Category: GRC

Some Thoughts on User Awareness Training

Brian Krebs published an article about a tech firm losing $46 million in a technology-based heist.  The heist used forged communications from senior executives to complete financial transactions.  This got me thinking about user awareness training and how we’re doing it and how we might do it better.

Read More…

Describing Policy

I recently had to provide a succinct description of the Policy, Standard, Guideline, Procedure taxonomy and descriptions on short notice.  Here is what I came up with: Policy: Do good stuff Standards: This is how we’re going to measure doing good stuff Guidelines: If you’re not sure what good stuff looks like, here’s a hint […]

Read More…

Vendor Management by Spreadsheet

I was listening to the Risk Hose podcast last week.  Second only to the conversation about the efficacy of a Cyber-Hadoop instance for cyber-managing cyber-risk, the most interesting cyber-portion of the podcast was the discussion about vendor management. Alex flew off on a spectacular tirade against vendor management by spreadsheet.  Listening to the rant was […]

Read More…

Are we doing it right?

Hey, everybody!  Long time no blog, I know.  Things have been busy.  I wish I had some story involving me being chased by a bear and living to tell the tale, but it’s just been run of the mill responsible adult blah, blah, blah.  Sorry, but that’s all I got. Still, apologies are not the […]

Read More…
%d bloggers like this: