3 min read
CrowdStrike and Supply Chain Risk Management—What Can we Learn From this Experience?
Wow, how much technology has changed in the past 15 years? I remember when “vendor” reviews were uncommon, technology was hosted in-house in 95% of...
Risk Management (2)
2 min read
Control Assessments Vs. Risk Assessments
When we first start working with new institutions, it is not unusual for us to see them struggling because they have focused their efforts on...
2 min read
Consent Orders Put Focus on Third-Party Risk Management
There have been multiple consent orders issued recently which have made it clear that regulators are starting to enforce new third-party risk...
2 min read
Navigating the Intersection of AI and Cybersecurity
In today’s rapidly evolving digital landscape, the rise of Artificial Intelligence (AI) has become a game-changer for businesses. As we explore how...
3 min read
The Three Lines of Defense
We have referenced this concept in blog posts previously related to growing your Information Security Program and ensuring independence in your...
2 min read
Ransomware Self-Assessment Tool 2.0: A Comprehensive Overview of the Latest Release
Introduction
2 min read
What is a Good Password Length?
We are often asked what length passwords should be. The answer that we give in general is that we would like user passwords to be at least 14...
2 min read
NIST Cybersecurity Framework 2.0 Draft Updates
The NIST Cybersecurity Framework (CSF) was initially developed in 2014 and was intended to be a living document, dependent on feedback from...
2 min read
If Everything is Important, Then Nothing Is.
"If everything is important, then nothing is." ― Patrick Lencioni We’ve all seen this concept applied to time management and other decision-making...