Conversations in Risk-Based Security

Optimizing the CISO’s Gameplan: Lynx’s Aric K. Perminter Talks Governance, Compliance, and Diversity

Posted by Lynx Technology Partners on Nov 4, 2019 10:03:49 AM

Originally written and published by Kevin Howarth of NTSC (NTSC.org)

If a theme emerged in the National Technology Security Coalition’s (NTSC) recent conversation with Aric K. Perminter, Chairman and Founder of Lynx Technology Partners, it’s that CISOs are seeking services and solutions that enable simplification, automation, and integration of strategic, operational, and IT risk management processes and data. As a security visionary and leader, Perminter guided Lynx Technology Partners through its founding in 2009 into a multimillion-dollar information security and risk management company. As chairman of the Board of Directors, Perminter is responsible for formulating and executing long-term strategies and interacting with clients, employees, and other stakeholders. During his 25-year career, Perminter has held a wide variety of leadership positions across key parts of information technology businesses—including serving as Lynx’s CEO through August 2015.

Read More

Topics: compliance, governance risk

Integrated Risk Management: Above and Beyond Risk Mitigation

Posted by Lynx Technology Partners on Oct 31, 2019 12:43:42 PM
Originally posted at Ivanti.com
 
We face risk every day - it’s a part of life. For organizations, it’s also a part of doing business. There are many different definitions of risk and even more methods for managing it. Over the last couple decades, risk management has evolved due to the changing business landscape and interconnected world. 
 
As the digital universe has expanded, so have the capabilities of the individuals and organizations trying to exploit it. Sadly, organizations face these threats every single day. This is why they must find a way to identify and deal with these risks without jeopardizing business operations and reputation. All while operating in an increasingly regulated world.
Read More

Topics: Security

Own it. Secure it. Protect it. National Cybersecurity Awareness Month!

Posted by Kerstin Zell on Oct 11, 2019 12:34:53 PM

October does not only mean we get to enjoy pumpkin spice lattes and hot apple cider, but it is also National Cyber Security Awareness Month (NCSAM).  According to National Initiative for Cybersecurity Careers & Studies (NICCS), this years’ theme is “Own it, Secure it, Protect it”.  The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) co-lead the NCSAM initiative each year (NCSAM Toolkit).

Read More

Topics: BeCyberSmart, NCSAM

The Value of Virtual Assessments

Posted by Lynx Technology Partners on Sep 24, 2019 2:03:00 PM

A risk-based determination of whether – and how – to conduct remote assessments of vendors

Expert Contributors:  Angela Dogan, Lynx Technology Partners and Andrew Hout, Shared Assessments

Given how much time and money virtual assessment of vendors can save companies and their third party risk management programs, it may be surprising to learn that cost and convenience should have little, if anything to do, with determining whether a risk assessment should be performed in person or remotely.

Read More

Top Ten CISO Concerns for 2019 Validated

Posted by Doug Yarabinetz on Jul 17, 2019 11:12:45 AM

Many of you may have read the recent article by Mary K. Pratt, contributing writer, TechTarget titled, Top 10 CISO Concerns for 2019 Span a Wide Range of Issues.  If you haven’t, check out the link later in this post, it’s worth the read.  Pratt outlined, through a series of interviews with top CISOs, the top ten concerns dominating the CISO’s agenda this year.

Read More

Topics: CISO

Third Party Risk Management: Just the Right Thing to Do

Posted by Angela Dogan on Jul 16, 2019 2:19:18 PM

With scrutiny on companies intensifying as data breaches become a matter of when, not if, the subject of Third Party Risk Management (TPRM) enters the cybersecurity spotlight more and more. A November 2018 Opus and Ponemon Institute study noted “59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent – up 5 percent over last year’s study and a 12 percent increase since 2016.” Yet, despite this reality, a July 2018 CrowdStrike report notes “fewer than a third (32 percent) of respondents’ organizations have vetted all of their suppliers, new or existing, over the past 12 months.”

Read More

Topics: Third Party Risk Management

Abstract: What is the Business Case for MSSP?

Posted by Lynx Technology Partners on Apr 26, 2019 9:02:34 AM

An abstract form our highly anticipated MSSP paper, What is the Business Case for MSSP?

The National Institute of Standards and Technology (NIST) advises that similar to financial and reputational risk, poorly managed cybersecurity risk may negatively affect performance and place an organization at risk by reducing its ability to innovate. Decision makers and executives are repeatedly experiencing losses due to their inability to be fully knowledgeable about properly managing cybersecurity risk and complying with guidelines of the established frameworks (such as following some of the key elements of the NIST Cyber Security Framework).

Read More

Third Party Risk Management: Is it just a fancy tool?

Posted by Angela Dogan on Mar 18, 2019 2:29:00 PM

There’s a huge misconception in our industry today that a GRC platform is the end all be all to Third Party Risk Management (TPRM). This is so not true! The key to an effective, results driven, TPRM Program is to take the time to lay a solid risk-based foundation. History has shown, that if you just go purchase a tool and haven’t laid a solid foundation, the tool will not give you the results you’re looking to achieve. Regulatory bodies and Industry standards are embracing this philosophy as well. This process can be tedious and time consuming in the beginning but once complete, your result is a mature TPRM program that is ready to be transitioned into any GRC platform.

Read More

Topics: Third Party Risk Management

Cyber Security is Everyone’s Responsibility

Posted by Sam Friedman on Feb 6, 2019 1:35:07 PM

Companies spend millions every year on products and services to fix all their cyber security vulnerabilities. Then they spend just as much money on highly skilled, well-trained cyber professionals to manage those systems. All those resources are useless when an accountant, or a C-level’s executive assistant, or an HR manager, clicks a link they received in their email and BOOM.

Read More

Topics: cybersecurity, cyber range

GRC Programs Largely Ignore Self-Destructing Risks

Posted by Lynx Technology Partners on Feb 4, 2019 9:50:20 AM

A close look at the reasons companies fail reveals that there are substantial risks that don't typically fall under the purview of most GRC programs. The Forrester Report, Extend Compliance And Risk Management To What Really Matters For Your Business, explores how companies can improve business performance by expanding the fundamentals of their GRC program to the aspects of their company that drive success with customer interactions, which will in turn drive growth and revenue for the company.

Read More

Topics: Risk Management, GRC, governance risk