Hitting the Reset Button on ERM: How to Define ERM for Your Organization

Posted on July 17th, 2017 in ERM, Risk Management, Regulations by Noah Gottesman

ERM has historically lacked perspective and perception to be applied holistically and consistently within an organization. Over the last 10-15 years, information technology and cybersecurity industry associations have staked their own claim to risk management practices, activities, and approaches. Thus, we find ourselves with numerous ERM, risk management, and risk governance definitions, standards, and frameworks. Given this, we'll explore what an ERM initiative means for your organization.


First Step to managing Information Security: Threat and Vulnerability Assessments

Posted on April 18th, 2017 in Risk Management, Cybersecurity by John Oommen

Forbes reports that 70% of firms experienced at least one cybersecurity incident in 2017. In the past year alone, Yahoo’s $4.8B takeover by Verizon was nearly derailed by two major data breaches at Yahoo; even the US presidential election may have been impacted by hackers. And the risks are only growing – cars are computers on wheels and planes are computers on wings. Cybersecurity risk has evolved from just personnel information and financial data to control of physical things. Where does an organization start to minimize cyber risk?


Enterprise Risk Management Requirements of ORSA

Posted on March 15th, 2017 in Risk Management, Regulations by Jon Siegler

In 2012, the NAIC adopted the Risk Management and Own Risk and Solvency Assessment Model Act (#505) and although some state legislative processes have been slow to adopt, it is expected that most companies should be ready for ORSA and should be using it as part of their ERM framework by the end of 2017. This post explores the Enterprise Risk Management requirements of ORSA.


Personal Liability for CCOs: How to Negotiate the Growing Concern

Posted on October 24th, 2016 in GRC, Compliance by Jon Siegler

In early 2016, the Wall Street Journal published an article titled, “The Most Thankless Job on Wall Street Gets a New Worry,” and it’s no exaggeration—chief compliance officers (CCOs) are increasingly finding themselves in the limelight for compliance failures. In cases where CCOs are found to be willfully negligent of their duties, they’re having to pay out-of-pocket, sometimes in the millions.


Ignoring Enterprise Risk Management Can Result in Damaging Losses

Posted on August 15th, 2016 in Risk Management, Compliance, Regulations by Jon Siegler

In today's global and economic environment, two of the biggest areas of risk are regulatory compliance and cyber threats. With regulations on the rise, companies are facing a new and more varied challenges. If a company’s systems are breached it can mean severe damage to their reputation in the market and loss of customers, to name a few.


Drive Employee Engagement in GRC with a Great User Interface

Posted on August 8th, 2016 in GRC, LogicGate by Jon Siegler

In order to reduce your organization’s exposure to damaging fines, executives must make compliance and security programs as simple as possible for their employees. Corporations are expected to meet thousands of obligations, both internally imposed and through multiple regulatory agencies. Unfortunately, traditional software solutions to help manage compliance and risk are often built like relics of the past– they are big, bulky, inflexible, and difficult to use.


Enterprise Risk Management Should Focus More on the Process

Posted on July 19th, 2016 in Risk Management, Compliance by Jon Siegler

Corporate leadership is often veiled from the multitude of risks that are lurking behind the corners of their business. Critical risks embedded within business units often aren’t shared up to senior leadership because the systems and processes are not in place to enable this. The methodologies implemented for managing risks across the enterprise vary widely but most are chaotic, relying and email and spreadsheets for tracking a reporting.


Watch LogicGate at Technori!

Posted on June 21st, 2016 in LogicGate by Matt Kunkel

Technori is a monthly pitch event based in Chicago where 500 impassioned entrepreneurs, developers, designers, investors, and tech enthusiasts gather to watch leading tech companies present for five minutes each, with an interactive Q&A session. Matt Kunkel presented the LogicGate platform during Technori’s May event, “The Future of Work”. 


What are the PCI DSS Requirements?

Posted on May 5th, 2016 in Compliance by Jon Siegler

Payment Card Industry Data Security Standard (PCI DSS) is the global industry standard set of policies and procedures intended to enhance data security for all organizations that process, store, or transmit cardholder data. It has been adopted by all the major payment card brands as the standard model of data security. It contains practical steps that mirror security best practices.


Study: Ease of Use the Top Factor for Purchasing GRC Solutions

Posted on April 28th, 2016 in GRC, LogicGate by Jon Siegler

OCEG recently released their 2016 GRC Technology Strategy survey findings and the results contain some interesting observations about current and future state GRC solutions. For those that may not be familiar, OCEG is a nonprofit think tank and community that helps educate and inform members on governance, risk management, and compliance. They provide content, best practices, education, and certifications to drive leadership and business strategy through the application of the OCEG GRC Capability Model and Principled Performance.