Late last year, Marriott announced a data breach that affected nearly half a billion of its customers. What started as a small breach four years ago should have been the stimulus to uncovering existing vulnerabilities, evaluating processes, and improving cybersecurity for the future..
What are CISOs top questions about Third-Party Risk Management? Chris Murphey sat down with over 150 CISOs on a six city tour finding out. Read his results here..
Rsam sat down with Michael Rasmussen of GRC 20/20 to discuss making a GRC RFP template and creating a business case for GRC Technology..
Can the NIST Cybersecurity Framework be used for even small companies? The passing of the NIST Small Business Cybersecurity Act says yes. Find out how to operationalize the NIST CSF..
Despite working hard to make vendor risk management better, for most organizations it is a continual struggle. One way to help organizations change how to think about this challenge is to reframe how you think about IT vendor risk management and your life outside of work..
How solid is your Business Continuity Plan? Do you even have one? Various threats such as hardware and software failures, cyberattacks, human error, and yes, natural disasters can take down your business. According to FEMA, 40% of businesses do not reopen after a natural disaster, another 25% fail within one year. Are you prepared? We’ve identified 5 basic steps to building a Business Continuity Plan to ensure you are..
Third Party Data Classification is essential to managing a sustainable and efficient business. For most organizations, vendor classification is typically established during initial onboarding based on what information vendors need to have access to at that point in time. Unfortunately, once set up, rarely do organizations reclassify their vendors, potentially exposing their vendor risk management strategy to unnecessary risk..
Third-party vendor assessments are often considered the cornerstone of any organization’s third-party risk management program. However, as a recent Rsam survey showed, less than 15% of vendors are being assessed. But the real issue is there is a whole ecosystem of third-party vendors not even being considered for assessment..
British Airways had a major cyberattack in 2018. Will they face GDPR fines in 2018? The investigation into British Airways’ data breach is still ongoing, so it’s too early to say what GDPR fines they may be hit with. However, they could face up to £488 million in penalties under GDPR. How would the Equifax breach in 2017 have fared?.
There is no silver bullet that would solve all our problems as it relates to risk management for brand reliance, however there’s one approach that can help organizations address brand risk and it is called Integrated Risk Management (IRM)..