A risk management framework is defined as the structured process used to identify potential threats to an organization and to define the strategy for eliminating or minimizing the impact of these risks, as well as the mechanisms to effectively monitor and evaluate this strategy.
The COVID-19 pandemic has caused an unprecedented disruption forcing organisations to ponder their survival. t is therefore proving crucial to put in place a formal proactive business continuity framework which can be relied on in times of crisis rather than have one on an ad hoc basis which is reactive in nature. This can be done using the ISO 22301 standard which specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of,...
Information Systems Audits have become a pivotal element of risk-aware organizations looking to improve security posture and systems and management controls around Information Systems and IT infrastructure. As organizations leverage information systems to transform business and enhance their value chain, so has the need for visibility of the organization’s IT environment by stakeholders. The modern business seeks assurance that the control environment are effective and efficient in supporting strategic objectives and insights into improvement actions that can be taken....
If you are a trainer or have ever had the opportunity to present your ideas to an audience then you know that there are certain aspects to the interaction that help enrich the experience. Non-verbal cues - being able to “read the room”, group discussions to enhance engagement, and the ability to break the room into ad-hoc groups – basically enhanced engagement and participation.
By Stella Simiyu; Chief Operating Officer - Sentinel Africa Consulting As a consultant I often get the question “when will this project be finished i.e. when will we be ISO 27001 certified? ”The urgency is sometimes brought on by a client need or a stakeholder requirement for that precious certificate.In my experience I have found that with the right project approach 1st year certification is doable often with a waterfall project management approach such as the one depicted below. Ask me for more information on this on info@sentinelafrica.co.ke Celebrations abound with congratulations at having won "THE CUP" i.e. the certificate. However,...
By Ivy Waeni ; Risk Management & Business Continuity Consultant Just because we see no evil, hear no evil, or speak no evil does not mean evil ceases to exist. The same can be said about our risk environment. We are ever surrounded by risks and we need to build a culture where risks are freely discussed and debated if we are to survive. What is Risk Culture? The term has not been conclusively defined. However, starting from the basics,...
By Faith Mueni ; Information and Cyber Security Consultant Image courtesy: google The COVID-19 pandemic has led the retrieval and activation of long-forgotten or not so reviewed Business Continuity Plans. Among the strategies adopted to ensure minimal disruptions to Business As Usual (BAU) are telecommuting, even though some organisations do not have active teleworking policies and controls in place. This obviously poses a huge risk to any business that is forced to open its infrastructure to employees working from home. Risk of...
By Faith Mueni ; Information & Cyber Security Consultant Telework refers to an arrangement where an employee works from home or from another location away from the usual workplace. According to ISO 27001:2013, Clause A.6.2.2 on Teleworking, A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites. Image courtesy: google Security Consistent with the organization's expectations of information security for employees working at the office, telecommuting employees will be expected to ensure the protection of proprietary company and customer information...
By Mike Kamua ; Director Business Development & Customer Experience It is proven that when seeking for an opportunity as an individual or an organization your appearance may determine your success or failure. Equally when job opportunities, Tenders, Request for Proposal or Expression of Interest are advertised there is always a mandatory requirement to provide evidence of professional certification. Professional Certification is a proof by an individual or organization that he/she is competent to perform a particular task. The ability of an individual or an organization to provide evidence...
By Stella Simiyu ; Chief Operating Officer - Sentinel Africa Consulting Today is women’s day a day we seek to raise awareness on gender parity in the world. The hashtag for this year’s event is #eachforequal that focuses on a gender equal world, celebration of women’s achievement, raising awareness against bias and taking action for equality. So I have been lucky to have been led by many strong women over the years. Additionally, I now work and are part of the leadership team for Sentinel...
