China’s New Cybersecurity Law: Awareness of Exposure Beyond the Breach

China’s New Cybersecurity Law provisions allow Chinese government legal access to enterprise networks, seriously implicating organizations that operate within the country. But even if your company does not operate in China, your vendors might, exposing your organization to derivative risk of working with third-parties..



You’re In the Hosting Business (And You Don’t Know It)

Vendors have enormous power to affect the success or failure of your business. As more organizations outsource business-critical functions to SaaS providers who host their service in the cloud, they unintentionally expose themselves to 3rd party risk..



RSA Conference Insights: Trends in IT VRM, GRC and Data Privacy

Every year at the RSA Conference, we have the opportunity to exchange ideas with risk and security professionals. This year was no different, our team came back with a few takeaways from our conversations that can help you benchmark your own GRC and security plans against current trends..




Debunking Integrated Risk Management Assumptions: Part 1 – Ensuring User Participation and Using Existing Toolsets

When organizations first start formulating their integrated risk management implementation strategy and weighing various technology options, they are bound to make assumptions to support their business case and technology selection criteria. In this 3-part series we will depict common IRM assumptions and outline best practices to help your organization choose the right solution for your business case. Part 1 of the series examines first two IRM assumptions: user participation and utilizing existing toolsets..


Breaking Up Is Hard to Do: Knowing When to Cut Ties with a Third-Party Vendor

If a relationship isn’t working, especially with your third-party vendors, it’s important to know when is the right time to break up. Whether you like it or not, the value of your brand and your reputation with your customers is closely tied with third-party vendors you work with. While it may seem difficult to know when to cut ties, it can be done in a systematic way..