good governance is made possible by ERM

What Is Good Governance, and Why Do We Care?

Governance is defined by the organizational processes used to make and implement decisions. Good governance is not necessarily making only the “correct” decisions. It’s using the best possible risk management process to inform decision-making, which has the potential to impact employees, customers, other stakeholders, and the community at large. Optimizing organizational governance is not just recommended,…

Strategic ERM

What’s Changing in the Approach to IT GRC?

Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach. Traditionally, IT is comprised of a variety of underlying functions. These functions include: IT Asset Management, commonly used to inventory…

cyber risk

Risk-Based Cybersecurity Prevents Cyber Attacks and Data Breaches

There are many prominent cybersecurity companies, including FireEye and Symantec. These companies “focus on blocking or detecting intrusions as they occur or responding to attacks after the fact,” according to The New York Times. Sometimes, this approach yields fruit, but inherently, it cannot “gain the upper hand” over threats; no matter how quickly security responds to…