Shopping For a GRC Platform

Almost every blog entry listed here makes some reference to a Governance, Risk, and Compliance (GRC) software tool and how it can help you manage cyber risk. But what if you don’t have one of these? What about spreadsheets? Or home grown database tools you made yourself and are certain are “good enough”? And suppose[…]

cyber security software

When The Cyber War Comes Home

The modern battlefield has a new extension—cyberspace! And the modern battlefield is no longer confined to simple geographies of land masses, airspace, oceans, valleys and mountains. Better (more destructive) bombs, missiles, rockets, guns, and fighter aircraft, weren’t enough for us feisty humans. Just as the global economy has blurred once sharply defined geographical and economic[…]

When Comes December; Tailoring Your GRC Programs For The Coming Year

December brings more to our days than images of bright lights, holiday cheer, family gatherings, and for some, maybe a sprinkling of snow. In our work-realm of business and cyber risk management, it’s a time for reflection, refinement, and preparation for the year to come. Unless your business is retail or related, and you’re panting[…]

Moving To Zero Trust—A Process Or A Practice?

There are few buzz phrases in IT risk and security today with as much clout as “Zero Trust” and “Digital Twins”. Both represent significant departures from legacy practices that comprise much of the planning, design, and activity of current IT risk and security programs for many organizations, large and small alike. In a past posting[…]

When Come The Rains, Floods, Hurricanes, Earthquakes, and More

There is a whole category of threats to cyber risk and security often ignored despite its potential to impose catastrophic disruption and damage—business interruption! We attend to human malice in many forms, and its diverse efforts to gain unauthorized access to secure information, capture control of devices and systems, or perform all kinds of mischief[…]

The Executive Order on Improving the Nation’s Cybersecurity—Its Impact On Your Risk Management Program

Overview“It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example.”[1]  So states the Executive Order (EO) on Improving The Nation’s Cybersecurity! Noble by intent, and certainly appropriate, it has not[…]

Summertime, And The Cyber Risk Is Easy…

Summertime, and the living is, once again, easy—sort of. Just a few summers ago these were the days of occasional remote work, long weekends, holidays, vacations, and for some companies, shortened “summer hours”. As our work routines have made the separation of office, work, and personal time a fluid continuum, our risk perimeter and footprint[…]

When Everything Old is New, Again

Once upon a time…Some of us, those with mostly grey hair, more or less, may recall days without mobile phones, notebook computers, or even desktop devices. I know, I know, and we were all chased by dinosaurs to school, uphill, both ways, while hauling bookbags bursting with textbooks and homework, in blizzards…I get it. But[…]

The Urgency of Insecure Infrastructure; Yours, Mine, and All Ours

There are lessons to be learned from the Colonial Pipeline ransomware attack. Panic is not one of them—it will yield no improvement nor progress for any situation. The event does strongly highlight how much more attention we need to pay to cyber risk now than past efforts demonstrate. The details of this ransomware incident are[…]

Integrating Third Party Data Into Your Risk Management Processes (TPRM)

Some Risk Managers rely upon reported findings from internal risk assessments as the primary source of risk data in their Third Party Risk Management (TPRM) programs. Too often this approach generalizes over time from a primary to an exclusive source. That’s a missed opportunity to leverage value from other contributors to your operations, by incorporating[…]

Top

DoubleCheck Third Party Risk Management.

Now with access to D&B® data for key insights about your 3rd parties.

X