Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Why Time Matters: Partners Lindsay Gerdes and Michael J. Bronson on Swift Action in Government Investigations
Consumer Finance Monitor Podcast Episode: Why do Fintechs Want to Become Banks?
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Episode 331- NAVEX State of Risk and Compliance Programs
What the Board Should Be Asking About the Compliance Program
Video: Artificial Intelligence Use in Political Campaigns
Episode 329 -- Bryn Sedlacek from Aravo on TPRM Holistic Risks and Unified Visibility
Compliance Lessons from Dating in Your 50s
The Justice Insiders Podcast - AI-Washing: Everything Old Is New Again
The AI Shakeup: New Tech Innovations and the Future of Corporate Law
Principled Podcast: S11E7 | Fortifying Ethical Frameworks: Navigating Emerging Risks in the Middle East
Managing Compliance Risk for Human Trafficking and Modern Slavery
Common Scenarios Triggering False Claims Act Violations, Part 3: Claims and Investigations
Navigating Bank-Fintech Partnerships: Avoiding Common Pitfalls — The Consumer Finance Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
Revisiting Financial Institution Incentive Compensation Rules Under Dodd-Frank — The Consumer Finance Podcast
Episode 325 -- AI and Emerging Compliance Frameworks
On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. ...more
It has now been more than six months since Congress allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire on July 28, 2023. EPA recently advised all...more
In one of the most clear-eyed and sobering assessments of the cyberthreat China poses to our nation’s critical infrastructure, the country’s foremost cybersecurity leaders recently testified that the Chinese Communist Party...more
Elevate your resilience in the new year by understanding top GRC trends, patterns, and best practices across AI, TPRM, cyber risk, and more. As we step into 2024, technological advancements and an increasingly connected —...more
As governments around the world begin to introduce new frameworks and standards addressing the responsible design, development, deployment and operation of artificial intelligence (AI) systems, chief compliance officers...more
On December 12, 2023, FERC staff offered information and recommendations to help registered entities (i.e., users, owners, and operators of the bulk electric system) improve their compliance with mandatory Critical...more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (UK NCSC), along with partner agencies from 17 nations, have released Guidelines for Secure AI System Development (the...more
It’s Cybersecurity Awareness Month, and this year marks the 20th anniversary of the campaign. Introducing “Secure Our World” as the central theme, the Cybersecurity Infrastructure and Security Agency (CISA) is on a...more
The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory on October 11, 2023, urging companies (particularly those in the critical...more
On September 27, 2023, FDA finalized its guidance entitled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” (the “2023 Final Guidance”). The Final Guidance replaces...more
To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA and the National Cybersecurity Alliance will “focus on ways to “Secure Our...more
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch...more
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued “timely information about current security issues, vulnerabilities, and exploits surrounding” Industrial Control Systems (ICS)....more
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The CLOP ransomware organization has been reportedly exploiting an SQL injection...more
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell...more
Third parties have posed significant risks to companies for years, but perhaps more so now than ever before. Cyber threats, Russia sanctions, and a new wave of child labor in the United States are just a few risks making...more
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued an Alert outlining the top Common Vulnerabilities and Exposures (CVEs) that have been used by the People’s Republic of China (PRC) state-sponsored...more
Cyber risk management has significantly escalated in importance, during the last couple of years, as a result of companies overcoming the operational challenges of the pandemic, transitioning to hybrid working, preparing for...more
Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft stated that it is aware that two vulnerabilities are being actively exploited to access users’...more
Government agencies at the state and federal levels are increasingly training their sights on the cybersecurity resiliency of companies in an array of industries. The US Securities and Exchange Commission has proposed rules...more
The Cybersecurity & Infrastructure Security Agency (CISA) added 21 new vulnerabilities to its Known Exploited Vulnerabilities Catalog on May 23, 2022, due to active exploitation by cyber criminals. The vulnerabilities are a...more
As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations...more
As Russia’s invasion of Ukraine rages on, companies of all sizes and in every industry need to be vigilant to protect themselves from cyberattacks. Even in the best of times, rogue cybercriminals and nation-state threat...more
Organizations often struggle with budgeting for cybersecurity risk and mitigation. It’s hard to see the return on investment for prevention of things that attack the company through the clouds....more
This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory. While it does not identify specific threats in the advisory, CISA states that the “Russian...more