GRC & Me

Top 3 Quotes“Ultimately, you wouldn't go through any of these assessments unless it's driving business.”“You don't want to be more secure just so you can be more secure, it's got to be a part of your overall business plan.”“You have to start looking at this as a positive business driver instead of something that is just a line item that costs money at the end of the year.”Show Highlights[01:15] How Bryan got to where he is now[01:54] SAS 70 Solutions was born[03:18] Bryan starts with Abacode[04:21] The trend Bryan is witnessing in cybersecurity[05:28] How companies determine what to apply[07:01] What is FedRAMP?[08:31] The FedRAMP process[10:36] What to do internally before seeking outside counsel[12:39] Bryan's value for customers in the market today[15:41] GRC best practices and cybersecurity trends[17:54] A different type of security that Bryan provides!Resources:Connect with Bryan on LinkedInAbacode Cybersecurity WebsiteAbacode Cybersecurity LinkedInAbacode Cybersecurity TwitterAbacode Cybersecurity FacebookTampa Bay Dalmatian Rescue

Top 3 TakeawaysTransparency is very important to consumers right now. You want to make sure that you're clear about what's happening to personal information.Have a full and complete understanding of who you share information with.You don't want to be held liable for a vendor who misused data.Show Highlights[00:50] Sharing Donata’s background[02:12] The nitty-gritty of regulations[03:30] The CCPA Bill exodus[05:49] Who does the CCPA Bill apply to?[06:50] How does the CCPA affect consumers today?[07:45] The fundamental differences between CCPA and GDPR[10:40] CCPA penalty provisions[11:52] Top three tactical tips to ensure compliance[15:34] Will there be swifter actions for non-compliant companies?[17:29] CCPA as a bellwether for future regulations.[19:24] Trends to anticipate[22:32] How Donata and Termageddon works with folks[24:05] Termageddon's origin and the impetus behindResources:TermageddonConnect with Termageddon on TwitterConnect with Termageddon on FacebookConnect with Donata on LinkedInUS Federal Privacy Law TrackerGDPRCCPA

Top 3 Takeaways Defensibility is the ultimate concept that everybody drives to—whether they say it out loud or not. In the security landscape we see today, there are many opportunities for improvement. Even when I employ all of my resources, even when I put my best foot forward out there, failures can occur in my ability to protect data. Show Highlights [00:47] Neil introduces Asureti. [01:23] What is SRCP? [02:45] Do organizations have solid strategy around GRC principles today? [04:50] The functions that need to be in place. [07:36] The concept of "Good enough can be the cool." [09:30] What should organizations be thinking about in terms of preparedness or potential consequences? [11:09] The cliche of "Nothing bad has ever happened before.'' [12:54] Neil's encouragement to everyone. Resources: Asureti Website Connect with Neil on LinkedIn

Show Highlights: [00:22] A new taste of the podcast [00:26] Meet your new host [00:55] What to expect moving forward Resources: Connect with Megan on LinkedIn Connect with Megan on Twitter Connect with Megan on LogicGate

Top 3 Quotes Risk Management is not really a profession. It's a competency that should be part of most degrees, if not all the degrees, at universities. Most organizations have been disillusioned with the astrology version of risk management. Sometimes, even a little quantification improves the quality of decision-making significantly. Show Highlights [01:17] Alex shares what the Risk Academy provides [03:02] How Alex got into risk [05:13] Alex's "controversial" blog [08:04] Methodologies, strategies, importance [13:52] What forces Alex to be controversial [16:16] Brilliant idea of dumbing it down [17:42] Approaching risk quantification [20:37] The real question is, how complex can we go? [23:29] How and when organizations should approach quantification [26:00] An unrealistic fairytale based on averages [29:03] Cultural difference in risk management approach [30:00] Alex's predictions in the coming years [34:17] Final nuggets of wisdom Resources: RISK-ACADEMY Connect with Alex on LinkedIn Connect with Alex on Twitter Prospect Theory: An Analysis of Decision Under Risk by Daniel Kahneman and Amos Tversky Judgment under Uncertainty: Heuristics and Biases by Daniel Kahneman and Amos Tversky Foundations of Behavioral and Experimental Economics by Daniel Kahneman and Vernon Smith How to Measure Anything: Finding the Value of ‘Intangibles’ in Business Probability Management Conference Monte Carlo Simulation Moneyball The Flaw of Averages: Why We Underestimate Risk in the Face of Uncertainty by Sam L. Savage

Top 3 Takeaways It's tough to keep up without good technology The transparency between parties is tough with financial institutions A single point of failure can also be a single point of fraud Show Highlights: [02:50] Challenges that the smaller financial institutions have in their risk management programs [07:13] The significant irony in financial institutions [09:01] What Terri brings to the table [10:50] Creating a culture of risk-awareness [12:24] Reactive planning versus strategy planning [14:25] The shift Terri has seen [15:32] The unfortunate indicator [16:45] Terri's opinion on banks reducing their operational costs [19:43] One of the areas of challenge of heavily-regulated organizations [21:37] What works and what doesn't for acquired financial institutions [25:03] More tips for acquiring financial institutions [26:49] Guilty by association [27:59] Rounding up with the most shocking fraud story Resources: Secura Risk Management Website Connect with Terri on LinkedIn Connect with Terri on Twitter Ozark Show

Top 3 Takeaways: There's a big need in the marketplace for a technology that’s flexible and dynamic, yet easy to use from an end-business-user perspective. “I took an educated bet that the market was right for a disruptive perspective.” “Everyone is somewhere between ought-to-buy and needs-to-buy a GRC platform.” Show Highlights: [01:08] How the committee got started. [2:53] Matt's handling of projects related to the Lehman Brothers’ fallout and the Madoff scandal [3:11] Starting a custom app dev group at Navigant Consulting [3:41] How he helped JPMorgan Chase’s mortgage bank get out of consent order with OCC [4:11] What is the Dodd-Frank Ruling? [4:54] The platform technology built for JPMorgan Chase to get compliant [7:43] Why Chase ultimately went to Navigant [9:25] The ‘lightbulb moment’ for Matt [10:38] The search for different solutions [11:50] Matt shares why he started LogicGate [12:21] How did Matt pull the trigger and decide to leave his comfortable position and take that huge risk? [14:18] The most interesting part of the platform [15:36] How Matt views LogicGate [16:31] Insight on how the company’s mascot (The GOAT) came to be [18:05] What’s next for LogicGate? Resources: LogicGate's Website Connect with Matt on LinkedIn Connect with Matt on Twitter Navigant Group Dodd-Frank Ruling GDPR California Consumer Privacy Act

Top 3 Takeaways: Focus on critical items first and make sure you have people and processes in place beforehand. If technology is flexible, you can continue to scale and grow and change your processes over time. Start simple, drive value in one place, and then build that over time. Show Highlights [1:35] Szuyin’s consulting background and why she got certed [2:33] Finding out about LogicGate [03:34] The common challenges getting started [4:46] The number one thing Szuyin recommends [6:23] Keep it simple and less is more [7:58] What holds small and mid-sized companies in a status quo? [12:36] Preparing and ensuring a successful launch and avoiding losing the momentum post-implementation [15:14] The other big thing [16:45] Processes involving high-level metrics and what to look for [18:02] A brief tangent on fair risk methodology [20:04] What trends and solutions are making the biggest impact? [22:32] The key priority right now [23:00] Using risk to inform business-making decisions Resources: LogicGate Connect with Szuyin on LinkedIn Read up on Szuyin’s Work on Medium

Top 3 Takeaways It’s important to first establish what your company is trying to accomplish with its GRC program. Frameworks are like the human body; you've got multiple systems involved. All those come together to help form a GRC program. In light of data breaches, consumers are picking up on privacy. They're demanding better practices with their personal data. Show Highlights [01:09] How Michael got involved in GRC [02:35] What frustrates Michael [04:39] The GRC moves, changes, and challenges [06:32] Why organizations need strategy around GRC [09:17] Deciding what framework is the best fit [13:37] The trends Michael sees and what it indicates [14:56] Success metrics for GRC teams [17:17] Defining agile and what’s behind the emergence [20:09] The differentiating factors among GRC solutions [21:26] Massive data breaches; how they will shape the future of GRC [22:45] Michael answers a “loaded” question Connect with Michael on LinkedIn Connect with Michael on Twitter GRC 20/20 GDPR California Consumer Privacy Act Ten Thousand Commandments The Competitive Enterprise Institute

Top 3 Takeaways A data model is the underlying architecture that underpins any GRC program. We live in a world that is constantly moving, changing, and evolving. That’s why flexibility in business systems is key. Flexibility means being able to put a program in place on day one, without a final vision of where it’s going—it can change and adapt to changing requirements along the way. Show Highlights [01:07] Matt’s background [03:50] Why data models are important to an effective GRC program [05:10] The problems with a traditional data model [07:55] How a flexible data model is really different [09:25] Why choose a flexible data model [12:24] How data model flexibility is innovating how we do business [13:48] What innovation is developing from a flexible data model [15:42] Matt's advice [16:18] How Matt helped companies overcome obstacles Resources: LogicGate's Website Connect with Matt on LinkedIn Connect with Matt on Twitter