China’s New Cybersecurity Law provisions allow Chinese government legal access to enterprise networks, seriously implicating organizations that operate within the country. But even if your company does not operate in China, your vendors might, exposing your organization to derivative risk of working with third-parties..
Mark Zuckerber’s op-ed in The Washington Post outlines ideas for internet “new rules,” including the adoption of GDPR-like regulation on a global scale. Although it is not yet a policy, is your organization prepared to deal with new regulations and effectively manage risk and compliance should they pass in the near future?.
Vendors have enormous power to affect the success or failure of your business. As more organizations outsource business-critical functions to SaaS providers who host their service in the cloud, they unintentionally expose themselves to 3rd party risk..
After almost a year of EU General Data Protection Regulation (GDPR) enforcement, companies are still adjusting to the changes implemented by the data privacy laws. However, the approach to the risk and penalties associated with GDPR might differ greatly depending on the size of the organization..
Every year at the RSA Conference, we have the opportunity to exchange ideas with risk and security professionals. This year was no different, our team came back with a few takeaways from our conversations that can help you benchmark your own GRC and security plans against current trends..
Final part of the 3-part series blog explores integrated risk management assumptions and misconceptions around implementation on-premises vs in the cloud..
Part 2 of the 3-part blog series, Debunking Integrated Risk Management Assumptions, examines common assumptions around total cost of ownership and the realities and best practices for how to increase your chances for success with IRM implementations..
When organizations first start formulating their integrated risk management implementation strategy and weighing various technology options, they are bound to make assumptions to support their business case and technology selection criteria. In this 3-part series we will depict common IRM assumptions and outline best practices to help your organization choose the right solution for your business case. Part 1 of the series examines first two IRM assumptions: user participation and utilizing existing toolsets..
If a relationship isn’t working, especially with your third-party vendors, it’s important to know when is the right time to break up. Whether you like it or not, the value of your brand and your reputation with your customers is closely tied with third-party vendors you work with. While it may seem difficult to know when to cut ties, it can be done in a systematic way..
Last December JBS Tolleson recalled more than 12 million pounds of beef that sickened hundreds of people.. This news should prompt you to think about your own supply chain risk management practices. Read the 3 big questions you should be asking yourself..