Revisiting The Value In Risk Management—Why Bother Now?

There are so many challenges facing businesses today as we all focus upon sustaining demand, revenue, and operating infrastructure while confronting new paradigms for staff retention, safety, and service delivery. Technologies we may have just begun to touch like mobile device management, cloud-based infrastructure and remote, digital client services, may suddenly be existential realities needed[…]

Ransomware: An Existential Threat To Remote Organizations! What Actions To Take To Mitigate Risk

Ransomware is a category of malware that infects your systems, encrypts your files and data, then threatens to destroy or publish this confidential material unless a ransom is paid for the decryption keys, usually requiring electronic deposits to some anonymous account. It has been around for decades. It’s made the headlines when large corporations, municipalities,[…]

Managing Cyber Risk In A Remote Organization

Cyber risk is adaptive. As you reconfigure operations to function with much of your staff resources working remotely, your risk footprint, vulnerabilities, and threat vectors adjust too, and realign right along. So, the question becomes how adroitly will your defenses, detection capabilities, recovery, and remediation strategies address these risk opportunities? Cybersecurity employs numerous technical components.[…]

Is Your TPRM A Weak Link In Your Continuity and Cyber Risk Plans?

All too often when we think of business continuity planning, we think of detailed checklists and tabletop tests, and situations approaching disaster recovery scenarios. We think of key suppliers and residual power supplies, and more. America’s current novel coronavirus situation has many of us finding ourselves facing periods of varying lengths where we will be[…]

Integrating Audit and Cyber Risk Management Processes to Address AI Risks

Audit and risk management are really two perspectives or “flavors” of the same measurement and inspection processes. In blogs of October and November 2018, I’ve discussed some of the key aspects of these processes and offered some arguments for the benefit of their integration to offer executive management a sharper picture of their true risk[…]

Third Party Risk Management (TPRM) Made Simple

Over the past several articles I’ve gone into some depth about TPRM; why it’s a critical part of managing cyber risk, how to integrate TPRM into your enterprise risk program, and the importance of assessment and governance to the overall effort. In doing so it’s possible this focus has created the impression that TPRM is[…]

Managing 3rd Party Assessment and Governance

Data provides no value if it doesn’t lead to decisive action to forward business goals or address customer problems successfully.  So, gathering endless amounts of it, as well as compiling or calculating limitless measures offers no guarantee of improved business results. In fact, it can often lead to confusion and clouded views of the key[…]

Integrating Vendor and 3rd Party Security into Your Risk Program

Considering vendor security as part of your own risk program is an accepted best practice. But what exactly does it mean to do so? How do you determine which vendors merit the most attention? What data do you need?  What roles should your legal, compliance, purchasing, IT, and operations resources play?  What access might they[…]

Why Vendor Management Is Critical To Cyber Risk and Security

Where We Were Diligence mattered, but was relatively straightforward. Not long ago the vendors, suppliers, and other 3rd parties your business engaged with were discreet, independent service or material providers of one sort or another.  You communicated by phone, fax, written correspondence or maybe email or EDI. For the most part data flows were simple.[…]

Compelling Board-Level Content on The State of Cyber Risk At Your Company

Previous posts have discussed how to present cyber and related risk information to your Board of Directors in a relevant and meaningful manner. They’ve also explored how a GRC software platform can help gather, organize and structure risk data from multiple sources necessary to perform this analysis to support such meaningful Board level reporting. Now,[…]

Top