What Companies & CISOs Should Know About Rising Legal Threats
Litigation and regulatory enforcement are increasing risks for companies and cybersecurity leaders. Something must be done to protect the profession.
Why Vendor Management is Critical
Vendor management is crucial in today's interconnected business landscape. As organizations increasingly rely on external vendors to provide essential services and technology solutions, the need to ensure their reliability and security becomes paramount.
Women in Cybersecurity and Legal Services
For our latest podcast, All About Risk, our CEO Lily is joined by a selection of the greatest female minds managing GRC programs for leading US Law Firms. Today’s podcast covers…
According to Gartner, When Adopting Security Tools, Less is More.
Gartner analysts are calling for organizations to adopt a “minimum effective toolset” for enterprise security, using the fewest technologies required to observe, respond and defend against threats.
AI Transformation and the Journey to Protect Our Assets - PYA to CYA…
With many companies still at the beginning of their digital transformation journey, we are already turning our attention to the new issues posed by AI, before having solved many of the digital risks that remain a persistent challenge for organizations.
Cybersecurity Spend Grows as Part of IT Budgets
According to research from Gartner, IT security accounted for just 5.2% of IT budgets in 2022, indicating a relatively small portion. However, this percentage represents an improvement from the previous year, driven by the objective of risk reduction.
How a Powerful GRC Platform Can Save Millions
In today's fast-paced business world, staying ahead of risks and compliance challenges is crucial for multi-million dollar organizations. That's where a robust Governance, Risk, and Compliance (GRC) platform comes into play.
We are Living in a Control Jungle
So many organizations today are lost in a deep, dark jungle of control inertia. The word ‘Control’ is being used too loosely, and is a confusing term at best, in particular when applied out of context.
A letter to WiCys, Women in Cybersecurity
Our CEO, Lily Yeoh, recently spoke at the National Women in Cybersecurity Conference (WiCys) in Denver, with more than 160 attendees for her session on Integrated Risk Management.
How to Design an Effective Risk Assessment
Best Practices for Risk Assessment and Continuous Risk Monitoring
Biden Harris Administration Announces New National Cybersecurity Strategy
Today, the Biden-Harris Administration released the National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans.
Why / What You Should Know About the Proposed NYDFS 500 Regulatory Updates
The New York Department of Financial Services (NYDFS) will soon be updating the NYDFS 500 requirement. The proposed changes stand to have significant impact on all risk management programs beyond the Finance industry, as the SEC, FTC and the Attorney General’s Office are all following suit and adopting the same/similar requirements.
Regulatory and Standard Frameworks: Guidance not Gospel for your GRC Program
Many customers come to us with an immediate need, as well as longer term priorities for their information security/GRC programs. Often, the short term is to achieve some form of compliance,…
Building Risk Culture Over and Above “ (Do) I Need SOC 2 and I Need it Now!”
As a business leader, you know that risk management is an essential part of any successful organization. Effective risk management will, of course, primarily serve as an effective barrier to nefarious actors trying to infiltrate your organization from outside or within…
Managing Risk Through a Hiring Freeze?
We are all aware of the significant number of layoffs occurring, in particular in technology firms. Beyond this, many if not most companies are currently holding back and implementing a hiring freeze
Navigating Digital Risk: Strategies for Effective Risk Management in the Digital Age
Digital transformation has changed the way organizations do business, creating new opportunities and challenges. As organizations leverage technology and move to digital platforms, they naturally take on new risks…
Continuous Risk Monitoring
Last week we discussed the value of an independent risk assessment, today we focus on the next layer of risk management - Continuous risk monitoring…
The Value of an Independent Risk Assessment
Risk assessment is an essential component of any business, making sure that operations are running smoothly and ensuring that the organization is meeting safety and regulatory standards...