Risk Management

What risk managers need to know about AI governance

As more businesses begin to realize the full potential of AI to deliver business results from their data, they're starting to bump up against their ability to manage it all. As the amount of data and number of models grow, organizations can accrue significant technical debt. Chief risk officers (CROs) and model risk managers can be left asking themselves, "Do I spend more to keep up with model demand, or do I accept more risk?"

Five Things to Know About Third Party Risk

It's no longer enough to simply ensure that your organization's systems and enterprise web presence are secure. Your risk management program needs to look beyond the perimeter of your organization to properly vet the third and fourth-party vendors who will have access to your data without being subject to your internal risk management process. The use of third parties in your supply chain or for data handling create potential risks that can be compounded by these third-party weaknesses.

How I Woke Up from the CMMC Compliance Nightmare

This live webinar recording features Bryan Van Brunt, Founder of Van Brunt Law Firm, P.A, and Max Aulakh, Founder & CEO of Ignyte Assurance Platform and Ignyte Institute, discussing how to get on board with the emerging Cybersecurity Maturity Model Certification (CMMC) compliance regulations and to be able to continue working with the DoD as a prime or subcontractor after the interim rule comes into effect.

What is Under the Cape of a Security Champion?

There is a big conversation happening right now in the world of application security (AppSec), one that is focused on how security and DevOps professionals can come together in the name of better, safer software. Because, right now, these teams are often worlds apart. Although DevOps has revolutionized the speed of software development, the implications of this increased velocity can sometimes run counter to the goals of security, emphasizing the need for better risk management.

CMMC Explainer

The Department of Defense (DoD) issued an interim rule to amend DFARS to implement the Cybersecurity Maturity Model Certification (CMMC) framework, making anyone in the defense contract supply-chain require a certification between Level 1 and Level 5 to qualify for government contracts. The CMMC is an advanced step in the DoD’s efforts to properly secure the DIB.

ZenGRC Demonstrates Industry Leadership with 15 Consecutive Quarters of Recognition on G2 Winter 2020 Grid Report for GRC Platforms

SAN FRANCISCO – December 16, 2020 – Reciprocity, the company behind ZenGRC, the industry-leading information security risk and compliance solution, today announced ZenGRC has earned two badges on the G2 Winter 2020 Grid Report. This marks the 15th consecutive quarter ZenGRC has been recognized by G2 in its quarterly report. G2 is a peer-to-peer business solutions review website, leveraging customer feedback to rank the best business software and services.

Featured Post

Create your Business Data Retention Policy

With the growing amount of data collected by various industries and organizations, it makes sense for business owners to want to create and enforce a robust data retention policy. Data retention policy allows organizations to manage the way they handle personal information. This includes tracking how long a set of data must be kept and how to delete the data when it's no longer needed.

7 Third-Party Security Risk Management Best Practices

Cooperation is the key to success. Working with third parties helps businesses increase their productivity and efficiency, produce better products and services, employ highly qualified experts, and cut costs. But all these benefits come at the price of increased cybersecurity risks. Minor flaws in your third-party vendor’s security and privacy routines may turn into cybersecurity weaknesses for your company.


How to Perform an IT Cyber Security Risk Assessment: Step-by-Step Guide

A cyber security risk assessment is about understanding, managing, controlling and mitigating cyber risk across your organization. It is a crucial part of any organization's risk management strategy and data protection efforts. Risk assessments are nothing new and whether you like it or not, if you work in information security, you are in the risk management business.


What is Third-Party Risk Management?

Creating and maintaining relationships with third parties brings about multiple risks. Whether your organization is large or small, it’s almost certain that you have business relationships with many third parties for specific types of operations. When operational data and confidential information are exchanged with third parties, that data and information are vulnerable to misuse and exploitation. This is where risk comes into the equation.