A new white paper from the Association of Chartered Certified Accountants (ACCA), “Rethinking Risk for the Future”, argues that “accountancy is playing an increasingly larger role in navigating organizations through the urgent problems and interconnected risks
Companies have gradually been moving to the cloud for years, but still need a model for prioritizing security initiatives for their cloud migration. Feedback from our clients is that organizations spread across multiple geographies, markets and business functions operate in silos
Total risk for an IT asset such as a data repository or web app is exactly what is sounds like: the aggregate risk to a digital asset posed by relevant cybersecurity risk scenarios. That is, an asset will have a combination of relevant scenarios
In a warning of a get-tough policy on cyber risk management, the Securities and Exchange Commission (SEC) has fined First American Financial Corp. (FAFC), finding that the major title insurance and escrow company “did not have any disclosure controls and procedures related to cybersecurity,
Surprisingly, we still sometimes hear that some cyber risk professionals are challenged by their General Counsel and legal department not to quantify their cyber risk, as that might - in their opinion - introduce a liability, driven by the fact of possibly knowing about a problem and not having done enough to address it.
In September, 2020, our IBM X-Force IRIS security analysis group began tracking strange phishing attacks targeting suppliers of HVAC equipment and services.
Strange, unusual, media-worthy vulnerabilities and cyberattacks… they seem to pop up every few months or so and send us risk managers into a fire drill. The inevitable questions follow:
With permission, we are re-publishing this post from Lawfare, the influential blog that covers the intersection between law and national security.
The World Economic Forum’s new report. Principles for Board Governance of Cyber Risk, is the work of a panel of international experts on cybersecurity, including FAIR Institute President Nicola (Nick) Sanna
The hack at the Oldsmar, Florida, water treatment plant, an attempt to inject harmful levels of lye, drew headlines fretting over the possibility of cyber-terror striking a utility sector with “few protections against hacking,” as the Wall St. Journal said.
