The Urgency of Insecure Infrastructure; Yours, Mine, and All Ours

There are lessons to be learned from the Colonial Pipeline ransomware attack. Panic is not one of them—it will yield no improvement nor progress for any situation. The event does strongly highlight how much more attention we need to pay to cyber risk now than past efforts demonstrate. The details of this ransomware incident are[…]

A Look At DoubleCheck’s Approach to TPRM (Third Party Risk Management)

This month, I’m going to depart a bit from the independent discussions of IT risk and cybersecurity to explore some of the specific ways this blog’s host, DoubleCheck Software, provides tools, resources, and value to companies working to manage their supply chain and partner risk—TPRM (Third Party Risk Management). The DoubleCheck GRC offers a platform[…]

Management of Your Software Supply Chain—A Hidden TPRM Vulnerability For All

If your company relies upon software from any third party, (and frankly today is there any organization that doesn’t) there is a third-party risk out there you are probably ignoring.  It’s unlikely you wrote your own internet browser, or email system, word processor, or spreadsheet programs, or network management systems.  It’s equally unlikely you are[…]

Examining Your Third Party Risk Management Processes – The Weakest Link

Third Party Risk Management (TPRM) is often viewed as a linear process.  This is a misunderstanding of the actions that in total represent the processes involved.  First, it’s a continuous system, renewing itself in different cycles and frequencies, depending upon the risk level of the third party’s service, and the practices of procurement; second, its[…]

Walk Down Sidewalk, With Caution And Diligence

Amazon Sidewalk is coming to your home, if your home contains smart devices relying on wi-fi and Bluetooth for network services. And if your company’s cyber risk footprint extends to a remote workforce located in homes and apartments with smart IoT devices like Ring and Echo, you have some work to do to assure you[…]

Approaching Year End And Evaluating Your Cyber Risk Program

The last few weeks of each year often bring time for reflection, evaluation, and planning to set the start of each new calendar off on strong footings with clear direction. Taking time to evaluate your cyber risk program honestly, using evidence and achievement to support your review,  represents a step toward greater program maturity and[…]

Smart Home Cyber Risks to Operational Technology and Your Cloud Enriched Enterprise

Smart technologies’ home presence grows with each passing day. The work-from-home (WFH) migrations for many workers seeking convenience while coping with “covid-19 encouraged isolation” have spurred this transformation to new levels of ready adoption. Smart thermostats, lights, home security cameras, front doorbells, automobile integration, automated window shades and curtains, TV’s and more, all managed through[…]

Revisiting The Value In Risk Management—Why Bother Now?

There are so many challenges facing businesses today as we all focus upon sustaining demand, revenue, and operating infrastructure while confronting new paradigms for staff retention, safety, and service delivery. Technologies we may have just begun to touch like mobile device management, cloud-based infrastructure and remote, digital client services, may suddenly be existential realities needed[…]

Ransomware: An Existential Threat To Remote Organizations! What Actions To Take To Mitigate Risk

Ransomware is a category of malware that infects your systems, encrypts your files and data, then threatens to destroy or publish this confidential material unless a ransom is paid for the decryption keys, usually requiring electronic deposits to some anonymous account. It has been around for decades. It’s made the headlines when large corporations, municipalities,[…]

Managing Cyber Risk In A Remote Organization

Cyber risk is adaptive. As you reconfigure operations to function with much of your staff resources working remotely, your risk footprint, vulnerabilities, and threat vectors adjust too, and realign right along. So, the question becomes how adroitly will your defenses, detection capabilities, recovery, and remediation strategies address these risk opportunities? Cybersecurity employs numerous technical components.[…]

Top

DoubleCheck ERM One™

An out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 associated, pre-populated risks to be used as a starting point.

X