Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.
Business boils down to one thing: People
People are the most challenging (and rewarding) part of a successful business. And I mean the full lifecycle of employee experience. You have to do a great job recruiting, making hiring decisions, then training people better than anyone else, creating a culture where people want to stay, and if people leave – helping them succeed […]
When most people think of hacking, they think of what Hollywood portrays. In a dark basement, a hooded, perhaps tattooed outcast rapidly types nonsensical keystrokes at a flashy computer monitor for several seconds before snidely muttering, “I’m in.”
By that representation, the hacking process seems pretty straightforward: find a vulnerability, exploit it and ride off into the sunset with a bunch of […]
If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process.
Step 1: Readiness Assessment
A readiness assessment helps your organization prepare for a SOC 2 audit. Used for internal purposes, this assessment provides your organization with a roadmap to prepare for a SOC 2 audit by identifying your current controls as […]
There is understandably quite a bit of confusion in the market place when it comes to offensive security engagements. Consultants use a number of terms and phrases that often times overlap with one another quite a bit, but often times fail to differentiate effectively. For example:
- Vulnerability assessment
- Vulnerability research
- Penetration test
- Security Audit
- Red teaming
- Social engineering
- Phishing Campaigns
With so […]
The EU-US Privacy Shield may soon be a thing of the past after the European Parliament passed a resolution on July 5th, calling on the European Commission to suspend the agreement unless the U.S. takes further action by September 1st of this year to become compliant with […]
I just finished the book “GRIT: The Power of Passion and Perseverance” by Angela Duckworth. Duckworth is a professor at the University of Pennsylvania and has studied Grit in the context of success for over a decade.
The results of her studies: Grit matters.
Instinctively, when I speak with leaders of organizations they know that […]
The Data Protection Impact Assessment (DPIA) is a significant new burden on data controllers under GDPR. As many have noted, GDPR does not clearly outline when a DPIA is required, instead referring to processing “likely to result in a high risk to the rights and freedoms of natural persons.”
Article 35(4) charges supervisory authorities with developing a list of processing operations […]
I recently finished the book “Traction” by Gino Wickman. Next to Scaling-Up by Verne Harnish, I think it is one of the most actionable business books I’ve ever read. Our team has informally adopted both books as part of the risk3sixty cannon. While the book is largely about building a great running business – […]
Mention “Risk Committee” or “Enterprise Risk” to upper management and you will probably get an eye role. If you suggest a standing meeting about risk – it might get you fired. BUT – I believe the risk committee meeting can be the most valuable meeting on your calendar. Here’s how:
Why Risk Committee Meetings Are Important
Successful risk committee meetings are all about […]