risk

Capture the Prize

Risk is the effect of uncertainty on objectives.  Managing risk well increases the certainty that objectives will be achieved.  Not surprisingly, organizations leading in risk management “capture the prize”.  According to a PWC Risk Review, organizations more frequently achieve their objectives, are more profitable and less likely to experience a negative profit margin than those…

The Business Value of RSA Archer

Implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the first, second and third lines of defense.  Before implementing a program, and periodically throughout the life of the program, the question always arises from senior management: Is…

What’s Really at Risk With Reputation Risk

When boards express anxiety about cybersecurity risk, one of the foremost fears they face is reputation risk. Why is that? Because cybersecurity failures do cause reputation damage, and reputation risk is scary. A security failure can immediately bring unwelcome headlines, hits to the share price and probing questions from business partners Security failures can also…

Sydney CRO Summit: Cultivating a Resilient Risk Culture

If you knew that an action you were contemplating could conceivably cost your organization billions of dollars, permanently ruin its reputation and maybe get the CEO fired for good measure, would you risk it? I’m going to go out on a limb and say you probably wouldn’t. Yet people do it all the time. Why?…

Business-Driven Security™ to Lead through Chaos

My last post discussed the changing nature of security. The impact of today’s cyberattacks aren’t limited to stealing financial information or personal data. Instead, these attacks seed chaos. With this reality at hand, the need for business-driven security is even more pronounced. Security professionals must draw connections between the technical details of a security incident…

Defining Business-Driven Security™ for the Modern Enterprise

As I travel around the world and meet with CISOs and security teams, I continue to be amazed at the organizational disconnects around managing cyber risk. Security Operations and Identity & Access Management teams operate their own business processes with very few connection points. Security and Risk & Compliance teams have different world views of…

Calm the Churn with the RSA Archer Ignition program

If as a child you marveled at watching the simple, fascinating micro-example of physics of a pebble dropped into a puddle, you know what the results are. The pebble drops; the water’s surface is broken; ripples fan out from the point of impact… such an unassuming yet beautiful study of cause and effect.   Now, imagine…

CVSS Scoring: Why your Smart Refrigerator does not need to be Patched (Yesterday)

Is a CVSS score of 10, really a 10 in your environment? Vulnerability Risk Management is a work in progress for most organizations. Having dealt with many customers in this space, we have seen it all – the mature folks who utilize asset management to define ownership to multiple remediation teams – all the way…

Risk and Security Spotlight: Accenture

We caught up with Floris van den Dool, Managing Director for Information Security Services across Europe, Africa and Latin America for Accenture at the RSA Archer EMEA GRC Summit in London in November to get his take on what’s happening in the security industry. Van den Dool explained that traditional ways of security are no…

Risk-Based Authentication: What’s Context Got to Do With It?

Contributed by Lauren Horaist, Senior Product Marketing Manager, RSA Identity and Data Protection Group I sometimes find myself making strange comparisons between real life and work life.  One of those stream-of-consciousness moments happened a few weeks ago while I was driving home in a snowstorm.  I was minding my business driving along my normal route,…