n September 2024 the International Organization for Standardizations (ISO) published the results of its 33rd annual certification results. This includes results for ISO 9001, its quality management system certification. ISO 9001 is the largest and flagship of ISO’s certifications. Two other certifications with the highest number of certifications are ISO14001 Environmental and ISO 45001 Occupational Health. Continue reading
Category Archives: Government@Risk – Jim Kline
#449 – NSW Cyber Security Audit – James Kline Ph.D.
Featured
This is the first of two articles dealing with Cyber-Security and government. This article discusses the results of the New South Wales (NSW) Auditor-Generals Report on Cyber-Security in Local Government. The second will deal with the U.S. National Institute of Standards and Technology’s (NIST) Cyber-security Framework 2.0. Continue reading
#448 – NIST CYBER SECURITY FRAMEWORK 2.0 – JAMES KLINE PH.D.
Featured
On February 26, 2024, the National Institute of Standards and Technology (NIST) issued several Cyber-Security Frameworks. These included: a.) Cyber-security Framework 2.0 Small Business Quick-Start Guide, b.) Cyber-security Framework (CFS) 2.0 Resources Overview Guide, c.) Cyber-security Framework 2.0 Quick Start Guide, and Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide. Another manual Enterprise Risk Management and Governance Oversight was issued on March 6, 2024. (1) These guides and manuals indicate the NIST is attempting to provide a wide range of information on cyber-security for different sectors of the economy, which have different levels of risk management sophistication. Continue reading
#444 – WHAT YOU NEED TO KNOW ABOUT INFORMATION AND TECHNOLOGY RISKS – JAMES KLINE PH.D.
Featured
In November 2023, the National Institute of Standards and Technology (NIST) issued NIST Special Publication NIST SP 800-221 (SP). The publication is entitled “Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio. (1) This SP provides a guide for integrating ICT Risk Management with the larger Enterprise Risk Management (ERM) framework. Continue reading
#443 – ERM REQUIREMENTS IN FEDERAL PROGRAMS – JAMES KLINE PH.D.
Featured
In November 2023, the National Institute of Standards and Technology (NIST) issued NIST Special Publication NIST SP 800-221 (SP). The publication is entitled “Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio. (1) This SP provides a guide for integrating ICT Risk Management with the larger Enterprise Risk Management (ERM) framework. Continue reading