Grant Elliott, CEO and Chairman, Ostendio

Recent Posts

May 10, 2022

7 reasons a traditional GRC tool is not enough

[5 min read] To the busy CISO, it might seem like implementing a GRC (Governance, Risk and Compliance) tool will be an easy way to create and manage...
Read more
May 9, 2022

The Rise and Fall of SOC 2 audits

[5 min read] Is the AICPA asleep at the wheel? More and more tech companies are seeking to demonstrate their security posture by undertaking a SOC 2...
Read more
April 25, 2022

3 Vendor Risk Management challenges and how to solve them

[5 min read] Vendor Risk management is a hot topic especially when you realize that many of the most high-profile data breaches are due to vendors or...
Read more
April 5, 2022

3 Steps to Establishing a Vendor Risk Management Program

[4 min read] Why vendors may be the biggest security risk to your organization Of the companies that experienced a data breach in 2021, over 90% of...
Read more
March 9, 2022

Why The Location of Data is Critical to Data Security and Risk Management

[3 min read] It is amazing to think about how much data we all create these days. With so many employees working remotely, and the rise in the number...
Read more
February 23, 2022

Who owns data?

[4 min read] Data ownership is a complicated topic, much more complicated than most might think. We often talk about data security in possessive...
Read more
February 7, 2022

Do you know where your data is?

[5 min read] And who has access to it? When I talk to CEOs and security professionals about data security, the one question that continually trips...
Read more
January 19, 2022

The evolving landscape of Integrated Risk Management

[5 min read] If you are involved with, or interested in, the data security world then no doubt you have heard many definitions of integrated risk...
Read more
November 17, 2021

Understanding the science of risk management

[4 min read] Risk management is not well understood. Often there is confusion between risk management and risk assessment, and added to that...
Read more
October 27, 2021

How Ostendio Found its Purpose

[4 min read] I had not heard the term “Mission Corp” until earlier this year.  It came up when I was interviewing someone for a role at Ostendio and,...
Read more
September 23, 2021

Embracing a Data Driven approach to Risk Management is the key to success

[4 min read] We all know how hectic the life of a CISO can be regardless of the size of business they support or the industry they are involved in. ...
Read more
September 9, 2021

5 Most Common Vendor Risk Management Mistakes and how to avoid them

[4 min read] When it comes to managing risk, companies often overlook their vendors. But Vendor Risk Management should be an integral element of any...
Read more
August 3, 2021

Remote vs Hybrid Work and the Real Cybersecurity Risk

[4 min read] We are at a turning point as companies are deciding what to do about returning to the office after the pandemic. As many schools prepare...
Read more
July 29, 2021

3 Steps to Improve Your Company's Security Posture

[4 min read] Late last year we wrote a blog that looked at Risk Management and Data Security and suggested what you might do differently as we headed...
Read more
July 16, 2021

How to avoid a Kaseya-type attack

[4 min read] There’s one thing that you can count on in the news right now and that’s another report of a data breach or ransomware attack. They seem...
Read more
July 13, 2021

Why preparing for a SOC audit takes more than 2 weeks

[4 min read] Have you ever wished you could run a marathon?  I have run a few and I can tell you it is hard work and takes a lot of training just to...
Read more
June 22, 2021

What is the difference between risk management and risk assessment?

[4 min read] I have learned over my time working in the cybersecurity space that for many people and business leaders there is a lot of confusion...
Read more
May 24, 2021

What is regulatory compliance?

[5 min read] Customers see a lot of confusing terms when they are looking at building a security program.  Terms such as “regulatory compliance”,...
Read more
May 5, 2021

3 trends for safely managing security and risk in 2021

[4 min read] We talked previously about the type of cybersecurity and risk management challenges to expect in 2021, but the trends driving these...
Read more
March 11, 2021

Why is Vendor Risk Management a 'tick the box' process for most companies?

[5 min read] There is much confusion around Vendor Risk Management (VRM), what it is and how to handle it properly for all sizes of business. Too...
Read more
December 22, 2020

The most important lessons to take away from the SolarWinds hack

[5 min read] The data breach involving FireEye and SolarWinds was shocking. As the leader of a cybersecurity platform company, a significant breach...
Read more
October 29, 2020

Cybersecurity and the 2020 Election

The election news cycle is in full swing as we near the big day on November 3rd. Regardless of how you vote, at Ostendio we encourage all employees...
Read more
October 15, 2020

A guide to optimizing your existing security program

Many larger companies, and some medium sized companies, have a focused CISO with a great IT team who have all worked hard to establish a data...
Read more
September 17, 2020

You passed your security audit...what’s next?

If you’ve recently built a data security and risk management program and passed a security audit, you’ve accomplished more than many organizations. ...
Read more
September 11, 2020

Worried your business is too small for an effective cybersecurity program?

The first step in any process is often the hardest. Realizing that you need to take action is just the beginning, deciding what action to take is...
Read more