Blog

Cyber risks like data breaches and ransomware are too often shrugged aside. The possibility of a cyberattack is rarely ignored, but it also rarely receives the attention it deserves. There are a few reasons for this:

• Risk-based governance vs technology. Cybersecurity incidents result from internal governance deficiencies as often as from vulnerable technology. 63% of data breaches are caused by weak or infrequently changed internal passwords, according to Verizon’s 2016 Data Breach Investigations

The list of recent FBI’s Internet Crime Complaint Center announcements focuses on the point that today, more than ever, business and private travelers should carefully protect their sensitive and personally identifiable information everywhere travel.

The FBI warns of numerous cases in which travelers’ laptops are corrupted with hostile applications and tools when using airport and hotel Internet connections.

Even though public Wi-Fi spots appear to be exceptionally unsafe, from a computer security

I think it all went wrong from the beginning; calling the risk practitioners "risk managers" creating the perception that they manage the risk, including the perception that the CRO is responsible for risk "management", Then the independent risk functions were mostly "born" out of the internal audit function and called the 2nd Line of Defense; creating the perception that it's another level of policemen and that there is something to "defend" against.

After all of that we created Red/Amber/ Green

I have had a few discussions lately about the importance of being crystal clear on why we do what we do. Our purpose. The reason this is so important is beautifully described by Simon Sinek in his book Start with Why: “…people don’t buy what you do, they buy why you do it”.

The same applies within your organisation. An organisation is in effect a market place. People are trading resources such as budget, people, assets and their time based on their perceptions of the value it will bring them in p

The New Mind Control. “Subliminal Stimulation”, Controlling People without Their Knowledge

The internet has spawned subtle forms of influence that can flip elections and manipulate everything we say, think and do

By Robert Epstein

Global Research, March 03, 2016

Aeon 18 February 2016

Over the past century, more than a few great writers have expressed concern about humanity’s future. In The Iron Heel(1908), the American writer Jack London pictured a world in which a handful of wealthy corporate titans

Author: Richard Pike, Non Executive Director, Permanent TSB

“Without data you’re just another person with an opinion” W Edwards Deming, Data Scientist

This is a very true statement, however it can equally said that too much data with too few opinions is equally ineffectual. Therefore the balance between

SEEKING TRAINEE PROFESSORS, TUTORS, AND EXAMINATION PAPER MARKERS.

GlobalRisk Community is seeking professors and others at the top of their financial professions to assist with checking out this course and subsequently being paid for tutoring and marking examination papers.

This is based upon well understood principles from Adam Smith and  M Keynes and the complex systems theorem which explains why everything simplifies and dozens of problems vanish, and systems control theorems, like having en

The October anniversary of the liability shift has passed, and anniversaries are an excellent time to look back on progress…this is no exception. The U.S. EMV migration plan was set four years ago as a way to fight card fraud and to protect both consumers and merchants.

Back in the day, we had one choice when we wanted to purchase something, and that was cold, hard cash. However, a few decades ago, people began using credit cards for everyday purchases instead of for only big ticket items, such a

It can be all to easy to get caught in the trap of cyber wack-a-mole, where as soon as you need with one cyber threat several more appear. The link that follows will take you to a short (2 minute) video that outlines the the situation most of us find ourselves in.

www.naganresearchgroup.com/CWAM.mp4.

Take a look. I appreciate your feedback.

Thanks.

A message from our partner:

So, you have a robust product roadmap. It's got all the product features you need, from the most basic to the most innovative. Now, how did you prioritize these features?

And, are you sure you prioritized things correctly?

With limited resources, all organizations strive to prioritize those activities that drive the most value. This is particularly true in product development. Focusing on the right or wrong set of features can make or break your product (or even company).

The Kano Customer Satisfac

I am reminded time and again, in organisation after organisation, of the tendency to take a basic product or service and over complicate it until it’s “broken”. And if you want examples, look no further than support functions in organisations. Whether they be finance, procurement, risk or records management. Unless you have pro-actively resisted the temptation, every end user will tell you, “the system is over complicated”.

If your system is over complicated, your challenge to engage with and ben

Much effort is being expended, rightly so, in addressing cyber risks. However, it is a frustrating exercise since new risks and threat vectors are arising daily, even hourly. If you would like to stop playing cyber wack-a-mole and get on the offensive watch this video. It only takes 5 minutes and will explain why understanding and managing your cyber exposures provides a way to take the offensive.

Hope you enjoy and gain something from it.

Managing Cyber Exposure Video

By now, the Wells Fargo scandal is already beginning to become a memory. While the public may forget their costly mistake in time, theirs is a lesson you should definitely commit to memory. Wells Fargo’s failure could easily be your own without taking proper steps to avoid mistakes made by management.

Besides not keeping track of employees as they should have, Wells Fargo made the tragic mistake of incentivizing sales over the interests of their customers. Rather than reward employees for providi

Ruben Cohen is an operational risk consultant. He has been working in the financial industry for over 17 years, with most of the last 10 in operational risk analytics at Citi.
Prior to that, Ruben spent 10 years on the faculty of Mechanical Engineering & Materials Science at Rice University in Houston, specializing in Fluid Mechanics and Thermodynamics. He holds a Ph.D. in Mechanical Engineering from M.I.T. and has subsequently obtained an M.A. in Economics from McGill University.
Ruben is based

Operational risk management is currently on the end of a major shakeup. Ever since the announcement of Basel III banks have been working within a paradigm that pushes towards either TSA or AMA approaches (standardised and advanced approaches respectively). At the end of 2015, however, the Basel Committee shocked firms by announcing that they were doing away with this, and replacing it with the SMA – a new standardized approach that would be the norm for all banks. This is having huge ramificatio

Heavy reliance on systems and technology exposes firms to higher levels of risk and threats in this area due to these threats constantly changing. Hence, it is important for organizations to equip themselves with up to date with IT and cyber threats, along with ensuring a strong fraud management program in place, managing outsourcing and third party risk and keeping up with the regulatory expectations.

Representatives from established financial institutions and associations are joining hands to b

Yesterday I was talking to “Phil”, who I mentor, about how well he was standing in the shoes of others when working with them.  Understanding them helps you to advise them.

Phil was telling me about a meeting he had with someone from audit that came asking for his help.  He soon realised that they were not clear on why they were meeting with him and he decided to help them become clear.  He explained it would be best to think more about the questions they needed to ask and that they should come b