“We are honored to have our ZenGRC platform recognized with four G2 Fall 2021 Grid Report badges: Leader, Momentum Leader, Mid Market Leader, and Users Love Us,” said Jenny Victor, Vice President of Marketing at Reciprocity.
Companies list governance, risk, and compliance (GRC) as a top priority, but “doing GRC” isn’t easy. It takes time, effort and a strategy – and starting is usually the hardest part. So, in the first of our Back to Basics blogs, we’re going to focus on where every compliance and risk practitioner should start when building a GRC program: selecting the compliance frameworks which will form the foundation of your GRC program…
As cyber threats and data breaches proliferate, organizations need a better way to protect their sensitive data. One specific need: effective and efficient data security models. A security model includes procedures to validate security policies and to implement vital business processes and workflows in your security program. A security model also specifies the data structures and techniques required to enforce security policies.
As your company grows, outsourcing certain tasks will likely become necessary. Whether procuring materials from outside manufacturers or contracting freelancers to help your marketing efforts, third- and even fourth-party vendors have become critical relationships in any developing business. Opening your organization to third parties has many benefits. It also exposes your company to new risks you may not have considered.
Operational risk is any risk stemming from your company’s business processes that could result in loss. This loss is not always financial; things like reputational risk also fall under this category. Operational risk management (ORM) is the art of protecting your company from these potential risks and minimizing any losses that may occur. ORM began in financial institutions and became streamlined and codified over the years via the Basel Committee on Banking Supervision (BCBS).
Organizations today live in a dynamic environment. Risks to your business activities are everywhere, including among the relationships you have with other parties. From choosing supply chains to engaging in new partnerships, third-party risks have always been part of the risk assessments that organizations perform (or should perform, at least). Unfortunately, with the advent of cloud services and automation, third-party risks are now one of the most common threats that the modern enterprise faces.
In 2016, an article in the Harvard Business Review called out organizations that focused on external cybersecurity threats while ignoring the threats originating from within — and rightly so. Today, about 66 percent of organizations believe that malicious insider attacks are more likely than external attacks. This points to a growing (and welcome) awareness of internal cybersecurity threats.
Given the countless cyber threats facing organizations these days, security has become one of the most pressing issues on the executive mind. Yet when we talk about cybersecurity, we rarely focus on security vulnerabilities and how patching those vulnerabilities is crucial for a cybersecurity program. So what is vulnerability patching, exactly? A vulnerability is a flaw that cybercriminals can exploit to gain unauthorized access or to perform unauthorized actions on a computer system.
Cybersecurity threats have proliferated for years, and that shows no sign of stopping. One estimate, for example, is that damages due to cybercrime will hit $10.5 trillion by 2025. One especially pernicious threat gaining new popularity: fileless malware. Fileless malware attacks are particularly dangerous because, unlike traditional malware, they involve no files to scan — and therefore are harder to detect by conventional endpoint protection tools.
Modern technology allows the easy collection and distribution of personally identifiable information — and concerns about the unintended distribution of that personal data have led to a wave of data privacy laws around the world. The U.S. Health Insurance Portability and Accountability Act (HIPAA) is one such law, and imposes strict rules on how hospitals, healthcare businesses, and other “covered entities” handle personal health information (PHI).
