Risk Management


How to Identify and Classify High-Risk Third Parties

Today’s business landscape means having various business partners. From contractors to technology vendors, third parties are now part of everyone’s daily operations. However, with every new third-party you onboard, you also add a new risk. Supply chain attacks compromise your data, even if the third-party isn’t providing you a technology solution. To secure your data, you need to identify and classify high-risk third parties.


Public vs. Private Cloud Security: What's the Difference?

Security in cloud computing is often a major concern among cloud customers, mainly because of the risk of losing sensitive data and the difficulties of enforcing the organization’s security policies. Despite cloud computing’s potential efficiency for storing and exchanging files, cloud security remains questionable. According to one report from Statista, 81 percent of respondents found security to be the most prevalent challenge in cloud computing today.


What is Fourth-Party Risk?

Outsourcing is a critical part of business management and an important ingredient in business growth. One business outsources some task to another — but that second firm can also delegate some of its own business processes to yet another company. That last company then becomes a fourth-party to the first. As the role of fourth-party vendors expands, having a vendor risk management strategy in place becomes key to organizational success.


What Are the Types of Audit Evidence?

If your organization is required to follow one or more compliance frameworks, an external third party may demand an audit to verify that your company has actually met those compliance standards. When an organization is undergoing an audit, it must provide audit evidence, such as financial statements, internal documents, logs, and emails. The auditor uses that evidence to reach a conclusion about whether or not the client organization has achieved compliance.


How Data-Centric Security Models Build Cyber Resiliency

A data-centric security model moves your cybersecurity away from protecting the place where your data is stored to focus instead on securing the data itself. With cloud computing, there no longer is a single perimeter within which to secure your sensitive information. By protecting the data itself, you assure that no matter where the data goes, your organization is protected against cyber threats.


Security vs. Compliance: Understanding the Differences

As cyberattacks continue to proliferate, it’s clear that organizations must be prepared from both cybersecurity and compliance standpoints. It’s critical, however, to understand that while data security and compliance are both important for risk management and the prevention and mitigation of cyber attacks, the two concepts are definitely not the same.


How to Manage Risk With Internal Control Monitoring

Strong, effective internal controls are crucial to developing an efficient operating environment that drives business growth. Good internal control activities can help organizations deliver value to stakeholders and achieve strategic objectives, while also assuring compliance with applicable laws, regulations, and industry best practices. This guide will take a deeper look into internal controls monitoring, along with suggestions for how to make the process easier.


4 Reasons Why Cybersecurity is Important in Banking

Organized cybercriminals are leaving traditional bank robbers in the dust. Nowadays, the banking sector’s most significant security concerns come in the form of online threats. Banks and other financial institutions process millions of transactions daily, with the majority of the transactions done via digital payment transfer platforms. For that reason, banks have become enticing targets for cybercriminals.

Making the Most of Digital Risk Protection in Today's Threat Landscape

Hosted by Kroll and Redscan cyber risk experts, this webinar addressed digital risk protection (DRP) and shared impactful use cases for today’s threat landscape. Often classified as “dark web monitoring,” DRP can be merged with cyber threat intelligence services to not only track threats, but take action against threats happening outside of your network.

Avoiding Cyber Security False Positives

Today’s organizations are vulnerable to all kinds of cyberattacks, which NIST (the National Institute of Standards & Technology) defines as an event that disrupts, disables, destroys, or maliciously controls a computing environment, destroys data integrity, or steals controlled information. Expert security teams know that attackers might compromise the enterprise network, systems, or applications; or steal data at any time through any number of means.