Articles
How can the risk register be improved?
Continue reading...
Microsoft 365 has a ton of great applications, all with their own security implications.
Continue reading...
An effective internal audit team can provide great value to an organization. It's encouraging this is starting to be recognized.
Continue reading...
Work, even in teams such as IT audit, should be designed to address the business risks and opportunities that matter to the success of the organization.
Continue reading...
Finding and managing the dark data you don’t know about is a big project, but is worth the effort.
Continue reading...
A process I learned in my youth
Continue reading...
Organizations need solutions, processes and cultures that foster an ongoing dedication to information security without getting in the way of productivity.
Continue reading...
The risks and potential liability of ineffective data destruction at end of life are too high for organizations to risk.
Continue reading...
In so many cases, information mismanagement isn't a failure of technology so much as a failure of management to understand and take the necessary action.
Continue reading...
How agile is your internal audit team? Do you have speedboats or only battleships?
Continue reading...
When it comes to data security, most organizations worry about external actors, when what they really should worry about is the threat from within.
Continue reading...
The annual audit plan is typically out-of-date even before it is approved by the audit committee.
Continue reading...
Risk doesn't have to be scary or negative. Instead you should view it as fuel for growth.
Continue reading...
How can we, the "risk" managers, help leaders make informed and intelligent decisions that consider all the things that might happen?
Continue reading...