfitzp
    Participant

    Working in Cloud Computing & GRC

    #58337

    Mightyhash
    Participant

    Dear All

    Just joined the Club and would be interested read any hints / tips/ on keeping records secure. I am particularly interested in the risks surrounding the acquisition of information relating sensitive documentation in storage devices that do not have up to date security software

    #59601

    rafaelh
    Participant

    @mightyhash Sharepoint has some Data Loss Prevention features that might be worth looking into. Any solution which stores the information centrally and doesn’t require downloading to the client machine will be a big asset containing information loss.

    #59638

    Mightyhash
    Participant

    Hi rafaelh

    Already working with sharepoint and unfortunately it doesn’t appear to have the same features that you mention. It is either that it is set-up incorrectly or we have a bad copy. Basically after two years personnel just do not appear to use it.

    Therefore we have three risks: one the data is stored elsewhere such as the hard drive of personnel and two, the information is not seen at all except for a select few, and thirdly the IT department do not …

    However I need to look into the issue further. Thanks for reminding me

    #60053

    badfilemagic
    Participant

    Doing C&A/ISSE type stuff around Common Criteria, FIPS 140, FedRAMP and UC APL. I live in an alphabet soup land of compliance…

    #60307

    Chin_Diesel
    Moderator

    @mightyhash If you have sensitive files across various file storage, I’d say a decent start is to first identify all your records, classify them according to sensitivity, and also note who would need access to them. Then, build groups in active directory (and give good descriptions to those groups), and use groups to control access to the places where those files are. Assign memberships to the groups based on the roles/need-to-know.

    For added security and auditing of privileges, have a mechanism to request membership of those groups, so that if someone wants access to a file, they must first be approved by ISOs, business owners, and get access by the sysadmins as a final sanity check.

    If you have SANs that have massive amounts of shares and don’t know what security groups you already have to control access, or where those are applied at, consider using PowerShell to script out a solution (or use an existing one from the internet) with the get-acl cmdlet.

    #61004

    Eric
    Participant

    I have about 2 years of experience with GRC. My last job was focused on PCI and building a security program. My new role is centered around FISMA/NIST while trying to build a security program at a low cost.

    #62298

    ebarlow
    Participant

    I’m just getting started in the GRC field (3 months) but I have been working Policy & Compliance for other roles for over the last 7 years. It’s nice to see everything under one roof so to speak. Currently, I’m in the lead position for a small team of contractors that supports a LARGER client. One thing I can say for sure is that having the major areas of IT Security in one part of the organization can help focus and drive compliance.

    #70320

    Aspa
    Participant

    ISO 27000 series and CISSP has risk controls… you must take a look

    #71005

    winschdi
    Participant

    Nice to see others which are in the GRC field.
    The main issue in my opinion is to have the right combination of GRC knowledge AND technical understanding.

    #74734

    boybelow
    Participant

    hi guys, I’m working at a Risk Assurance Services dept of one of the big 4.

    #79236

    BNgacTKD
    Participant

    Hi all, I am just now trying to get into the GRC field. I’ve been working as a business process improvement guy for the past 3 years, and just got out of school a few months ago with a degree in information security. I am working to get a position now within my organization as the cyber specialist in Risk and Compliance. I recently passed my CISSP exam, and working on getting my PMP. Down the road I’d like to go for the CCSP and the CISM… and maybe the CRISC too. Any advise for a noob in this field?

Viewing 20 posts - 1 through 20 (of 23 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel