Four “Be Brave” Resolutions for GRC and ERM Programs in 2024

“Be Brave” Resolution #1 – Critique and Hone Your Risk Rating Scales All risk rating scales are not created equal. The new year is a good time to consider critiquing yours…and honing them, as advisable. Here are some thoughts for severity and likelihood rating scales: 1) Mere adjectival identifiers (e.g. high, rate etc.) are worthless,[…]

Why Settle For Less? Twenty (20) Elements in a World-Class ERM or GRC Program

A World-Class Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) program offers numerous benefits to organizations of all sizes and across various industries. Here are 20 key elements needed for the creation of an efficient, effective, and successful program: 1. Mission Statement Purposeful connection of strategy and tactics 2. Framework – Part A[…]

De-Mystifying (and Explaining the Connection Between) Risk-Related Acronyms and Phrases

One acronym after another. An ice cream headache, for sure, trying to understand the similarities, differences and connectivity between all these terms. You need to do it, however. Simplify, simplify, simplify. Break it down and truly comprehend everything. Get ready for the proverbial elevator speech, if the need for one materializes. Toward that goal, here[…]

Cyber Security and Risk Management—Who’s Responsible

There’s a lingering belief that these are IT management concerns. That lingering belief is founded upon a “perceived reality” of a business operating in an environment where IT was little more than a contributing discipline to complete tasks and deliver efficiency. It made some narrow sense in a world free of cyber anything, pre-internet, where[…]

Shopping For a GRC Platform

Almost every blog entry listed here makes some reference to a Governance, Risk, and Compliance (GRC) software tool and how it can help you manage cyber risk. But what if you don’t have one of these? What about spreadsheets? Or home grown database tools you made yourself and are certain are “good enough”? And suppose[…]

cyber security software

When The Cyber War Comes Home

The modern battlefield has a new extension—cyberspace! And the modern battlefield is no longer confined to simple geographies of land masses, airspace, oceans, valleys and mountains. Better (more destructive) bombs, missiles, rockets, guns, and fighter aircraft, weren’t enough for us feisty humans. Just as the global economy has blurred once sharply defined geographical and economic[…]

When Comes December; Tailoring Your GRC Programs For The Coming Year

December brings more to our days than images of bright lights, holiday cheer, family gatherings, and for some, maybe a sprinkling of snow. In our work-realm of business and cyber risk management, it’s a time for reflection, refinement, and preparation for the year to come. Unless your business is retail or related, and you’re panting[…]

Moving To Zero Trust—A Process Or A Practice?

There are few buzz phrases in IT risk and security today with as much clout as “Zero Trust” and “Digital Twins”. Both represent significant departures from legacy practices that comprise much of the planning, design, and activity of current IT risk and security programs for many organizations, large and small alike. In a past posting[…]

When Come The Rains, Floods, Hurricanes, Earthquakes, and More

There is a whole category of threats to cyber risk and security often ignored despite its potential to impose catastrophic disruption and damage—business interruption! We attend to human malice in many forms, and its diverse efforts to gain unauthorized access to secure information, capture control of devices and systems, or perform all kinds of mischief[…]

The Executive Order on Improving the Nation’s Cybersecurity—Its Impact On Your Risk Management Program

Overview“It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example.”[1]  So states the Executive Order (EO) on Improving The Nation’s Cybersecurity! Noble by intent, and certainly appropriate, it has not[…]

Top

DoubleCheck ERM One™

An out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 associated, pre-populated risks to be used as a starting point.

X