Blog

Reports on Risk, Culture and Performance — RockCyber

- by Your Trusted Cybersecurity Partners - Leave a Comment

[ad_1]

This time I will cover the 3rd and the last point on the principle of the COSO management of Information, communication and reporting which is Risk, Culture and Efficiency ReportsS

As a reminder, the guiding principle of information, communication and Coso reporting has three points:

  1. Uses information and technology

  2. Communicates risk information

  3. Risk, Culture and Efficiency Reports

Organizations must keep up with the regulatory reading requirements related to cybersecurity. High -profile violations, legislators call for more terrible provisions for the protection of consumer data and critical infrastructure and minimize the impact of such incidents.

In the United States of 2021, the Congress failed to accept meaningful, overall cybersecurity legislation, so organizations must fight overlapping overlapping laws and standards of both the industry and the state level.

With all these different laws, regulations and standards that fly around, it is almost impossible for the organization to follow them all. Unfortunately, I soon do not provide for consolidation of these laws and regulations, so be sure to cozy with your legal teams to stay with all this!

Organizations must implement a process for appropriate and timely reporting of the relevant cybersecurity risks at all levels. These levels may include the cybersecurity team, the ERM team, the horizontal business units, the executive leadership team, the Board of Directors, the Foreign Third Parties and the Foreign Regulators.

Many publications on crisis communication indicate that crisis communications should contain the “five WS” (who, what, when, where and why). Each of the “WS” may not be practical every time. For example, in the initial stages of a cyber incident, you may not know exactly “who” is affected, but you want to communicate proactively. The point is to have a communication plan before communication occurs.

Key activities

  • Understand the regulatory requirements for cybersecurity and disclosure that are within the scope of your organization.

  • Work with your legal team to sort overlapping and contradictory requirements of the various provisions.

  • Make up a communication plan before It is necessary.

  • Adapted communications to your audience.

  • Drill your communication plan through designed and planned exercises.

Well, we’re at the end of Coso! You did it! You have suffered these videos on how to bring cyber risk with the risk management framework of your organization’s enterprise. Although not the most sexy of the topics, it is crucial to raise your profile and executive presence within your organization. Remember that the 5 leading COSO principles are:

  1. Management and culture

  2. Strategy and objective setting

  3. Implementation

  4. Review and review

  5. Information, communication and reporting

As always, I love your comments and if you want to have a direct conversation, please shoot me a message and we will set up something. Keep an eye on a LinkedIn poll, asking what topic you would like to start covering the next one.

Thanks, and a great week!

[ad_2]

Related Posts

The Only Constant is Change. Can You Keep Up? — RockCyber

How Hungry Are You For Risk?

Strategy, Frameworks and More Frameworks — RockCyber

About Your Trusted Cybersecurity Partners

View all posts by Your Trusted Cybersecurity Partners →

Leave a Reply

Your email address will not be published. Required fields are marked *