Blog

A study published last week sponsored by Tripwire and conducted by the Ponemon Institute found that while over 80% of security and risk professionals consider their organization's commitment to risk-based security management significant, less than 30% had a formal risk management strategy in place.

Why does such a large gap continue to exist, even as the evidence piles up that organizations with a mature risk framework are better performing and more prepared for an uncertain future?

One hurdle tha

What the Great Wall of China can teach us about Vendor Risk Management

A vendor risk management approach is all about creating centralized standards that transcend business silos, which is very different from the approach taken in traditional vendor management software. Vendor management needs tools with a risk-based approach to overcome their difficulty of objectively putting the vendor compliance pieces together across legal, purchasing , security reviews, and accounts payable silos for contrac

Looking back over my most popular blogs, there was a lot of interest in 5 Steps for Better Risk Assessments and How to Consolidate Compliance Risk Assessments. Due to this interest I have created a complimentary 30 minute webinar on streamlining enterprise risk assessments complete with detailed "how to" examples and visuals that are not possible in a blog format.

Click here to watch this On Demand Webinar or read the full invitation below:

On-Demand Complimentary Webinar Invitation:

Organizations

This week I faced the ultimate personal test of my risk management skills, where I had to soul search “do I practice what I preach as an ERM expert.”. Sunday, the night before the storm of the century Hurricane Sandy hit, I had tickets to fly to Texas as a speaker and expert on ERM. What would become of my home and family? Had I applied the same risk principles in my work as a CEO of the leading enterprise risk management software company in my personal life? Had I done put a personal business c

In my last blog and On-Demand Webinar “Presenting Risk Management to the Board,” I was asked for help identifying government regulations that hold Boards responsible for Enterprise Risk Management (ERM) compliance.

Definition: First some background, the SEC Proxy Disclosure Enhancements rule defines ERM compliance as extending the board's role in risk oversight to the threshold of material impact of the risk regardless of the level. Boards of Directors were previously only responsible for CEO- le

The first shoe to drop was government regulations holding the Board of Directors personally responsible for the effectiveness of enterprise risk management programs at their organizations. Boards are given a choice between proving their risk management programs are effective or disclosing their ineffectiveness in risk management to the public. If they do neither, it is considered fraud, as not knowing about a risk is no longer a defense.

What does enterprise risk management effectiveness mean? No

Risk management solutions are not a separate module or product. Instead, they compose an approach that adds value to both top-down and bottom-up activities within the organization.

Risk management is in everyone's job description and ERM is all about how to identify the aspect of risk management in every role and connect the dots automatically using the “Six Degrees of Separation Theory” that I discussed in my last blog to get right to the people who know the risk and are responsible for the risk

Recently, Gartner released its 2011 Magic Quadrant for enterprise governance, risk, and compliance (eGRC) software.  While the report highlights the top vendors of eGRC, which includes LogicManager, it also identifies some revealing trends within the eGRC marketplace based on reliable consumer feedback.  The most notable trend recognized is the shift towards enterprise risk management (ERM) software by eGRC programs.  As Gartner states,

"ERM has emerged as the most significant use of EGRC platfor