Risk & Compliance News.

Mar 27th, 2023 - A recent Gartner survey of data and analytics leaders found that fewer than half think their teams are effective at providing value to their organizations. Here's how to change that equation. Chief data and analytics officers (CDAOs) are poised to be of increasing strategic importance to their organizations, but many are struggling to make headway, according to data presented last week by Gartner at the Gartner Data & Analytics Summit 2023. Fewer than half (44%) of data and analytics leaders ... [Read More]

Mar 27th, 2023 - Almost every company has felt the impact of a cybersecurity incident caused by a security breakdown in the software supply chain. According to a study by BlueVoyant, 98% of businesses were negatively affected by a supply chain-related breach, with 40% of the respondents saying they rely on the vendor to ensure security. However, by relying on someone else to be responsible for your security, you may be dropping the ball on monitoring the software for potential vulnerabilities. The lack of ... [Read More]

Mar 23rd, 2023 - Help the board understand where the business is vulnerable, where controls end, and where exposure begins. For more than 15 years, the cybersecurity industry has been talking about communicating with the board of directors . It's common practice for vendors to have e-books, webinars, and presentations about how and what chief information security officers (CISOs) should present to their boards — when they get the chance. Along with lack of opportunity, CISOs might have anxiety about ... [Read More]

Mar 23rd, 2023 - In what follows, we'll discuss some major regulations and standards emerging, and what to expect over the next couple of years. In April 2021, the European Commission accepted a proposal for a Corporate Sustainability Reporting Directive (CSRD) to revise the Non-Financial Reporting Directive (NFRD)—the current EU sustainability reporting framework that sets disclosure requirements for non-financial and diversity information by certain large companies. The CSRD also set the stage for the ... [Read More]

Mar 23rd, 2023 - Cybersecurity has long been an industry with a reputation for waiting for something bad to happen and then frantically responding when it does. We're part of the way into 2023, and cyber-attacks have been at the forefront of the news – which is no new phenomenon. We've learnt repeatedly that cyber incidents, particularly those targeting critical infrastructure, create immense business disruption and should not be overlooked. In fact, the World Economic Forum's  2023 Global Risks ... [Read More]

Mar 23rd, 2023 - The Cybersecurity and Infrastructure Security Agency is working to identify the most vulnerable critical infrastructure organizations across the nation this year, with the agency also establishing an office to coordinate its engagement with those groups. The agency is moving to identify "systemically important entities" by the end of September, CISA Director Jen Easterly told the Cybersecurity Advisory Committee this week. "We plan to work very closely with the sector risk management agencies ... [Read More]

Mar 23rd, 2023 - So, your company has undergone a compliance audit, and — don't faint from surprise here — it came back with a bundle of audit findings that you need to remediate. How does a compliance officer assure that all those cats are herded appropriately? This is the part we seldom discuss in corporate compliance . Everyone talks about frameworks , mapping controls , and gap analyses . Then comes something along the lines of "and now you have a roadmap for remediation," as if remediation is ... [Read More]

Mar 23rd, 2023 - Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services. MITRE has quietly released a cloud-based prototype platform for its new System of Trust (SoT) framework that defines and quantifies risks and cybersecurity concerns for the supply chain. The so-called Risk Model Manager (RMM) platform is now available for organizations to assess supply chain risk and security, as well as to view, edit, and customize ... [Read More]

Mar 22nd, 2023 - Vendor management is a critical process that ensures that businesses effectively monitor and manage their suppliers and vendors. From purchasing raw materials to delivering finished goods, businesses rely on vendors to ensure smooth operations. However, managing vendors can be a complex and time-consuming process, which can result in costly delays, errors, and inefficiencies. Fortunately, vendor management system software can streamline these processes and make it more efficient. In this ... [Read More]

Mar 21st, 2023 - Digital fraud and cybersecurity risks are always with us, and they're constantly changing as businesses open new channels and adopt new technologies that criminals work to exploit. Data breaches are an especially thorny problem, with millions of customer records breached every year, and even password managers becoming vulnerable targets. Fraud continues to increase year over year, with identity fraud and fraud-related scams leading to $52 billion in losses in 2021 in the U.S. alone. Meanwhile, ... [Read More]