A Crash Course on Hyperproof’s GRC Maturity Model
Something has been missing in the governance, risk, and compliance (GRC) space: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. As a CISO, I was surprised to find that there was no published, widely adopted maturity ... Read More
Cybersecurity in Financial Disclosures: 11 Topics Your Section 1C of 10-K Filings Should Address
Last year, the Securities and Exchange Commission (SEC) announced new disclosure rules for publicly traded companies. Regulation S-K Item 106, which mandates cybersecurity disclosures in corporate 10-K filings, sheds light on how companies are navigating regulatory expectations in this digital age. This is the first time companies have been required ... Read More
Updating Your Risk Assessment Process for the Modern Era of GRC
Mastering the risk assessment process in the dynamic Governance, Risk, and Compliance (GRC) landscape is fundamental for your business’s stability and growth. Starting from scratch or regularly updating your risk register might seem overwhelming, but your investment of time and money protects you from harm. The modern era of GRC ... Read More
The Year of Trust: 6 Compliance Operations Predictions for 2024
2023 will be remembered as the year when breaches of trust, not cybersecurity, led to a fever pitch of litigation and regulatory changes. In 2023, the Federal Trade Commission (FTC) implemented a delayed formal change to the Safeguards Rule, expanding the scope of covered entities, and announced another change to ... Read More
The FTC updated the Safeguards Rule. Here’s how to avoid notification events.
In response to continuing data breaches at entities with lesser regulatory oversight, the FTC has revised its Safeguards Rule for the second time in many years. This new revision will take effect 180 days after publication in the Federal Register in April 2024. The last revision to the FTC’s Safeguards ... Read More
What Are Your Current Compliance Operations Really Costing You?
There’s no question that building a strong, proactive risk and compliance program has become modern table stakes for doing business. New regulations and certifications, increased regulatory scrutiny, and the focus on cybersecurity risk management have all led organizations to invest a significant amount of time, money, and resources into their ... Read More
The Ultimate Guide to Enterprise Risk Management Strategy
Enterprise risk management is a nebulous, hard-to-define topic area. It encompasses a large variety of risks and procedures for the enterprise and it differs greatly from traditional risk management. So, what exactly is enterprise risk management? In this article, we’ll establish what it is, present two common enterprise risk management ... Read More
Third-Party Risk Management: Best Practices for Protecting Your Business
At this time, nearly every business outsources some aspect of its operations. But it’s becoming increasingly tricky for organizations to ensure that third-party providers remain a source of strength for their business — not a weak link. According to Hyperproof’s 2023 IT Compliance Benchmark Report, 38% reported experiencing a third-party ... Read More
The SEC approved new disclosure requirements. Here’s what you need to know.
Big news: after over a year of delays, the SEC has adopted its proposed cybersecurity disclosure requirements. Here’s a rundown of the key takeaways: The new requirements go into effect on August 26, 2023 The final requirements will become effective 30 days after their publication in the Federal Register, meaning ... Read More
Has 2023 been the year of risk? Updates on our 8 predictions
It’s been about six months since we released our top eight predictions for 2023, which covered everything from org chart changes and crypto regulation to the new FTC Safeguards Rule. Were our predictions accurate? Let’s find out: 1. CISOs should expect to see org chart changes It’s still a little ... Read More