Cybersecurity Leadership

At its heart, governance should be about security practices and focus on risk mitigation as a security concept rather than as a compliance driver. Compliance will be a by-product of good security practices that can be guided by security governance frameworks.

Without clear accountability from the top, cyber compliance invariably descends into box-checking and window-dressing

The use of generative AI promises to continue to grow rapidly. Consequently, leaders must understand the risks and challenges of this new technology and develop policies and practices to guide its usage.

Cybersecurity regulations have become complicated, costly and difficult to secure due to the web of national and regional regulations that have developed in recent years.

A governance, risk and compliance program has to start with a degree of integration between threats, risks, controls and protective measures.

Excessive complexity and lack of first line integration render many GRC metrics useless. Simplicity and collaboration are key to success

For the last decade, overall governance risk and compliance program development has progressed, but the return on investment has indeed remained flat or negative. Why are the benefits of GRC technology spend so slow to materialize?

Driving change in risk culture is difficult, and it always takes time. The payoff can be huge, however. Gartner’s Matt Shinkman and Chris Matlock discuss.

The Three Lines of Defense model enables board directors to be involved in the cyber risk management process without micromanaging the security team.

Hybrid operating models can work and bring value around GRC but as long as the dynamics of trust and efficiency are preserved.

There are many risk management methodologies in existence but too many large firms are still following today simplistic, dysfunctional or flawed practices

With pressure from regulators, evolving threats and the need for stronger oversight, integrating cybersecurity risks into GRC programs requires alignment between both areas.

In all cases, governance by design takes humility, patience and iterations.

The new SEC rules will put more pressure on CISOs and security teams to stay transparent about their security governance – and that’s a good thing.

Successful GRC programmes are focused on the integration between threats, risks, controls & protective measures

Over the last two decades the role of CISO has evolved beyond technical IT security to become pivotal in risk, compliance, and governance.

Organisations should start with risk management to understand information security risks and communicate them better internally

Companies should pay specific attention to risks arising from the increasingly common whistleblower complaints regarding data breaches and cybersecurity.

62% of enterprises without IT GRC solutions report low security readiness, as opposed to only 25% of those with IT GRC solutions

Protiviti’s Jim DeLoach offers insight into some of the key changes organizations can make to position their risk management experts for success.

Who are the most influential social media thought-leaders and thinkers, focusing in risk management, compliance and regtech in the UK? Our list ranks th

It is easy to say that risk management should be embedded into business processes such as strategic planning. But is it that easy to accomplish in practice?