What is the CCPA and Who Must Comply? The California Consumer Privacy Act Explained

Following the European Union's General Data Protection Regulation (GDPR), and falling in line with the privacy laws of Massachusetts, Vermont, Ohio and many others, California's controversial new privacy law presents the opportunity for businesses to level-up on privacy best practices. And for those CISOs and IT leaders who help manage ... Read More

SSP and POAM Guidance for DFARS Compliance According to NIST

Defense federal acquisition regulation supplement (DFARS) Compliance has been top of mind for Prime contractors as well as Department of Defense (DoD) suppliers since before the initial deadline in 2017. With the first DFARS compliance audit underway and a new certification on the horizon, the road to ensuring that contractors ... Read More

Integrated Risk Management Magic Quadrant 2019 – In Review

It has been roughly one year since Gartner released the 2018 Magic Quadrant for Integrated Risk Management, the first of its kind, and as of this week the second Integrated Risk Management MQ has finally been released. The purpose of integrated risk management (IRM) is to enable organizations to simplify, ... Read More

What to Expect from the Security and Risk Management Market in 2019: Recap from the Gartner Security and Risk Management Summit

Digital Society is Real, and Security and Risk Management Solutions Must Embrace Digital to be Successful ... Read More

GRC’s Complexity Bias – Do Complex Programs Need Complex Solutions?

This month, in part three of our Lies GRC Is Telling You Series, we’ll be diving in to the second lie: your cyber program is complex, therefore you must need a complex solution. I struggled with this one given the fact that it was difficult to phrase correctly given that ... Read More

Legacy GRC And The Sunk Cost Fallacy

Last month, we covered how legacy GRC products and new integrated risk management (IRM) solutions can co-exist and in fact compliment each other. That said, in order for them to compliment we have to acknowledge that there is a distinct difference between the modular GRC products and IRM solutions. However, ... Read More

Why GRC Needs IRM

Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day occurrence in both business and in life. The tech ecosystem has observed and taken part in deploying large amounts of capital both in funding and ... Read More
4 Compliance And Risk Reports Every CISO Needs

4 Compliance And Risk Reports Every CISO Needs

By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually, which is an increase from today's 40%. (Gartner) ... Read More