EBI

Harvesting Information From GRC Data—The Promise of Business Intelligence Tools

Thirty-five years ago, my first article was published in a professional journal. It was the outgrowth of a talk I gave at a business conference on the use of computer generated graphical information reporting. In 1987 those technologies were in their infancy. Computerized business graphics, pie, line, and bar charts, generated using desktop systems and[…]

When Comes December; Tailoring Your GRC Programs For The Coming Year

December brings more to our days than images of bright lights, holiday cheer, family gatherings, and for some, maybe a sprinkling of snow. In our work-realm of business and cyber risk management, it’s a time for reflection, refinement, and preparation for the year to come. Unless your business is retail or related, and you’re panting[…]

Summertime, And The Cyber Risk Is Easy…

Summertime, and the living is, once again, easy—sort of. Just a few summers ago these were the days of occasional remote work, long weekends, holidays, vacations, and for some companies, shortened “summer hours”. As our work routines have made the separation of office, work, and personal time a fluid continuum, our risk perimeter and footprint[…]

Integrating Audit and Cyber Risk Management Processes to Address AI Risks

Audit and risk management are really two perspectives or “flavors” of the same measurement and inspection processes. In blogs of October and November 2018, I’ve discussed some of the key aspects of these processes and offered some arguments for the benefit of their integration to offer executive management a sharper picture of their true risk[…]

Applying NIST Standards to Managing Cyber Risk and Regulatory Compliance

In our last blog, we explored the content and value of the New York State Department Of Financial Services 23 NYCRR 500; Cybersecurity Requirements For Financial Services Companies. In this article, we’ll explore how the application of a framework like NIST 800-53, or the NIST Cybersecurity Framework helps structure and achieve strong compliance with regulations[…]

Once Upon A Time in Cyber Land…From ATM’s to AI and Beyond

I’m old enough to remember a time before ATM’s, cell phones, the internet, and portable computing in any number of form factors. No, there were no dinosaurs stealing my school lunch, and I didn’t learn to write on a clay tablet with a stick (despite what my now grown children might think). But the depth[…]

Addressing the Right Cyber Risk…. An Example

Recently there was a malware attack discovered. “So?”, you might ask?  “There’s always a malware attack of some sort or another being identified, reported and measured for its scope and impact.”  Well, this one was unique in several ways: First, it seemed to target Mac OS, which is a rarity for technical (its UNIX roots)[…]

Audit Processes Add Value and Objectivity to Cyber Risk and Security Programming – Part 2

This is the second of a Two-Part blog series on Cybersecurity’s impact on Audit Management, by guest blogger Simon Goldstein. Cyber Incident Investigation Partner with Audit to facilitate and enrich Incident Management. When a cyber incident occurs, the immediate need to bring the event to a halt is paramount.  At the same time, detailed investigation[…]

Audit Processes Add Value and Objectivity to Cyber Risk and Security Programming – Part 1

This is Part One of a Two-Part blog series on Cybersecurity’s impact on Audit Management, by guest blogger Simon Goldstein. When risk professionals think about integrating enterprise resources, they often exclude or overlook audit functions, internal and external.  Executive management relies upon Audit for trusted feedback into its enterprise governance efforts. Audit is a great[…]

Top

DoubleCheck Third Party Risk Management.

Now with access to D&B® data for key insights about your 3rd parties.

X