Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ GRC 



March 26, 2018 | Regulations & Legislation
By Marty Gomberg, IANS Faculty

 GDPR: What’s in Scope?

Organizations are scrambling to get compliant with the EU's new General Data Protection Regulation (GDPR) before it comes into force in May, but figuring out exactly what kind of data is governed by the law isn't straightforward. In this Ask-an-Expert written response, IANS Faculty Marty Gomberg clarifies the issue.

Read More »


March 12, 2018 | Risk Management
By Rich Guida, IANS Faculty

 Get Business Execs to Share Their Infosec Risk Concerns

Understanding what risks keep business execs up at night is the foundation of good information security, but how can you elicit this info and ensure execs remain engaged? In this Ask-an-Expert written response, IANS Faculty Rich Guida details a process that not only draws out executives' primary concerns but maps them to key infosec risks to gain better consensus - and funding.

Read More »


March 8, 2018 | Metrics and Reporting
By Josh More, IANS Faculty

 Use Metrics to Communicate Risk Management’s Value

A successful metrics program helps tell security's story in a way that fosters business engagement and support, but what's the best way to get there? In this Ask-an-Expert written response, IANS Faculty Josh More discusses the difference between operational and strategic metrics, and offers tips for getting started using FAIR.

Read More »


March 5, 2018 | IT Service Management
By Josh More, IANS Faculty

 Ensure Critical Elements Are Included in GRC Documents, Workflows

When starting a GRC program from scratch, it can be difficult to foresee which ingredients are critical to success and which aren't. In this Ask-an-Expert written response, IANS Faculty Josh More details the critical elements to include and pitfalls to avoid, while urging a high-level focus on workflows, culture and stakeholder alignment.

Read More »


February 23, 2018 | Enterprise and IT Compliance Management

 SEC Releases New Guidance on Cybersecurity Risk Disclosures

On February 21, 2018, The Securities and Exchange Commission (SEC) released “interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.” The document formally clarifies how the SEC expects firms to handle disclosures of “material risks” related to cybersecurity.

Read More »


February 16, 2018 | Threat Intelligence and Modeling
By Adam Shostack, IANS Faculty

 Comprehensive, Structured and Systematic: Engineering for Security

The hardest part of security is going from random discovery of problems as you create new features to a systematic, comprehensive and structured approach to finding problems early. In this webinar, IANS Faculty Adam Shostack identifies ways to bring security engineering to the very earliest parts of product or service cycles, align with agile practices and reap the benefits that come from such efforts: faster, more predictable and more secure launches.

Read More »


February 5, 2018 | Vendor and Partner Management
By Aaron Turner, IANS Faculty

 Understand and Manage Offshore Contractor Risk

Using offshore contractors in countries like India presents a host of risks, beyond those faced when working with U.S.-based third parties. In this Ask-an-Expert written response, IANS Faculty Aaron Turner urges companies to focus on both geopolitical and human risk factors when choosing an overseas partner.

Read More »


February 5, 2018 | Regulations & Legislation
By George Gerchow, IANS Faculty

 5 Practical Steps to GDPR Success

With all the noise, panic and questions about the EU’s new General Data Protection Regulation (GDPR), it’s difficult to discern the right mix of policies, procedures and technologies to ensure compliance. In this webinar, IANS Faculty George Gerchow helps you prioritize the practical steps you can take today – and the tougher steps you can safely put off for tomorrow – to ensure your organization is fully prepared when the ruling comes into full force this May.

Read More »


February 1, 2018 | Risk Management

 IANS Risk Register Tool (Updated)

Building a Risk Register is a critical undertaking for organizations of all sizes, and there are a number of factors that contribute to its accuracy and success. This tool (updated to include the latest PCI DSS 3.2 requirements) offers a step-by-step guide for identifying risk and harm, calculating exposure and adopting appropriate security controls. 

Read More »


January 30, 2018 | Enterprise and IT Compliance Management

 IANS General Data Protection Regulation (GDPR) Checklist

With all the noise, panic and questions about the EU’s new General Data Protection Regulation (GDPR), it’s difficult to discern the right mix of policies, procedures and technologies to ensure compliance. This checklist helps prioritize the practical steps you can take today to ensure your organization is fully prepared when the ruling comes into full force this May.

Read More »