Every business activity involves risk, so simply viewing and measuring risk at a high level isn’t enough. InfoSec teams also need to identify and categorize risks as they relate to individual business activities and the context around them. Managing risk is all about delivering insights so that key stakeholders – including executives and the board – can better understand their IT risk posture and use that knowledge to make better business decisions. But where to start?

The team at Reciprocity recently conducted a live poll and asked our audience, “Are you currently using your compliance program to guide your risk management program?” Here’s what our respondents said...

Businesses are constantly adapting to changing circumstances. Yet, many are strapped for resources and view compliance as nothing more than a checklist of requirements to satisfy regulators or auditors which could short-change their business. At the same time, the pandemic has highlighted the necessity of risk management for every organization, and exposed the gaps that exist in many governance, risk, and compliance (GRC) programs today.