[5 min read] To the busy CISO, it might seem like implementing a GRC (Governance, Risk and Compliance) tool will be an easy way to create and manage a data security and risk management program. However, upon implementation, CISOs soon realize that a traditional GRC tool is not enough for today’s ...

[5 min read] Is the AICPA asleep at the wheel? More and more tech companies are seeking to demonstrate their security posture by undertaking a SOC 2 audit but, with so many audits taking place, and so much market pressure to reduce the cost and complexity of such audits, is the AICPA doing enough ...

[5 min read] Vendor Risk management is a hot topic especially when you realize that many of the most high-profile data breaches are due to vendors or third-parties (think of the widespread impact of the Solar Winds attack). Consider the financial impact alone when you realize that experts estimate ...

[4 min read] Why vendors may be the biggest security risk to your organization Of the companies that experienced a data breach in 2021, over 90% of breaches were linked to a third-party vendor. It is an all too familiar risk management story as evidenced by the Okta breach being attributed to a ...

[3 min read] It is amazing to think about how much data we all create these days. With so many employees working remotely, and the rise in the number of cloud-based services such as Google Cloud and iCloud, a recent report estimates that data will grow from 64.2 zettabytes in 2020 to more than180 ...

[4 min read] Data ownership is a complicated topic, much more complicated than most might think. We often talk about data security in possessive terms of “my sensitive data”, “my health information” or “my Personal Identifiable Information (PII)”, but what does ownership of that data actually mean? ...

[5 min read] And who has access to it? When I talk to CEOs and security professionals about data security, the one question that continually trips them up is - do you know where your data is? They tend to stumble over this question because they initially focus on their production data locations, ...

[5 min read] If you are involved with, or interested in, the data security world then no doubt you have heard many definitions of integrated risk management (IRM) and Governance, Risk, Compliance (GRC). Should we simply be looking at “GRC 3.0” as professed by Michael Rasmussen at Forrester, the ...

[4 min read] Security standards, reports, and certifications are becoming essential for vendors and technology firms. Certifications, such as SOC 2, offer a cost-efficient way of demonstrating effective risk management practices and meeting regulatory compliance directives.

[4 min read] Risk management is not well understood. Often there is confusion between risk management and risk assessment, and added to that confusion is how to measure risk or evaluate risk. After all, it is hard to measure something that hasn’t happened yet or to predict when it might happen. ...

[4 min read] I had not heard the term “Mission Corp” until earlier this year. It came up when I was interviewing someone for a role at Ostendio and, as I described to them how we operate, they suggested we sounded like a Mission Corporation. I quickly Googled the book and saw the similarity. The ...

[3 min read] This blog is the last in a series from the National Cybersecurity Alliance in support of Cybersecurity Awareness Month 2021. Ostendio is proud to be a 2021 Cybersecurity Awareness Month Champion. The theme for week 4 is Prioritizing Cybersecurity in a Hybrid Workplace. This is an issue ...

[2 min read] Ostendio is proud to be a 2021 Cybersecurity Awareness Month Champion. This blog is part of a series from the National Cybersecurity Alliance in support of Cybersecurity Awareness Month 2021. As a Champion, Ostendio is involved with spreading the word about cybersecurity and this blog ...

[3 min read] Ostendio is proud to be a 2021 Cybersecurity Awareness Month Champion. This blog is part of a series from the National Cybersecurity Alliance in support of Cybersecurity Awareness Month 2021. As a Cybersecurity Awareness Month Champion, Ostendio is involved with spreading the word ...

[4 min read] Every October we raise awareness about Cybersecurity together with the National Cybersecurity Alliance. Their series of blog posts for October focuses on the themes of Cybersecurity Awareness Month which includes: The Cyber Basics Fundamentals of Shoring up Phishing Defenses Cyber ...