Moving To Zero Trust—A Process Or A Practice?

There are few buzz phrases in IT risk and security today with as much clout as “Zero Trust” and “Digital Twins”. Both represent significant departures from legacy practices that comprise much of the planning, design, and activity of current IT risk and security programs for many organizations, large and small alike. In a past posting[…]

When Come The Rains, Floods, Hurricanes, Earthquakes, and More

There is a whole category of threats to cyber risk and security often ignored despite its potential to impose catastrophic disruption and damage—business interruption! We attend to human malice in many forms, and its diverse efforts to gain unauthorized access to secure information, capture control of devices and systems, or perform all kinds of mischief[…]

The Executive Order on Improving the Nation’s Cybersecurity—Its Impact On Your Risk Management Program

Overview“It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example.”[1]  So states the Executive Order (EO) on Improving The Nation’s Cybersecurity! Noble by intent, and certainly appropriate, it has not[…]

Summertime, And The Cyber Risk Is Easy…

Summertime, and the living is, once again, easy—sort of. Just a few summers ago these were the days of occasional remote work, long weekends, holidays, vacations, and for some companies, shortened “summer hours”. As our work routines have made the separation of office, work, and personal time a fluid continuum, our risk perimeter and footprint[…]

When Everything Old is New, Again

Once upon a time…Some of us, those with mostly grey hair, more or less, may recall days without mobile phones, notebook computers, or even desktop devices. I know, I know, and we were all chased by dinosaurs to school, uphill, both ways, while hauling bookbags bursting with textbooks and homework, in blizzards…I get it. But[…]

The Urgency of Insecure Infrastructure; Yours, Mine, and All Ours

There are lessons to be learned from the Colonial Pipeline ransomware attack. Panic is not one of them—it will yield no improvement nor progress for any situation. The event does strongly highlight how much more attention we need to pay to cyber risk now than past efforts demonstrate. The details of this ransomware incident are[…]

Integrating Third Party Data Into Your Risk Management Processes (TPRM)

Some Risk Managers rely upon reported findings from internal risk assessments as the primary source of risk data in their Third Party Risk Management (TPRM) programs. Too often this approach generalizes over time from a primary to an exclusive source. That’s a missed opportunity to leverage value from other contributors to your operations, by incorporating[…]

A Look At DoubleCheck’s Approach to TPRM (Third Party Risk Management)

This month, I’m going to depart a bit from the independent discussions of IT risk and cybersecurity to explore some of the specific ways this blog’s host, DoubleCheck Software, provides tools, resources, and value to companies working to manage their supply chain and partner risk—TPRM (Third Party Risk Management). The DoubleCheck GRC offers a platform[…]

Management of Your Software Supply Chain—A Hidden TPRM Vulnerability For All

If your company relies upon software from any third party, (and frankly today is there any organization that doesn’t) there is a third-party risk out there you are probably ignoring.  It’s unlikely you wrote your own internet browser, or email system, word processor, or spreadsheet programs, or network management systems.  It’s equally unlikely you are[…]

Examining Your Third Party Risk Management Processes – The Weakest Link

Third Party Risk Management (TPRM) is often viewed as a linear process.  This is a misunderstanding of the actions that in total represent the processes involved.  First, it’s a continuous system, renewing itself in different cycles and frequencies, depending upon the risk level of the third party’s service, and the practices of procurement; second, its[…]

Top

DoubleCheck ERM One™

An out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 associated, pre-populated risks to be used as a starting point.

X