Risk Is a Reality, Make Sure Rewards are Too

Return on investment. Total cost of ownership. Productivity gains. Payback period? What am I – a financial wizard or a risk professional? If you are in the risk management profession today, you have to be both. Being a top notch security guru that can navigate SQL injection code or rattle off the NIST 800-53 control…

What’s Really at Risk With Reputation Risk

When boards express anxiety about cybersecurity risk, one of the foremost fears they face is reputation risk. Why is that? Because cybersecurity failures do cause reputation damage, and reputation risk is scary. A security failure can immediately bring unwelcome headlines, hits to the share price and probing questions from business partners Security failures can also…

What do RSA Conference 2017 and my DVR have in common?

Another year, another RSA Conference. At this point, I have lost count of my appearances at this annual gathering of all things security – I believe it was number 15 or 16 for me. I say “appearances” because the days blur into such a steady stream of meetings, discussions and general sensory overload that at…

Calm the Churn with the RSA Archer Ignition program

If as a child you marveled at watching the simple, fascinating micro-example of physics of a pebble dropped into a puddle, you know what the results are. The pebble drops; the water’s surface is broken; ripples fan out from the point of impact… such an unassuming yet beautiful study of cause and effect.   Now, imagine…

Stirring Up GRC Ghosts at RSA Charge 2016

We held RSA Charge 2016 in New Orleans, the week prior to Halloween, in the “most haunted city in America” – and what a phenomenal turnout! We were thrilled to have more 2,000 attendees register and join us in person to share best practices for GRC, security and business risk management.  The conference proved again…

Dude, Where Is My Archer Summit?

We have all had that moment walking out of the shopping mall or the airport.  Everyone knows the feeling when that rush of doubt takes hold of our brains.  We stand frozen and frantically wait for our cerebral cortex to do its thing and pluck that single memory out of our vast network of synapses……

Great Things Come in 3s – EMC (RSA) Positioned in Leader’s Quadrant in Three Gartner Magic Quadrants

We have all heard the adage that great things come in threes. Stooges. Pigs. Blind Mice. The list goes on and on. I have am very pleased to announce another thrilling combination of three – Gartner Magic Quadrants. EMC (RSA) has been positioned in the leader’s quadrant in three Gartner Magic Quadrants: Operational Risk Management,…

Announcing RSA Archer GRC 6.1

RSA Archer GRC 6 (6.0) was launched in November 2015 under the theme “Inspire Everyone to Own Risk.”  GRC 6 focused on providing organizations with an industry leading GRC platform to transform risk management by engaging everyone within an organization in the risk process. Today, organizations must implement the “three lines of defense,” making risk…

Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

In April, I wrote two blogs (How Hungry… and Appetite and Exercise) on the concept of risk appetite. I highlighted the fact that organizations must take on risk to drive growth within the business. That risk must be balanced with activities to manage the risk within a tolerance that is acceptable to the organization. Some…

Appetite and Exercise

In my last blog post, I posed the concept of Cyber Risk Appetite as something that all organizations need to consider today.  I used the analogy of a balanced diet of risk – taking some risks to keep the business growing while avoiding so much risk that the business becomes bloated.   The objective is to…