In the rapidly evolving landscape of governance, risk management, and compliance (GRC), information security is undergoing a significant transformation. This evolution reflects the growing complexity and interconnectedness of digital risks… Continue reading A New Era: Embracing the Role of Digital Risk & Resilience

For many years, the global compliance landscape was dominated by a checkbox-driven approach, primarily led by the United States. Compliance programs in the U.S. focused on prescriptive rules, and adherence… Continue reading Increased Demand for Evidence-Based Compliance: EU Surpasses the USA

Risk management, when done effectively, is both an art and a science, requiring a careful balance of top-down strategic insight in the context of the organization’s objectives and bottom-up operational… Continue reading The Tunnel of Eupalinos: a Blueprint for Connecting Strategic and Operational Risk & Resilience

Denmark is often lauded for its high quality of life, progressive social policies, and exemplary governance. However, there is something more subtle yet profoundly impactful that one notices when visiting… Continue reading Ethics, Compliance & Risk Culture in Denmark: A Model of Orderliness and Mindfulness

In today’s rapidly evolving business landscape, risk management is no longer just about avoiding pitfalls—it’s about navigating the uncertain waters of opportunity and danger with agility and resilience. The modern… Continue reading Beyond the Heatmap: Rethinking Risk Management for the Modern Age

Effective policy management is critical to maintaining organizational integrity, compliance, and operational efficiency. Yet, many organizations remain trapped in outdated, manual processes that create a mess of confusion, inefficiency, and… Continue reading Modernizing Policy Management: The Urgent Need for Automation

In today’s interconnected world, the relationships that businesses forge with third parties are akin to friendships—built on trust, integrity, and resilience. Just as strong friendships require shared values, ethical behavior,… Continue reading Strengthening the Bonds of the Extended Enterprise: A Unified Approach to Third-Party Risk Management

I am sure this will be controversial, many love their role and title. First, some perspective . . . my career started in IT security. I cut my GRC teeth… Continue reading The Death of the CISO: A Eulogy & Reincarnation

I love feudal Japan! After my love for medieval Europe is my love for feudal Japan. Perhaps they are on par with each other as both of these eras excite… Continue reading Seven AI Samurai of GRC: Protecting the Organization

This past week has seen a global risk event in the Crowdstrike/Microsoft outage that illustrates the need for organizations to address risk and resilience management . . . Risk management… Continue reading Understanding the Interrelationship of Risk and its Impact on Operations

Dynamic, Disrupted & Distributed Business is Difficult to Control Organizations take risks but fail to monitor and manage these risks effectively in an environment that demands risk agility and resilience.… Continue reading The Need for Contextual Awareness of Risk & Resilience

Modern organizations are not defined by brick-and-mortar walls and traditional employees; they are extended enterprises comprising third-party relationships, which often nest themselves in layers and transactions of complexity. In today’s… Continue reading Understanding Corruption: Navigating Third-Party Risk in Supplier and Vendor Relationships