- All That’s Red Isn’t Ketchup: Vetting Your Third-Party Relationships opgrc.com/blog/all-thats…Posted 1 year ago
- Failure Is an Option: bit.ly/1Hz7xv5 http://t.co/kLk9aC2KbhPosted 2 years ago
- Policy Reboot: How to avoid Hollywood cliches when rebooting Your #itsecurity policies. bit.ly/1e5BRmK http://t.co/DVOK1foJV2Posted 2 years ago
- Driving in the Rain: How to handle the unpredictable (or unpredicted) via #riskmanagement bit.ly/1L6bETj http://t.co/hJNZfouxUYPosted 2 years ago
- Make sure your #GRC project goes out with a bang, not a fizzle: bit.ly/1H7n6I7 http://t.co/P8EReqeNW6Posted 2 years ago
Category Archives: Risk Management
The amount of data we are exposed to, both professionally and personally, is expanding wildly, all while the amount of investment necessary to store this data diminishes. Since storing information is so cheap now, there’s no real disincentive to avoid becoming “data hoarders.” While data hoarding has a lot fewer health risks than knick-knack hoarding, if you don’t manage your inbound data well, you can end up equally overwhelmed and paralyzed when you realize the mess you’ve made. Continue reading
“Privacy” is the current buzzword sweeping the nation, and no matter who you ask, everyone seems to have different opinions on the subject. With the latest revelation of government and business surveillance, both domestic and international, many people are asking themselves, “Is my private data actually private?” The ongoing struggle between security and privacy is nothing new (and it will continue for years to come), but if there is anyone who needs to be more worried than most, it would be the businesses who handle sensitive, business-critical information on a daily basis. Continue reading
One of the risks you may or may not be tracking within your GRC program is the data quality within your online Governance, Risk and Compliance (GRC) tool. The reports and metrics within your GRC system hinge on the data provided by your end users. Mediocre, or worse, inaccurate data can have far reaching impacts across the enterprise. If you prioritize tasks and make risk and compliance decisions based off the data within your tool, you need to have plans and strategies in place for vetting and reviewing that data. Continue reading
It’s the most wonderful time of the year! This Friday begins the official countdown to our favorite winter holidays (unless you’re the DJ at my local radio station; he flipped to Christmas music the day after Halloween). Trees glow in dazzling colors. Holiday decorations fill the yards of our neighbors and parents around the world stress to find those must-have gifts for their families. While we’re barreling toward this exciting season, our colleagues in the retail sector are bracing for the impact of another “Black Friday.” Continue reading
A French knight, an Italian math guy and a pair of dice ride into a casino. . .well, maybe that’s not exactly how the story of probability begins, but if I’m going to get you to read something other than the picture caption, I’ve got to grab your attention.
What are the odds your GRC metrics will hold up under scrutiny?
No matter where you work, you’ve likely sat through a meeting that included a statement like, “What gets measured gets done.” This statement is inevitably followed by some new thing to measure that will no doubt allow your team to “exceed stakeholder expectations” or some other amorphous goal – you’ll probably even get to hear the tale of “Company X” and how when they did the same thing it “revolutionized their business.”
It’s easy to fall in love with numeric measurements; they cut through the buzz words and provide something concrete. We put a lot of trust in numbers. However, are our numbers built on assumptions or facts? Continue reading