Risk is best defined as the “effect of uncertainty on the achievement of objectives.” The successful management of risk, therefore, is integrally connected to the achievement of the company’s strategic objectives. Enterprise Risk Management (ERM) is an essential discipline that all companies need to install, embed, and inculcate into the organization, in order to: Set[…]
Like cars, whose investment and value we protect and preserve with regular annual maintenance at the least, your GRC and risk management processes and tools require careful regular service to preserve and extend their value and utility. Business environments are fluid. Change is a reliable variable from one year to another. Your business may have[…]
In our last article, we discussed the value and contribution of the risk register, and how it played into the offering of a pre-populated, fully-integrated enterprise risk management (ERM) solution. We noted that three attributes of a GRC platform (Process, Product, and Content) are essential to delivering the critical services, tools, and capabilities that companies[…]
There’s a lingering belief that these are IT management concerns. That lingering belief is founded upon a “perceived reality” of a business operating in an environment where IT was little more than a contributing discipline to complete tasks and deliver efficiency. It made some narrow sense in a world free of cyber anything, pre-internet, where[…]
Almost every blog entry listed here makes some reference to a Governance, Risk, and Compliance (GRC) software tool and how it can help you manage cyber risk. But what if you don’t have one of these? What about spreadsheets? Or home grown database tools you made yourself and are certain are “good enough”? And suppose[…]
December brings more to our days than images of bright lights, holiday cheer, family gatherings, and for some, maybe a sprinkling of snow. In our work-realm of business and cyber risk management, it’s a time for reflection, refinement, and preparation for the year to come. Unless your business is retail or related, and you’re panting[…]
There are few buzz phrases in IT risk and security today with as much clout as “Zero Trust” and “Digital Twins”. Both represent significant departures from legacy practices that comprise much of the planning, design, and activity of current IT risk and security programs for many organizations, large and small alike. In a past posting[…]