Articles
Practitioners need to have the courage to stimulate management to remove controls and other procedures that cost more than they are worth.
Continue reading...
Any discussions of IT-related risk should start with an understanding of the organization's business objectives and go from there.
Continue reading...
In response to the growing number of cyberattacks, the U.S. is developing a zero trust technology strategy in conjunction with the private sector. Here's why.
Continue reading...
Pretty much every situation has several potential outcomes — some positive, some negative. Focusing only on the latter doesn't make business sense.
Continue reading...
ERM wants a seat at the management table. What do risk practitioners need to do to make this happen? And should that really be their goal?
Continue reading...
Would a change in reporting structure revitalize and give new energy to a risk management function and practice?
Continue reading...
Any technology risk assessment should be made in terms of the potential effect on the business, not any effect on IT assets or goals.
Continue reading...
The number of ransomware attacks is on the rise. Here's what enterprises can do to minimize their exposure.
Continue reading...
Risk-based audit needs a reset to enterprise risk and value auditing.
Continue reading...
Without intervention, information chaos will threaten the viability of our systems. The ransomware attacks are one of the visible consequences.
Continue reading...
Instead of using GRC, should we instead focus on what people are responsible for rather than tagging them with an expression that signifies nothing?
Continue reading...
With more data entering the enterprise, business leaders are looking at new ways to keep it under control. One way is through creating a single source of data.
Continue reading...
With an increase in the number of organizations using AI, many organizations are opening up a new attack vector for cybercriminals. Here's why.
Continue reading...
More people are recognizing that managing or mitigating a list of risks is not effective, nor of much value beyond compliance.
Continue reading...