Home/CISO Discussions

An Insider’s Perspective on Choosing a Security and Compliance Partner That Is Right for Your Business

A few things to consider when choosing a consulting firm partner.

At risk3sixty, we interact with a lot of prospective customers who want us as a security consulting partner. Some firms ask great questions and have a clear understanding of what they are looking for. Others need a little more help […]
By |2020-01-23T19:20:21+00:00January 13th, 2020|CISO Discussions, IT Audit & Compliance|0 Comments

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.
 
People often regard information security policy as a “check-the-box” compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, […]

ISO 27001: Understanding Security Roles and Responsibilities and Why They Are Vital to the Success of Your Security Program

When building your Information Security Management System (ISMS) as part of ISO 27001 program implementation one of the most important elements of the system of management for your security program is ensuring all stakeholders understand their roles and responsibilities. (If you are unfamiliar with ISO 27001 and the “ISMS” you can  read our whitepaper on the ISO […]

How We Develop People at risk3sixty

My business partner and co-founder at risk3sixty, Christian White (CW), is a West Point graduate and former Ranger-qualified Captain in the U.S. Army. He served under some amazing leaders (like Rob Campbell who wrote a book about leadership called “It’s Personal not Personnel“) and had the opportunity to lead and develop hundreds of men and women. In fact, the U.S. […]

By |2020-01-25T12:33:45+00:00August 5th, 2019|CISO Discussions, Culture|0 Comments

How to Interview for Grit

I just finished the book “GRIT: The Power of Passion and Perseverance” by Angela Duckworth. Duckworth is a professor at the University of Pennsylvania and has studied Grit in the context of success for over a decade.

The results of her studies: Grit matters.

Instinctively, when I speak with leaders of organizations they know that […]

By |2020-01-25T12:36:01+00:00June 18th, 2018|CISO Discussions, Culture|0 Comments

How to Turn the Risk Committee Meeting into the Most Valuable Meeting on Your Calendar

Mention “Risk Committee” or “Enterprise Risk” to upper management and you will probably get an eye role. If you suggest a standing meeting about risk – it might get you fired. BUT – I believe the risk committee meeting can be the most valuable meeting on your calendar. Here’s how:

Why Risk Committee Meetings Are Important

Successful risk committee meetings are all about […]

Thoughts on Building an Information Security Program that Sticks

Most executives realize that information security (and cybersecurity) is a rising threat within their organization. This is the new normal in the digital economy. As result information security professionals that used to be viewed as technical practitioners are finding seats at the executive table and at with the board of directors.

The problem for most organizations trying to build an information security […]