Prime Contractor CMMC Rollout: Supporting Your Supply Chain
In an effort to strengthen U.S. national security, DoD contractors must roll out the Cybersecurity Maturity Model Certification (CMMC) across their internal business, and expect that their supply chain does the same. Those who don’t have the CMMC certification won’t be able to engage in Department of Defense (DoD) contracts, ... Read More
CIP-013 Implementation: Know Supplier Posture & Accelerate Compliance
As the deadline for NERC CIP-013 compliance approaches, power and utility organizations are focused on implementing supply chain risk management strategy across their global vendor base ... Read More
Guidance for CIP-013: Effective Date, Guidelines, and Enforcement
Updated April 2, 2020 - Latest NERC CIP-013 Guidance ... Read More
What is the CCPA and Who Must Comply? The California Consumer Privacy Act Explained
Following the European Union's General Data Protection Regulation (GDPR), and falling in line with the privacy laws of Massachusetts, Vermont, Ohio and many others, California's controversial new privacy law presents the opportunity for businesses to level-up on privacy best practices. And for those CISOs and IT leaders who help manage ... Read More
SSP and POAM Guidance for DFARS Compliance According to NIST
Defense federal acquisition regulation supplement (DFARS) Compliance has been top of mind for Prime contractors as well as Department of Defense (DoD) suppliers since before the initial deadline in 2017. With the first DFARS compliance audit underway and a new certification on the horizon, the road to ensuring that contractors ... Read More
Integrated Risk Management Magic Quadrant 2019 – In Review
It has been roughly one year since Gartner released the 2018 Magic Quadrant for Integrated Risk Management, the first of its kind, and as of this week the second Integrated Risk Management MQ has finally been released. The purpose of integrated risk management (IRM) is to enable organizations to simplify, ... Read More
What to Expect from the Security and Risk Management Market in 2019: Recap from the Gartner Security and Risk Management Summit
Digital Society is Real, and Security and Risk Management Solutions Must Embrace Digital to be Successful ... Read More
GRC’s Complexity Bias – Do Complex Programs Need Complex Solutions?
This month, in part three of our Lies GRC Is Telling You Series, we’ll be diving in to the second lie: your cyber program is complex, therefore you must need a complex solution. I struggled with this one given the fact that it was difficult to phrase correctly given that ... Read More
Legacy GRC And The Sunk Cost Fallacy
Last month, we covered how legacy GRC products and new integrated risk management (IRM) solutions can co-exist and in fact compliment each other. That said, in order for them to compliment we have to acknowledge that there is a distinct difference between the modular GRC products and IRM solutions. However, ... Read More
Why GRC Needs IRM
Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day occurrence in both business and in life. The tech ecosystem has observed and taken part in deploying large amounts of capital both in funding and ... Read More
