Risk Register Templates: Enhancing Your Risk Management Strategy
In a world full of uncertainties, how do you keep your business risks in check? Today, we’re exploring risk register templates and how they can supercharge your risk management strategy. What is a Risk Register? First things first, let’s define what a risk register is. A risk register is a ... Read More
Colorado New AI Act: Everything you Need to Know
On May 8, 2024, the Colorado House of Representatives passed SB 205, a landmark law regulating artificial intelligence (AI). This bill, which had already cleared the state Senate on May 3, positions Colorado as the first state in the nation to introduce comprehensive AI legislation. With Governor Jared Polis’s decision ... Read More
Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0
The NIST Cybersecurity Framework (CSF) has long served as a cybersecurity cornerstone, offering a structured approach to managing and improving cybersecurity risk. With the release of NIST CSF 2.0, organizations are poised to benefit from updated guidelines that reflect the latest cybersecurity practices and challenges. Understanding NIST CSF 2.0 The ... Read More
Massive Data Breach Exposes Personal Information of Billions
A data breach at National Public Data, a relatively obscure but widely connected company, has exposed 272 million Social Security numbers. This breach, reminiscent of the 2017 Equifax breach but on an even larger scale, has sent shockwaves through the security sector. Hackers infiltrated National Public Data’s systems, accessing a ... Read More
When Compliance Fails: Eye-Opening Incidents in GRC You Need to Know
In the world of governance, risk, and compliance (GRC), there’s no shortage of incidents that illustrate what can happen when companies fall short of their compliance responsibilities. In this blog, we’ll present the “best of the worst” compliance failures—a collection of incidents and stories that serve as stark reminders of ... Read More
DORA’s Third-Party Risk Standards in 2024: A Comprehensive Guide
The digital age has revolutionized the financial sector, making it more efficient and interconnected. However, this transformation has also introduced new risks, particularly from third-party ICT (Information and Communication Technology) providers. Recognizing the critical role these providers play in the financial ecosystem, the European Union has introduced the Digital Operational ... Read More
The Key Components of HRIPA Compliance
Data breaches and privacy concerns are all too common today. That’s why the Australian Health Records and Information Privacy Act 2002 (HRIPA) is highly relevant. This legislation ensures that your privacy is rigorously protected when you share your medical history or undergo a procedure. HRIPA mandates strict protocols for healthcare ... Read More
Whistle While You Work
The DOJ rolled out its Corporate Whistleblower Awards Pilot Program this month. The initiative incentivizes whistleblowers who provide original, non-public information about corporate misconduct. If their tip leads to a DOJ enforcement action with a monetary forfeiture over $1 million, they could earn a slice of that pie—up to 30% ... Read More
7 Methods for Calculating Cybersecurity Risk Scores: A Guide to Risk Analysis
Cyber risk scores measure the potential impact and likelihood of cyber threats. These scores help organizations prioritize their security efforts, allocate resources efficiently, and communicate risks to stakeholders clearly. It’s important to note that while risk scoring is an integral part of risk management, it is not the same as ... Read More
Delta’s Mirror Moment: A Play of Third-Party Reflection
Setting: Two friends, Delta Air and Crowd Strike, sit at a corner table, sipping their drinks and exchanging sharp glances. Delta: (sighing heavily) CrowdStrike, you’ve really put me in a bind with that faulty update. Do you know how many flights I had to cancel? Over 6,000! My passengers were ... Read More