So many organizations today are lost in a deep, dark jungle of control inertia. The word ‘Control’ is being used too loosely, and is a confusing term at best, in particular when applied out of context.

Our CEO, Lily Yeoh, recently spoke at the National Women in Cybersecurity Conference (WiCys) in Denver, with more than 160 attendees for her session on Integrated Risk Management.

Best Practices for Risk Assessment and Continuous Risk Monitoring

Today, the Biden-Harris Administration released the National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans.

The New York Department of Financial Services (NYDFS) will soon be updating the NYDFS 500 requirement. The proposed changes stand to have significant impact on all risk management programs beyond the Finance industry, as the SEC, FTC and the Attorney General’s Office are all following suit and adopting the same/similar requirements.

Many customers come to us with an immediate need, as well as longer term priorities for their information security/GRC programs. Often, the short term is to achieve some form of compliance,…

As a business leader, you know that risk management is an essential part of any successful organization. Effective risk management will, of course, primarily serve as an effective barrier to nefarious actors trying to infiltrate your organization from outside or within…

We are all aware of the significant number of layoffs occurring, in particular in technology firms. Beyond this, many if not most companies are currently holding back and implementing a hiring freeze

Digital transformation has changed the way organizations do business, creating new opportunities and challenges. As organizations leverage technology and move to digital platforms, they naturally take on new risks…

Last week we discussed the value of an independent risk assessment, today we focus on the next layer of risk management - Continuous risk monitoring…

Risk assessment is an essential component of any business, making sure that operations are running smoothly and ensuring that the organization is meeting safety and regulatory standards...

Most companies are required to conduct an annual risk assessment. It is a key part of business planning and risk management. This can help you to make…

Leaders are increasingly recognizing the dangers in our connected world, where cyber incidents can wreak havoc on finances and reputations alike…

It is difficult to quantify the exact number of hacks that occur during the holidays, as this can vary from year to year and depend on a variety of factors…

Automated governance, risk, and compliance (GRC) refers to the use of technology to manage and monitor an organization's compliance with laws, regulations, and internal policies.

Part Four of our Control Freaks Series takes into the world of Internal Audit and Audit Readiness assurance and examines the value of Risk Management to an Internal Audit process.

Sorry, my fellow humanities friends, but this is not about the internal expression of your inner poet and deepest feelings! However, properly established and managed, internal controls will go a long way to protecting your organization, not to mention passing audits and maintaining those increasingly important security certifications.

The Statement of Applicability (SOA) defines both which of the suggested 114 controls from Annex A you will implement, and the justification to not implement certain controls. In regards to ISO 27001, an SOA report is required as well as an SOA statement for each control.