Risk Management


Key Takeaways From the NIST Ransomware Risk Management Profile

Ransomware groups have generated so much damage that the United States Federal government has made it a top priority to thwart such efforts including, hosting a major international summit on the topic, setting up a ransomware task force and repeatedly urging organizations to improve their cyber resilience.

Lunch & Learn: Navigating Increased Transactional Risk Scrutiny

The list and severity of risks that can affect a transaction continue to grow, with cyber becoming an alarmingly difficult challenge for firms of all sizes. With tighter scrutiny around Regulations S-P and S-ID, a variety of disclosure obligations and new encrypted messaging apps, conducting proper cyber due diligence is imperative. However, will cyber diligence slow the deal? What are the implications for taking shortcuts?

How to Identify and Classify High-Risk Third Parties

Today’s business landscape means having various business partners. From contractors to technology vendors, third parties are now part of everyone’s daily operations. However, with every new third-party you onboard, you also add a new risk. Supply chain attacks compromise your data, even if the third-party isn’t providing you a technology solution. To secure your data, you need to identify and classify high-risk third parties.


Public vs. Private Cloud Security: What's the Difference?

Security in cloud computing is often a major concern among cloud customers, mainly because of the risk of losing sensitive data and the difficulties of enforcing the organization’s security policies. Despite cloud computing’s potential efficiency for storing and exchanging files, cloud security remains questionable. According to one report from Statista, 81 percent of respondents found security to be the most prevalent challenge in cloud computing today.


What is Fourth-Party Risk?

Outsourcing is a critical part of business management and an important ingredient in business growth. One business outsources some task to another — but that second firm can also delegate some of its own business processes to yet another company. That last company then becomes a fourth-party to the first. As the role of fourth-party vendors expands, having a vendor risk management strategy in place becomes key to organizational success.


What Are the Types of Audit Evidence?

If your organization is required to follow one or more compliance frameworks, an external third party may demand an audit to verify that your company has actually met those compliance standards. When an organization is undergoing an audit, it must provide audit evidence, such as financial statements, internal documents, logs, and emails. The auditor uses that evidence to reach a conclusion about whether or not the client organization has achieved compliance.


How Data-Centric Security Models Build Cyber Resiliency

A data-centric security model moves your cybersecurity away from protecting the place where your data is stored to focus instead on securing the data itself. With cloud computing, there no longer is a single perimeter within which to secure your sensitive information. By protecting the data itself, you assure that no matter where the data goes, your organization is protected against cyber threats.


Security vs. Compliance: Understanding the Differences

As cyberattacks continue to proliferate, it’s clear that organizations must be prepared from both cybersecurity and compliance standpoints. It’s critical, however, to understand that while data security and compliance are both important for risk management and the prevention and mitigation of cyber attacks, the two concepts are definitely not the same.


How to Manage Risk With Internal Control Monitoring

Strong, effective internal controls are crucial to developing an efficient operating environment that drives business growth. Good internal control activities can help organizations deliver value to stakeholders and achieve strategic objectives, while also assuring compliance with applicable laws, regulations, and industry best practices. This guide will take a deeper look into internal controls monitoring, along with suggestions for how to make the process easier.