Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

ChatGPT: The Cyber Risk vs. Reward

There has been a lot of talk about ChatGPT since it burst onto the market several months ago. And despite its infancy and the lack of standardized regulations around intelligent automation — the OpenAI tool has exploded into the tech ecosystems of businesses everywhere. While many see significant benefits from its use, few discuss the cyber risk to the industry and our organizations.

What Should Cyber Liability Insurance Cover?

According to a 2022 Verizon report, 43 percent of all data breaches reported worldwide targeted small and medium-sized businesses – with numerous businesses reporting at least eight hours of downtime after a severe cybersecurity incident. Little surprise, then, that demand for cyber liability insurance has surged in recent years. Businesses – especially small ones, with fewer financial resources – want to be made whole after a disruption.

The #1 Risk Management Myth

The security industry spent decades propagating the myth that risk is bad, and you must eliminate it — but this truth is… Your biggest risk could be the way you view it. You see, there are various “lenses” through which to view risk: rose-colored, blinders, magnifying and crystal clear. After presenting this concept at an ISACA-sponsored webinar, I received many questions and comments about putting this into practice.

CISO and Trust: Why It Matters

Chief information security officers (CISOs) have both internal- and external-facing roles. Externally, they must constantly scan the horizon for potential threats. Internally, they must implement, communicate, and champion best practices for security at their enterprises. In a time of sprawling global supply chains and growing automation, the role of the CISO is more complex than ever. To carry out this role effectively, CISOs must learn the importance of trust management.

3 Signs It's Time to Rethink Your Third-Party Risk Management

When you think about third-party risk management, what comes to mind? Are you concerned with measuring the effectiveness of your program? Do you know which third-party providers to focus your risk management efforts on? How are you evaluating your providers during the due diligence process?

Should Cyber Insurance Cover Ransomware Protection?

Companies around the world and across industries face greater cyber threats than ever before. Cybersecurity incidents are becoming ever more frequent, and the costs associated with those attacks have marched upward too. As the risks grow, companies have strengthened their capabilities, both in prevention and incident response. Still, no company can guarantee that it will never be hacked, so companies must have cyber insurance in place in case the worst happens.

Substantive Testing vs. Control Testing: How Do They Compare?

Internal controls can serve two purposes: to protect a business from accounting fraud, asset loss, or similar financial reporting failures; and to assure that the business meets its regulatory compliance obligations. An audit evaluates the accuracy of a company’s financial statements and the effectiveness of its internal control system to identify control weaknesses. In addition, audits typically include some form of substantive testing, which tests for risks of material misstatements and errors.

Up Your Lean Risk Management Team's Efficiency

These four words are all too familiar to most CISOs and Risk Managers. In fact, nearly 70% of cybersecurity practitioners and decision-makers feel that their organization doesn’t have enough security staff to be effective, found a recent Cybersecurity Workforce Study.1 Infosec and cyber risk management teams are usually small, stretched thin and overwhelmed with work.

Duty of Care Risk Analysis (DoCRA) Explained

Legal authorities and the general public typically hold organizations accountable for any harm caused during their daily operations. The expectation is that leaders of those organizations have considered the potential harms that might happen, and implemented reasonable precautions to reduce or eliminate the risks. This is known as the “DoCRA standard.”