Is Your TPRM A Weak Link In Your Continuity and Cyber Risk Plans?

All too often when we think of business continuity planning, we think of detailed checklists and tabletop tests, and situations approaching disaster recovery scenarios. We think of key suppliers and residual power supplies, and more. America’s current novel coronavirus situation has many of us finding ourselves facing periods of varying lengths where we will be[…]

Third Party Risk Management (TPRM) Made Simple

Over the past several articles I’ve gone into some depth about TPRM; why it’s a critical part of managing cyber risk, how to integrate TPRM into your enterprise risk program, and the importance of assessment and governance to the overall effort. In doing so it’s possible this focus has created the impression that TPRM is[…]

Managing 3rd Party Assessment and Governance

Data provides no value if it doesn’t lead to decisive action to forward business goals or address customer problems successfully.  So, gathering endless amounts of it, as well as compiling or calculating limitless measures offers no guarantee of improved business results. In fact, it can often lead to confusion and clouded views of the key[…]

Integrating Vendor and 3rd Party Security into Your Risk Program

Considering vendor security as part of your own risk program is an accepted best practice. But what exactly does it mean to do so? How do you determine which vendors merit the most attention? What data do you need?  What roles should your legal, compliance, purchasing, IT, and operations resources play?  What access might they[…]

Why Vendor Management Is Critical To Cyber Risk and Security

Where We Were Diligence mattered, but was relatively straightforward. Not long ago the vendors, suppliers, and other 3rd parties your business engaged with were discreet, independent service or material providers of one sort or another.  You communicated by phone, fax, written correspondence or maybe email or EDI. For the most part data flows were simple.[…]

Compelling Board-Level Content on The State of Cyber Risk At Your Company

Previous posts have discussed how to present cyber and related risk information to your Board of Directors in a relevant and meaningful manner. They’ve also explored how a GRC software platform can help gather, organize and structure risk data from multiple sources necessary to perform this analysis to support such meaningful Board level reporting. Now,[…]

How GRC Platforms Enable Effective Board-Level Reporting

Our last discussion talked about how to present cyber and related risk information to your Board of Directors in a relevant and meaningful manner. Here we’ll explore how a GRC software platform can help organize and structure risk data from multiple sources necessary to perform this analysis to support such meaningful Board level reporting. And[…]

Translating Risk Discussions into Language Your Board Will Relate to and Respect

Every CIO, CISO, and CRO has had this experience, even if only once.  They have a meeting with their Board of Directors, for which they have prepared volumes of detailed factual data about the state of risk in their organization; they are confident of their preparation and their message. But, almost immediately upon beginning, the[…]

An Argument for Comprehensive Cyber Risk Management Including Insurance: And GRC Can Help

The frequency and scale of cyberattacks continues to grow, and the financial stakes appear to be rising too. Revenue losses, liability costs, recovery fees, and even regulatory fines are all consequences facing companies experiencing successful cyber incidents. In the recent past, ransomware attacks like NotPetya, one of the most devastating cyber events ever, caused millions[…]

Applying NIST Standards to Managing Cyber Risk and Regulatory Compliance

In our last blog, we explored the content and value of the New York State Department Of Financial Services 23 NYCRR 500; Cybersecurity Requirements For Financial Services Companies. In this article, we’ll explore how the application of a framework like NIST 800-53, or the NIST Cybersecurity Framework helps structure and achieve strong compliance with regulations[…]

Top