Introduction to Risk Assessment and Incident Response A great many companies still run risk assessment and incident response as two separate processes. The risk management or compliance team…
Łukasz Krzewicki
Łukasz Krzewicki
EN Audit, Risk & Compliance Expert | C&F
A consultant and project manager with more than 20 years of experience in telecommunications, consulting, and IT. He is responsible for the GRC business line, product roadmap, and development planning at C&F. His specialties include risk management (certified CRISC), service delivery management, security management (certified CISM), software product management, SCRUM, CRM, and business process improvements.
Articles
Explore all publications and insights
Read More
Imagine a scenario that has become increasingly common across Europe. The board learns that the organisation may fall under new cybersecurity requirements. The security team starts reviewing NIS2….
What Is an Audit Trail? An audit trail is an automatic, chronological record of actions and events occurring across an organisation’s IT systems and internal procedures. Each event is logged…
What Is the Cyber Resilience Act? The Cyber Resilience Act is Regulation (EU) 2024/2847 of the European Parliament and of the Council, which establishes uniform horizontal cybersecurity requirements…
What is the NIS2 Directive? NIS2 is an EU cybersecurity directive that significantly expands the number of organisations in scope while raising the bar for risk management and incident response. In…
What Is an Information Security Policy? An information security policy defines what an organisation needs to protect and to what standard. It applies to everyone who handles the organisation’s…
What Is ISO 22301? ISO 22301 defines what a business continuity management system (BCMS) needs to include. At its core, the standard calls for a business impact analysis, documented continuity plans,…
What Are SOC Audits? A SOC audit is an independent assessment of the internal controls at a service organisation. Its purpose is to give the organisation’s clients confidence that appropriate…
What Is a Control Measure? A control measure is a specific action, procedure, or safeguard designed to limit risk and help an organisation achieve its objectives. It is not a synonym for internal…
What Is Inherent Risk? Inherent risk is the level of threat linked to an activity, process, or asset before any controls are applied. It is driven by the nature of the activity itself, not by how…
NIS2 Requirements for Incident Management The NIS2 Directive obliges organisations to detect incidents promptly, limit their impact, and meet strict reporting timelines. It also requires the entire…
In this environment, companies need structured and reliable ways to protect their data and prove resilience. ISO/IEC 27001, one of the most widely adopted international standards, provides a…
What is Risk and Control Self-Assessment (RCSA)? RCSA is a structured process that allows teams across an organisation to identify risks, evaluate the controls in place, and assess their…
Definitions first. According to COSO, internal control is a set of processes and actions that help a company meet its goals, whether that means running efficiently, reporting accurately, or staying…
Managing risk requires anticipating potential threats, understanding their impact, and making informed decisions. In many ways, it resembles a game of chess, where every move influences future…
From digital transformation and regulatory changes to disruptions in global supply chains, companies face ever more complex challenges that shape the reality of doing business. Volatility brings…
In an era of increasing business complexity and rapidly changing regulations, organisations need proven risk management methods. A risk assessment matrix has become a key tool in this context,…