Many times several different assessments are required to understand adherence to a policy, regulatory framework, industry requirement, or some other regulation. While none of this difficult, it can result in asking the same question multiple times or fatigue of your auditee. To reduce fatigue and be able to view compliance across the board, as well…
From acquisitions to mergers to software having integrations with systems outside of your organization’s span of control, third party security risk management has never been more important. One of the most famous examples where third party risk management failed was the acquisition of the Starwood brand by Marriott in 2016. Impact of Third Party Risk…
So you have bought cyber insurance. Let’s take a deep breath knowing that you can be assured that you will not be out millions of dollars should your legal team announce your organization has been breached. Or maybe your organization will hear the words, “we are unable to cover your expenses.” Unfortunately, the latter is…
Security can be intimidating at first. The words “I feel like the sky is falling, just tell me where we need to start” are often said. One of the goals of the security program should be to have a positive employee experience that makes an impact on the organization to disrupt your industry with using…
One of the most common techniques of vendors is to immediately up sell going to the cloud; however, is the cloud always the best choice? To understand the true benefits of the cloud, one must first understand what the cloud is. Often this is alluded to a mega-structure with Fort Knox style security as well…