No items have been added to your cart yet
Learn how to connect good governance with key risk, build an enterprise security program, and more.
During the COVID-19 pandemic, many enterprises have stated that employee health and well-being are their primary concern. The events of 2020 have also led organizations to evaluate their preparedness for and responses to another major risk factor...
Concerns about privacy risk have triggered a number of new privacy protection regulations: The US State of California Consumer Privacy Act (CCPA) went into effect on 1 January 2020, the Brazilian General Data Protection Law (LGPD) becomes effective in August 2020...
Never before has there been such an intense focus on digital as during the COVID-19 pandemic. This has been especially true for the business continuity management (BCM) efforts needed to provide work-from-home functionality to support social distancing.
Mercury NZ, a US$2 billion renewable energy generation and retail company, has the most NZ Stock Exchange shareholders of any New Zealand company, serving more than 373,000 residential, commercial, industrial and spot customers across New Zealand.
It is foolish to wait until an enterprise is in the midst of a data breach to test its cybersecurity incident response plan (CSIRP). How likely is it that the enterprise will know that a cyberattack is underway and be able to react appropriately?
When I was in graduate school, I read a lot of scholarly journals. (None of them were as lively nor as useful as the journal you are now reading.) One of the features I loved best was a rousing argument between academics about matters of miniscule interest to the general public.
Earlier this year, I authored a column on the “Components of an IT Audit Report.” These components need to provide assurance, inform auditees and others of management and control issues, recommend corrective action, and represent the quality of the audit and the credibility of the audit organization.
I have been a remote worker for approximately five years. The transition was not an easy one. However, in the past two years I have come to a very “Zen” place in my work-from-home routine…or lack thereof.
Tracey Dedrick is a C-suite executive experienced in risk, compliance, treasury and investor relations. She was executive vice president (EVP) and head of enterprise risk management for Santander Holdings US, where she was responsible for enterprise risk, operational risk and market risk for the Americas.
Leadership expert and former US Navy SEAL Jocko Willink wrote the following, “And most important, discipline will put you on the path to FREEDOM.” What does this have to do with innovation? Everything, as it turns out.
With the proliferation of cloud computing services available, our organization is considering moving IT-related services to cloudbased services. What are the benefits and risk associated with using cloud services? What steps should we follow when selecting a cloud service provider (CSP)?
It is time to reassess cybersecurity because current efforts to prevent ransomware events are porous and are not fulfilling their purpose. The facts are clear. Ransomware is distributed by a variety of methods, including infected websites, online advertisements and Universal Serial Buses (USBs); direct attacks...
In response to declining revenue in one of their customer segments due to changes in market dynamics, a group of executives assembled on a Monday morning to come up with a strategic initiative to counter this problem.
As global regulators start to tentatively embrace the concept of cyberresilience, it is clear that there has been a significant change in the way that cyberattacks are perceived.
Organizations place a strong emphasis on cybersecurity, privacy and compliance. However, many enterprises are uneducated when it comes to identifying, assessing, responding to and monitoring these domains. Auditors provide value in these areas and address these deficiencies via various techniques and approaches.
It is vital that organizations take action to improve security awareness. Threat reports increasingly acknowledge and predict attacks connected to the human factor (e.g., ransomware, fake news). Employees pose a high-level risk at all enterprises because it is generally known that they are the weakest link in the chain of information security.
The EU General Data Protection Regulation (GDPR) plays a part in enterprises’ overall strategies and, more specifically, in their collection and use of threat intelligence. In particular, it impacts enterprises’ security and privacy strategies for current and planned projects.
Recent advances in computing technology have empowered IT professionals to increasingly rely on abstraction, freeing them from the burden of managing infrastructure and allowing them to focus their energies on delivering quality software as fast as possible.
No matter the size of an organization, every organization that depends on information technology to conduct any part of its business should have a functioning cybersecurity program.
Maintaining data security has become more challenging in recent years. Many countries have passed and adopted comprehensive laws dealing with this issue, and others are debating the necessity of doing so.