Tag: it grc

A list of top risks goes out of date in no time. Here's what the chief risk officer and the chief audit executive should do instead.

Lowering headcount is the first course of action for too many companies looking to cut costs. A more measured approach is required.

Over the last few years, leaders have seen the damage that a lack of preparedness and resilience can cause. Now's the time to develop those powers.

Wrike is back with a work management platform, while Ernst & Young looks to the metaverse for new business. There is also news from Microsoft, Oracle and 10KC.

How confident is your chief risk officer in their risk assessment? Are they 100% confident? 90% or 80%? CROs need to understand the margin of error.

Cybersecurity risk assessment should be an integral part of the organization’s enterprise risk management program and decision-making, not a siloed operation.

Internal audit needs to be alert to poor performers, at any level. They also need to be alert to the failure to recognize and reward high performers.

As business finds increasing uses for AI, developing a model for governance of the data will be critical to staying on the right side of regulation.

While industry data clearly demonstrates the preference for, and value of, SaaS applications, I believe we’ve only scratched the surface of what’s possible.

Which would you rather be when new information challenges arise: proactive or reactive?

The rapid development and deployment of workplace technologies, coupled with the adoption of new ways of working, comes with added risks.

How do you prioritize data protection at a time of evaporating perimeters, widespread data access, and the misguided idea that “more is better” with data?

There is a close link between business processes and risk levels. Learn how to manage the former to reduce the latter.

How can the risk register be improved?

Microsoft 365 has a ton of great applications, all with their own security implications.

Finding and managing the dark data you don’t know about is a big project, but is worth the effort.

A process I learned in my youth

Organizations need solutions, processes and cultures that foster an ongoing dedication to information security without getting in the way of productivity.

The risks and potential liability of ineffective data destruction at end of life are too high for organizations to risk.

In so many cases, information mismanagement isn't a failure of technology so much as a failure of management to understand and take the necessary action.