Conversations in Risk-Based Security

Lynx Technology Partners

Recent Posts

Competency: Why Certification isn’t Enough

Posted by Lynx Technology Partners on Mar 25, 2020 10:00:00 AM

LYNX Technology Partners is fortunate to work with industry thought-leaders from around the globe.  We have learned a great deal from conversations with these leaders – these conversations continue to inform our day-to-day business, and the creation of industry solutions.  We thought YOU might like to ‘eavesdrop’ on some of these fascinating conversations. 

Read More

CORONAVIRUS:  Another “Case” for Integrated Risk Management

Posted by Lynx Technology Partners on Mar 16, 2020 10:36:03 AM

Just as you’ve begun to update and reevaluate operational structure in support of growing threats of all sorts, along comes….Coronavirus - as if we needed a reminder that the world is full of ‘threats’.  

Read More

Topics: Integrated Risk Management

Shark Sighting at RSA

Posted by Lynx Technology Partners on Feb 26, 2020 1:41:58 PM

Hosted by Security Current, The Security Shark Tank® during RSA is the premier pitch event of its kind.  It draws over 20 CISOs from across the country in an informative and fun forum to hear from a select group of invited vendors in a rapid-fire, back and forth pitch.

Lynx CEO Gina Mahin was in the shark infested waters yesterday.  What do you have to do to swim with the sharks without being eaten alive?  Above all else, INNOVATION is Critical.  Not only is it a critical differentiator in the tank, but it's really the most important driver for all of us in cybersecurity.  We build it.  They hack it.  We create walls and infrastructure.  They throw AI at 'em.  It's the old, "If you're not innovating, you're dying!"  And while that might be an extreme statement for some industries, well...in cyber, it's (sadly) pretty darn close to reality.

Read More

CCPA:  Thinking Beyond Compliance = Competitive Edge

Posted by Lynx Technology Partners on Feb 26, 2020 9:51:19 AM

Consumer data privacy protection is a global concern – driving new regulations around the world.  Many U.S. companies are multi-national, and have already begun work to increase security and transparency in meeting the requirements of GDPR.  In general, if a company is in compliance with GDPR (or are on their way in meeting those requirements), then that company is fairly far along in meeting the requirements of CCPA.  

Read More

Topics: CCPA

The ‘Culture’ of Risk Integration; When Integration Eats GRC for Lunch

Posted by Lynx Technology Partners on Feb 18, 2020 9:20:36 AM

Culture is a funny thing.  We all know we need it…we need more of it…we need it at the center of decision-making…we discuss it in meetings…we’ve even created executive positions for it…BUT can we define it?  Culture is fairly intangible – sorta the, “I know it when I see it” thing.

And we all know – that’s not enough.

Read More

Topics: Risk Integration, Integrated Risk Management

Optimizing the CISO’s Gameplan: Governance, Compliance, & Diversity

Posted by Lynx Technology Partners on Nov 4, 2019 10:03:49 AM

Originally written and published by Kevin Howarth of NTSC (NTSC.org)

If a theme emerged in the National Technology Security Coalition’s (NTSC) recent conversation with Aric K. Perminter, Chairman and Founder of Lynx Technology Partners, it’s that CISOs are seeking services and solutions that enable simplification, automation, and integration of strategic, operational, and IT risk management processes and data. As a security visionary and leader, Perminter guided Lynx Technology Partners through its founding in 2009 into a multimillion-dollar information security and risk management company. As chairman of the Board of Directors, Perminter is responsible for formulating and executing long-term strategies and interacting with clients, employees, and other stakeholders. During his 25-year career, Perminter has held a wide variety of leadership positions across key parts of information technology businesses—including serving as Lynx’s CEO through August 2015.

Read More

Topics: compliance, governance risk

Integrated Risk Management: Above and Beyond Risk Mitigation

Posted by Lynx Technology Partners on Oct 31, 2019 12:43:42 PM
Originally posted at Ivanti.com
 
We face risk every day - it’s a part of life. For organizations, it’s also a part of doing business. There are many different definitions of risk and even more methods for managing it. Over the last couple decades, risk management has evolved due to the changing business landscape and interconnected world. 
 
As the digital universe has expanded, so have the capabilities of the individuals and organizations trying to exploit it. Sadly, organizations face these threats every single day. This is why they must find a way to identify and deal with these risks without jeopardizing business operations and reputation. All while operating in an increasingly regulated world.
Read More

Topics: Security

The Value of Virtual Assessments

Posted by Lynx Technology Partners on Sep 24, 2019 2:03:00 PM

A risk-based determination of whether – and how – to conduct remote assessments of vendors

Expert Contributors:  Angela Dogan, Lynx Technology Partners and Andrew Hout, Shared Assessments

Given how much time and money virtual assessment of vendors can save companies and their third party risk management programs, it may be surprising to learn that cost and convenience should have little, if anything to do, with determining whether a risk assessment should be performed in person or remotely.

Read More

Abstract: What is the Business Case for MSSP?

Posted by Lynx Technology Partners on Apr 26, 2019 9:02:34 AM

An abstract form our highly anticipated MSSP paper, What is the Business Case for MSSP?

The National Institute of Standards and Technology (NIST) advises that similar to financial and reputational risk, poorly managed cybersecurity risk may negatively affect performance and place an organization at risk by reducing its ability to innovate. Decision makers and executives are repeatedly experiencing losses due to their inability to be fully knowledgeable about properly managing cybersecurity risk and complying with guidelines of the established frameworks (such as following some of the key elements of the NIST Cyber Security Framework).

Read More

GRC Programs Largely Ignore Self-Destructing Risks

Posted by Lynx Technology Partners on Feb 4, 2019 9:50:20 AM

A close look at the reasons companies fail reveals that there are substantial risks that don't typically fall under the purview of most GRC programs. The Forrester Report, Extend Compliance And Risk Management To What Really Matters For Your Business, explores how companies can improve business performance by expanding the fundamentals of their GRC program to the aspects of their company that drive success with customer interactions, which will in turn drive growth and revenue for the company.

Read More

Topics: Risk Management, GRC, governance risk