GRC Diary

FROM THE EDITORS AT CYBERSECURITY VENTURES

Q3 2017

GRCDiary.com — sponsored by Lazarus Alliance, Inc. — provides chief information security officers (CISOs) and IT security teams, HR, legal, governance, risk and compliance executives with a quarterly list of noteworthy GRC activity.

SECOND EDITION

Governance, risk and compliance solutions should spot vulns before hackers do

Choosing the right GRC software isn’t easy in a crowding market.

bradcaseyheadshotBrad Casey

Menlo Park, Calif. – Sep. 30, 2017

“The 21st century cyber security landscape is dynamic, with new threats emerging daily and profoundly impacting companies of all sizes around the world” says Michael Peters, CEO at Lazarus Alliance, Inc..

“The only way to avoid being hacked is to identify your vulnerabilities before cybercriminals do” adds Peters. “The right governance, risk, and compliance (GRC) solutions should systematically identify and eliminate cyber security risks.”

GRC is flush with new compliance and risk challenges, and an abundance of new market entrants and products. All industries in all countries are grappling with an ever more complicated GRC landscape. But, no one ever said that GRC was going to be easy.

GRC DIARY

September

Sep. 29.  Rather than looking at compliance as a merely formality, one CEO maintains that taking a more comprehensive view of compliance can prove to be extremely beneficial to organizations looking to improve their compliance posture.

Sep. 28.  Ivis Technologies will be marketing a product that was jointly developed with Huntington Ingalls Industries.  The new product is a subscription-based SaaS solution that helps organizations with GRC issues.

Sep. 27.  The M-Files Corporation announces a partnership with IT Governance in an effort to provide a solution for those who are attempting to better comply with the General Data Protection Regulation.

Sep. 26.  According to one report, the approach to data governance is becoming less security and compliance focused, and more user access-centric.  The reasoning behind this is that multiple users need access to data to solve business problems.

Sep. 26.  The BigID solution toward GDPR is the first known solution that can discover an individual’s data across a wide spectrum of applications.  Some of these applications include structured, unstructured, big data, and cloud.

grayfooterline
RELATED: Outsourcing Can Help Bridge the Cyber Security Skills Gap
grayfooterline

Sep. 25.  In an effort to prioritize cyber security governance, one author suggests building a culture of security within an organization.  He goes on to challenge CISOs to place more emphasis on data confidentiality, integrity, and availability when conducting board meetings.

Sep. 25.  Anticipating critical risk will most likely be increasingly difficult for the next 3 years, as the lack of cross departmental collaboration has become seemingly perpetual.

Sep. 22.  Infrastructure automation is a benefit to the enterprise in terms of efficiency of deployment and continual management, but it can also assist in satisfying an organizations governance, risk, and compliance needs.

Sep. 13.  CyberSecurity Breakthrough selects Rsam, an industry-leading GRC provider, as the recipient of Overall Risk Management Solution of the Year award.

Sep. 12.  GlobalSCAPE, Inc. is recognized for its GRC efforts by receiving a Gold Bridge Award for its Electronic Funds Transfer platform.

Sep. 7.  Focal Point Data Risk and Symmetry announce a partnership that will be the beginning of a journey that will provide with the security industry with a robust GRC solution.

Sep. 6.  Allegres is selected by CIO Applications Magazine as one of the top 25 companies that provide Governance, Risk, and Compliance services to other organizations.

August

Aug. 29.  The provider of cloud-based, audit, risk, and compliance services – Onspring Technologies – announces a partnership with Unified Compliance as a means of automating as much of the GRC process as possible.

Aug. 29.  Podium Data, Inc. announces their capability regarding automated data governance.  The new capability is a customizable rules engine that allows data stewards to more efficiently manage sensitive data.

Aug. 29.  In an effort to overcome the hindrance presented by compliance and regulatory issues, Chef is partnering with Saviynt – a leader in Cloud Access Governance and Intelligence.

Aug. 23.  According to the General Data Protection Regulation (GDPR) all organizations within the EU that manage the personal data of others will have to comply with the GDPR by May 25, 2018.  

Aug. 22.  According to one CIO, the scourge of governance, risk, and compliance is the Shadow IT department.  Basically, people who subvert known policy by bypassing the firewall or some other regulatory device is a total subversion of GRC.

Aug. 22.  A leading provider of GDPR training, IT Governance, is providing a webinar that is intended to provide organizations with information regarding ways to prepare for the impending GDPR legislation.

Aug. 22.  One author suggests ways to prepare for the full implementation of GDPR legislation.  The overall theme of becoming compliant with GDPR is cleaning up one’s data.

grayfooterline
RELATED: Lazarus Alliance, Inc. provides Security, Compliance, Risk, Policies and Cybervisor Services
grayfooterline

Aug. 21.  Much like the 3 lines of defense often practiced within the financial services industry, many firms are beginning to adhere to 3 lines of defense for data management and data risk.

Aug. 21.  In a survey that reveals that 68% of respondents within board rooms within UK companies, 6% of respondents report that their respective companies are completely in compliance with GDPR legislation.

Aug. 20.  The Commonwealth Bank of Australia is the target of a money laundering probe as it seems to be the latest in a long line of money laundering schemes that calls into question the Australian banking industry’s commitment to GRC.

Aug. 17.  The Securities and Exchange Commission announces various observations after examining 75 different firms regarding compliance issues.  They note that some firms struggle with patch management and other similar safeguards.

Aug. 10.  One author maligns the seemingly casual attitude that too many companies have with regard to governance, risk, and compliance.  Because sensitive data is the coin of the realm within the criminal underworld, more CSOs should take data governance more seriously.

Aug. 9.  As a result of a lawsuit brought about by 32 states attorneys general, Nationwide Mutual Insurance Co. has agreed to pay a settlement of $5.5 million due to their failure to apply a critical security patch in October 2012 that resulted in the exposure of massive amounts of sensitive personal information.

Aug. 8.  The UK’s new General Data Protection Regulation (GDPR) appears to go further than any comparable EU regulations, as the UK looks to become the safest place in the world to conduct business online.

Aug. 8.  The government of the UK threatens companies that fail to comply with recent GDPR legislation with a £17 million fine.  Fail to comply at your own risk.

Aug. 7.  If one would like to become a cyber security super hero, one should know the intricacies of governance, risk, and compliance while maintaining technical knowledge regarding the latest trends.

Aug. 1.  Crownpeak acquires Evidon as a means of providing compliance software as a service.  This acquisition should prove beneficial as Evidon’s SaaS compliance software is complementary regarding Crownpeak’s monitoring platform.

July

Jul. 26.  The GRC software market is expected to boom as market experts anticipate revenues exceeding $11.8 billion by 2021, with a compound annual rate of growth of 6.7%.

Jul. 26.  Three-fifths of senior IT executives among 200 medium to large UK organizations suggest that staff are the largest threat to GDPR.

Jul. 25.  This newly appointed Chief Strategy Officer discusses the necessity of innovation in compliance training.

Jul. 25.  As a means of providing a better method for sensitive data scanning and tagging, Veritas Technologies introduces the Integrated Classification Engine.  This should allow companies to better adhere to GRC requirements.

grayfooterline
RELATED: Overwhelmed by GRC? Looking for a Solution? ContinuumGRC Can Help.
grayfooterline

Jul. 24.  According to 304 IT professionals surveyed by HANDD, 21% believe that compliance and regulation will have the greatest impact on data security along with the unpredictable behavior of employee behavior.

Jul. 14.  Informatica launches their new GDPR solution known as Informatica Data Governance & Compliance.  This is reportedly the industry’s first solution of its kind as it should assist companies who are transitioning to GDPR compliance.

Jul. 13.  According to a recent survey conducted by Netwrix, 95% of healthcare organizations do not utilize risk management software.  Even with the proliferation of malware, most healthcare organizations view employees as the primary risk to their respective networks.

Jul. 11.  If information governance professionals want board rooms to pay more attention to GRC issues, then IG professionals should continually point to the effects GRC has on the bottom line.

Jul. 11.  What exactly is meant by governance, risk, and compliance.  One author answers 5 frequently asked questions regarding the concept.

Jul. 10.  One author frets the lack of preparation by European CIOs for the General Data Protection Regulation (GDPR) despite the large amounts of money being allocated for GDPR.
Jul. 7.  The Office of the Comptroller of the Currency (OCC) announces that governance, risk, and compliance will be a new focus with regard to supervisory efforts.

Stay tuned for the Q4 2017 edition of the GRC Diary.

Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.

grayfooterline

Q2 2017

GRCDiary.com — sponsored by Lazarus Alliance, Inc. — provides chief information security officers (CISOs) and IT security teams, HR, legal, governance, risk and compliance executives with a quarterly list of noteworthy GRC activity.

FIRST EDITION

Avoiding cyberattacks begins with GRC

Market for governance, risk and compliance solutions is expected to grow by 13 percent over the next 5 years.

bradcaseyheadshotBrad Casey

Menlo Park, Calif. – Jun. 30, 2017

Cybersecurity Ventures announces the GRC Diary — a new quarterly in our diary series.

“The 21st century cyber security landscape is dynamic, with new threats emerging daily and profoundly impacting companies of all sizes around the world” says Michael Peters, CEO at Lazarus Alliance, Inc.. “The only way to avoid being hacked is to identify your vulnerabilities before cyber criminals do. The right governance, risk, and compliance (GRC) solutions should systematically identify and eliminate cyber security risks.”

GRC is flush with new compliance and risk challenges, and an abundance of new market entrants and products.

The White House is involved — with efforts to make U.S. government agencies more GRC compliant, and dare we say… to make GRC great again.

All industries in all countries are grappling with an ever more complicated GRC landscape. But, no one ever said that GRC was going to be easy.

GRC DIARY

June

Jun. 30.  Officials at both the U.S. SEC and FINRA discuss ways in which different organizations can avoid serious cyber-attacks.  Much of the discussions centers on GRC issues.

Jun. 30.  Social SafeGuard, a leading provider of digital risk management, has announced its new support of Microsoft Sharepoint and Skype.  This new support will allow companies who rely heavily on SharePoint and Skype to mitigate risk.

Jun. 30.  The CEO of Clearwater Compliance reports that the C-Suite needs governance, among other things, to have a vibrant security program when securing IT infrastructure within the health industry.

Jun. 29.  Governance, Risk, and Compliance is becoming a fertile market for IT vendors, as buyers are increasingly educating themselves prior to purchasing various products.

Jun. 29.  This CEO discusses the latest ransomware attack that ravaged European IT infrastructure along with the various ways that GRC can assist in the prevention of future attacks.

Jun. 29.  One study finds that most companies agree that cyber-attacks pose a grave risk to their IT infrastructure, and therefore provide security training to employees.  However, most companies do not require their vendors to adhere to the same standards that they abide by.

Jun. 28.  One author encourages investors to be wary of companies that do not take GRC issues seriously.  He opines that many of these same companies open themselves up to significant loss in the event of cyber-attack.

Jun. 28.  This industry professional discusses the pros and cons of Compliance-As-A-Service.  While CaaS can provide quicker more efficient solutions, it falls short in some of the more minute details, such as compliance with regulations of other countries.

grayfooterline
RELATED: Outsourcing Can Help Bridge the Cyber Security Skills Gap
grayfooterline

Jun. 27.  With all of the talk surrounding the possible reworking of NAFTA, some within the security industry say that this is an ideal time to rework some of the GRC issues that went unaddressed in the original agreement.

Jun. 26.  This CIO discusses the role of the CIO as it relates to governance, risk, and compliance.

Jun. 26.  Saviynt and Allgress announce their partnership in their respective efforts at achieving better compliance with such frameworks as DFARS 171, NIST 800-53, and PCI.

Jun. 23.  At the Operational Risk Awards 2017 ceremony, the company that won the award for the best risk/security product was RSA Archer.  RSA Archer also wins an award for their efforts at bringing GRC into the mainstream.

Jun. 23.  Due the increased regulatory environment within the world of IT, many believe that the Chief Information Security Officer is really the Chief Financial Officer of information security.

Jun. 23.  In the wake of Symantec’s much publicized certificate issues, Mozilla is set to do legal battle with them as the spar over who will handle Symantec’s Public Key Infrastructure.

Jun. 23.  At the Operational Risk Awards 2017 ceremony, the product that took home the prize for Best GRC Product was IBM’s OpenPages.  OpenPages utilizes IBM’s machine learning technology to come up with smart solutions on its own.

Jun. 21.  Due to the efforts of Eukleia and Preloaded, the game that they created that assisted end users learn about GRC in a fun and amusing way, an award has been granted for the game Zero Threat.  A Silver award was granted at the 2017 International Serious Play Awards ceremony.

Jun. 20.  A general theme for this year seems to be the growing number of partnerships between companies of diverse backgrounds teaming up to better navigate the GRC field.  Now, NASDAQ’s BWise and KPMG, LLC have teamed up to provide a better GRC solution.

Jun. 20.  In an effort to make GRC great again, President Trump wants a rather large overhaul of some of the more obsolete IT systems within the federal government.  Apparently some systems still utilize floppy disks.

Jun. 19.  To avoid some of the scandals of years past, this author lists 6 of the top GRC certifications that will go a long way toward protecting companies from various risks.

Jun. 14.  Leading cyber risk and compliance company, Edgile, has teamed up with Microsoft Azure and SailPoint to assist companies who are moving increasing amounts of their infrastructure to the cloud.  The will leverage Azure’s secure access along with SailPoint’s identity governance.

Jun. 13.  OXIAL announces their new product, the IT GRC SOLUTION, which provides a comprehensive look at an organization’s GRC posture by combining the various disciplines that go into GRC.

May

May. 24.  The Executive Chairman of MetricStream discusses the various GRC obstacles that companies have to navigate throughout the world.  He talks about how each industry sometimes has vastly different GRC requirements than other industries.

May. 23.  This security professional discusses the need for better security within the retail industry.  Many of the security deficiencies within the retail industry can be corrected by better adherence to GRC issues.

May. 19.  In a rather fun approach toward GRC training, the folks at Eukleia have teamed up with Preloaded in order to make Zero Threat – a game that trains users in cyber security awareness.

May. 18.  According to SBWire, the enterprise GRC market will grow by approximately 13% between 2017 and 2023.  The bulk of said growth will occur in North America.

May. 17.  Leading cyber security, governance, risk, and compliance (GRC) firm, Lazarus Alliance has formed an alliance with PledgeUp.com – a platform that assists labor unions with the collection of dues.  This new partnership will help PledgeUp in their drive for better PCI compliance.

May. 17.  A former White House cyber security advisor discusses the latest news regarding risk management.  He points to 6 technology trends that will affect GRC in the future.

May. 15.  In the past, achieving compliance within an organization’s IT infrastructure was simpler when compared to present day.  Much of this additional complexity has occurred due to the rapid shift of organizational infrastructure to the cloud.

grayfooterline
RELATED: Lazarus Alliance, Inc. provides Security, Compliance, Risk, Policies and Cybervisor Services
grayfooterline

May. 11.  Access Rights Management is an old, yet pervasive problem within the tech industry.  GRC advocates continue to wrestle with who should and should not be given access to various areas of the network.

May. 11.  In an effort to make government agencies more GRC compliant, President Trump signs an executive order that holds the various cabinet secretaries responsible for their respective agency’s IT security.

May. 9.  In an interesting move, Harland Clarke forms an alliance with LockPath, a leading provider of GRC advice.  Together, the two organizations will produce a cloud platform called GRC Spotlight.

May. 9.  To better assist companies with security and GRC issues, Verizon takes an in-depth look at thousands of breaches that have occurred in various enterprise networks.

May. 8.  The Social Security Administration will attempt to improve their GRC posture by once again attempting to implement 2-factor authentication.

May. 4.  The security and risk management firm, Edgile, announces the release of their latest service known as Technology Diagnostics Managed Service.  This new service will assist enterprise leaders in making more informed decisions as these decisions pertain to risk.

May. 2.  This compliance and security professional discusses different indicators that provide insight into whether a company’s GRC posture is adequate.  Among these indicators of inadequacy are the use of spreadsheets to track compliance issues.

May. 1.  This leader within the insurance industry discusses the slow adoption of cyber insurance by many within the tech industry.

April

Apr. 27.  In alignment with what seems to be an increasing trend between risk management companies and software companies, 3E Company and IsoMetrix are teaming up to offer an integrated GRC solution.

Apr. 25.  In the spirit of GRC, BeCyberSure has announced the launching of what it has deemed the most comprehensive GDPR (General Data Protection Regulation) assessment available.  This new assessment gauges an organization’s total security and compliance posture.

Apr. 19.  According to this cyber security expert, the 3 primary areas of growth within the security industry are cyber risk, cyber insurance and IoT security.  She goes on to give examples of serious cyber breaches that gave way to the need for cyber security.

Apr. 18.  Adopting a culture of acceptance of GRC is more than simply implementing policies.  Deploying effective GRC tools allows for greater adherence to GRC.

grayfooterline
RELATED: Overwhelmed by GRC? Looking for a Solution? ContinuumGRC Can Help.
grayfooterline

Apr. 13.  The CEO of CyberNance discusses the role of GRC in the life span of a company, along with the increased emphasis boards of directors are placing on GRC.

Apr. 7.  The CTO of MarkLogic discusses the necessity of GRC.  He discusses how each letter in the ‘GRC’ acronym stands for something that interrelates with the other.

Apr. 6.  This author discusses the growing need for uniformity of GRC efforts in the Middle East.  Simply utilizing GRC software as a means of checking different boxes is insufficient.

Apr. 5.  Forming another alliance, LockPath has teamed up with SecurityScorecard in order to help organizations manage third-party and vendor risk.

Apr. 5.  One of the market leaders in GRC apps, MetricStream, has announced the release of their M7 platform.  This new platform is supposed to provide organizations real-time intelligence so organizational leaders can make more informed decisions.

Apr. 3.  Some within the tech industry have become overly reliant on GRC tools to ensure their adherence to various regulations.  Some security experts feel that a greater emphasis needs to be placed in areas such as common sense.

Stay tuned for the Q3 2017 edition of the GRC Diary.

Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.

grayfooterline

© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.