Blog

How Much Can Data Breaches Cost US Companies?

Posted on October 30th, 2018 in Cybersecurity, Information Security Risk, Incident Management by Szuyin Leow

The consequences of data breaches are severe and only getting worse. That’s the takeaway from a new study which shows just how painful leaks of sensitive information can be for everyone involved. More data is being compromised than ever before, and companies are paying the price.

Read more...

How to Determine Risk Scores: Internal vs. External Risks

Posted on October 13th, 2018 in ERM by Gary Elens

As key indicators of any Enterprise Risk Management System, risk scores can help you identify and respond to the most pressing concerns affecting the health of your organization. In this blog post you'll learn what they are, how they're calculated, and how to use them most effectively.

Read more...

Third-Party Vendor Risk Costs PG&E $2.7 Million

Posted on October 9th, 2018 in Cybersecurity, Information Security Risk, Third-Party Risk, Vendor Management by Matt Kunkel

When sensitive data is exchanged between a major company and its third-party vendors, the source company can take on information-security risks it wouldn't otherwise face. After all, its security measures become only as strong as that of the weaker partner. Such scenarios can cause big consequences: just ask PG&E, which was hit with a major fine when one of its third-party vendors neglected to follow some basic security policies.

Read more...

Top 5 Issues Companies Should Consider When Utilizing Big Data

Posted on August 22nd, 2018 in Cybersecurity, Information Security Risk, GDPR by Jon Siegler

One of the greatest assets a company can have is knowledge about its customers. With the advancement of technology, it is now easier and cheaper than ever to collect and store large amounts of data for long periods of time. While the advantages of big data storage and processing are endless, it’s crucial to consider the issues surrounding big data privacy and compliance.

 

Read more...

Creating a Culture of Risk Throughout the Organization

Posted on August 7th, 2018 in ERM, Risk Management by Jon Siegler

An effective risk culture is one that allows and encourages individuals and departments to take risks in an educated and confident manner. When separating companies based on their risk culture, you will find two types of companies: companies that do not acknowledge risk and companies that have given every employee the power to identify & monitor for potential risk. In this post you’ll learn: why creating a culture of risk is important, how to create a culture of risk, and what a good risk culture looks like.

Read more...

5 Practical Steps to Scale Your Vendor Risk Management Program

Posted on July 16th, 2018 in Vendor Management, Third-Party Risk by Matt Kunkel

At our recent webinar with ITGRCFORUM we discussed practical steps to scale your vendor risk management program. Over 500 attendees joined the webinar and learned 5 practical steps they could implement to scale their third-party vendor risk management programs, which address the most common vendor risks and problems. 

Read more...

How an Integrated Risk Management Program Could Have Prevented it All for Wells Fargo

Posted on July 5th, 2018 in ERM by Matt Kunkel

Wells Fargo is in the midst of a governance, risk, and compliance nightmare. Misunderstanding or completely dismissing company policies has cost Wells Fargo “$414 million in refunds and settlements, and hundreds of millions more on legal fees, consultants and other costs related to the accounts scandal and its aftermath,” as well as hundreds of millions in potential growth, and immense reputational damage that will take years to recover from. This post will look into where Wells Fargo went wrong and how they could have prevented it all. 

Read more...

A Proactive Approach to Enterprise Risk Management

Posted on June 15th, 2018 in ERM by Jon Siegler

Companies of all sizes and across virtually all industries are beginning to see the necessity of having an enterprise risk management (ERM) program that is comprehensive, organization-wide, and integrated within strategic planning efforts. In this post, we’ll look at the steps required to implement a proactive ERM program, the benefits seen across an organization once risk is handled proactively, and how to select an ERM tool that is robust and mature enough to address the issues organizations are facing with regards to ERM.

Read more...

7 Things to Know about the NIST CSF Update

Posted on May 24th, 2018 in Cybersecurity by Szuyin Leow

On April 16, 2018, the National Institute of Standards and Technology (NIST), released updates to their Cybersecurity Framework (CSF) titled “Framework for Improving Critical Infrastructure Cybersecurity Version 1.1”...The updates work seamlessly with the original framework and are intended to be implemented by first time and current framework users. 

Read more...

LogicGate Helps You Meet OIG's 7 Key Elements of Compliance

Posted on May 16th, 2018 in Policy Management, Compliance by Gary Elens

There are many complex issues in the healthcare industry. With looming government regulation and drastic changes in policy, 2018 is projected to be a year of unknowns and change. In addition to implementing new regulations, the industry must still meet current compliance requirements without fail.The Office of Inspector General’s (OIG) 7 Key Elements of Compliance are the minimum standard and mandatory for all hospitals. Using an automated system that will streamline and reduce potential risk while also adapting to the needs of an individual hospital is paramount in this uncertain climate.

Read more...