I’m old enough to remember a time before ATM’s, cell phones, the internet, and portable computing in any number of form factors. No, there were no dinosaurs stealing my school lunch, and I didn’t learn to write on a clay tablet with a stick (despite what my now grown children might think). But the depth[…]
Recently there was a malware attack discovered. “So?”, you might ask? “There’s always a malware attack of some sort or another being identified, reported and measured for its scope and impact.” Well, this one was unique in several ways: First, it seemed to target Mac OS, which is a rarity for technical (its UNIX roots)[…]
Choosing a risk management platform is an important process. First, and foremost, companies often think this software must reflect the priorities, practices, and processes of your current operating risk management processes— “model what we do and how we do it”, so to speak. This can be a fundamental, strategic error. If you are in the[…]
One of the greatest challenges to managing cyber risk is communications. Often the technologies and tools used to deploy effective countermeasures, monitor activity on networks, and online points of contact between an enterprise and its stakeholders, clients, customers, and partners are described using language uncommon to non-technical audiences. Also lost to those outside cybersecurity and[…]
This is Part Two of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein Is your risk program awash in expanding piles of data, from many organizational, operational, and functional sources, that offer no clear sense of useful information? Do you find that comparing where you were a year ago to[…]
This is the final blog of a four-part series on ERM from guest blogger Michael Rasmussen of GRC 20/20 Research. Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. The risk management information architecture supports the process architecture[…]
This is Part Three of a four-part blog series on ERM from guest blogger Michael Rasmussen of GRC 20/20 Research. The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of our time, the more[…]
This is Part Two of a four-part blog series on ERM that is from guest blogger Michael Rasmussen of GRC 20/20 Research. To maintain the integrity of the organization and execute on strategy, the organization has to be able to see their individual risk (the tree) as well as the interconnectedness of risk (the[…]
This is Part One of a four-part blog series on ERM that is from guest blogger Michael Rasmussen of GRC 20/20 Research. Organizations take risks all the time but fail to monitor and manage risk effectively for the enterprise. A cavalier approach to risk-taking results in disaster, providing case studies for future generations on how[…]
