Prevent risk in your company’s supply chain

Company supply chains have become more global and digital, adding complexity and increasing risks. In today’s uncertain market, just a single weak link in the chain can expose your organization to major financial, regulatory, operational, and reputational risks.

Download this eBook to see how companies are using technology to gain visibility into vendors and automate the risk management processes.

This eBook includes:

• A 7-step guide to improving supply chain visibility
• The top 10 non-pandemic supply chain risks of 2020
• A look at NIST's new Risk Management Framework

As an IT risk or security professional, you bear the responsibility of safeguarding your organization from IT threats. Establishing the right set of Key Risk Indicators (KRIs) plays a critical role in detecting potential risks that can halt business operations or cause reputational damage. But many IT departments aren’t sure of where to get started.

This white paper will provide you with a foundational understanding of KRIs and give actionable tips to help you overcome the common challenges of implementing, managing, and maintaining KRIs. Plus, we provide three jam-packed pages of example KRIs for IT professionals. By the time you’re done reading, you’ll have a roadmap to ensure your IT governance program is a success. 

There’s no question that providing assurance on the effectiveness of IT controls is time-consuming and repetitive. And as cloud-use and mobile apps become more prevalent, external auditors want even more assurance over data validity, integrity, and completeness of testing. But performing access testing by manually downloading user lists and running reports is highly inefficient and not a sustainable way to get the assurance you need.

Join us on this 60-minute webinar to discover how to improve your ITGC testing, including:

• how to automatically connect to systems like Active Directory, SAP ERP, and Salesforce to maximize the efficiency of user access control testing.
• how to apply a standardized user access matrix to speed up quarterly system access reviews and certifications.
• how to work in HighBond to centralize and coordinate user access reviews across the business to reinforce the completeness and validity of testing.

The recent discovery of cyberhacks via third-party software have made the advanced persistent threat (APT) of supply chain attacks a new priority. But CISOs and IT teams can’t address these risks alone. It’s time to call for backup from internal audit.

In this webinar, we’ll discuss how IT risk and internal audit teams can work together to strengthen internal controls in the face of these advanced persistent threats. As a GRC professional, you’ll learn:

• How infosec, third-party risk, and internal audit teams can collaborate effectively.
• Specific audit procedures that will reduce your organization’s risk exposure.
• Tools and techniques auditors can use to respond to the fallout of emerging cyber risks.

The reality of modern organizations is that certain business activities need to be outsourced to vendors—each with their own risks. These risks can be reduced with a solid onboarding process, but having the process alone isn’t enough. Organizations must rely on their internal audit team to confirm they’re engaging with the right vendors, in the right ways.

Get this white paper for tips on how audit can provide oversight to strengthen your VRM program in these five areas:

Digital transformation offers promise but also brings peril. Bad actors, hackers, black hats, whatever you want to call them, are constantly probing and attacking company networks. In fact, researchers have found it only takes seconds before hackers attack newly connected devices and services.

In this new e-book, Lockpath, a leader in IT GRC and Continuous Security Monitoring solutions, provides insights into the core elements of an advanced IT security defense system and how companies can evolve the way they protect against threats.

To drive an effective and informed response to today’s dynamic risk landscape, IT teams need real-time insights into critical risk and control areas that impact organizational objectives. This is where quantifiable key risk indicators (KRIs) come in. They provide early warning signs when risks are heading in an unfavorable direction.

Join tomorrow's CPE-approved webinar and learn how to design, implement, and maintain 15 must-have KRIs for sound IT risk management. You’ll also discover:

• Why KPIs, KRIs, and KCIs are important in today’s IT risk landscape
• Examples of leading, lagging, and current KRIs and what makes them most effective
• How to establish the right KRIs for IT governance at your organization

While organizations know that cybersecurity is an essential safeguard, many prioritize IT compliance primarily to address industry and government regulations. But, due to the global shift to remote work environments and economic uncertainty, data and infrastructure are more vulnerable to attack than ever before.

To be truly effective, GRC teams need to take a risk-first approach. In this eBook, you’ll discover best practices for cyber risk management and how automation can help address compliance and risk objectives, including:

• What “good” looks like for cyber risk management
• Six steps in the business risk assessment process
• The important role of automation in cyber risk management

As companies continue to outsource more aspects of their operations to third parties, they expose themselves to more shared risk. Most organizations understand the need to automate vendor risk management (VRM) activities to keep up with increasing scope and scrutiny. Yet they struggle to identify and prioritize the key features their VRM solution must provide so they can make a significant impact quickly.

To help with this challenge, this checklist outlines features to look for in a VRM solution and explains key areas where you can start mitigating vendor risk today, including:

• vendor risk assessment workflows
• vendor engagement
• architecture & infrastructure
• risk reporting requirements