Authorities on Risk Assurance

The Shared Assessments Blog

Posts By: Gary Roboff

Third Party IoT Security: Interpreting Survey Results in the Context of a Shifting Security Paradigm

Published on July 17, 2017 By | Posted in: Cyber Attacks, Data Protection, Internet of Things (IoT), News, Third Party Oversight, Third Party Risk, Vendor Risk Managment, Vendor Security, Vendor Threat

Shared Assessment’s just published Ponemon research report The Internet of Things (IoT): A new Era of Third Party Risk provides a great snapshot of current IoT Risk management both within an organization’s four walls and with the third parties that so often support mission critical activities. Many of the report’s findings are troublesome: the lack […]

Demonstrating the Increased Maturity of Third Party Risk Management Programs – 2016 Benchmark Study

Published on November 29, 2016 By | Posted in: Benchmark Study, Benchmark Study, Blog, Board's, Newsletter, Risk Management, Shared Assessments, Third Party Risk, Third Party Risk Management

The Shared Assessments Program and Protiviti, Inc., a Shared Assessments member organization, have completed the 2016 Vendor Risk Management Benchmark Study, the third annual study in this series. This year’s study shows, for the first time, that companies appear to have reached a positive turning point with regard to managing third party risks. Data from […]

EU’s GDPR and the EU-US Privacy Shield: Where Are We and Why Are We There?

Published on May 31, 2016 By | Posted in: EU, General Data Protection Regulation (GDPR), News, Newsletter, Privacy, Privacy Shield

The past month has seen two major developments on the privacy front that will have worldwide consequences for entities that handle personal data. Except for the final implementation date, we knew what to expect from the latest iteration of EU data protection language. However, no preview was forthcoming regarding the contents of the eagerly awaited […]

New FFIEC Examination Handbook is Required Reading

Published on January 28, 2016 By | Posted in: Examination Handbook, FFIEC, Newsletter

Hot on the heels of the June 2015 Cybersecurity Assessment Tool, the Federal Financial Institutions Examination Council (FFIEC) has issued a revised Examination Handbook Management Booklet with updated Information Technology (IT) examination procedures.1,2 As might be expected, the new IT examination procedures incorporate substantial input from the last major handbook revision, which was focused on […]

Be #PrivacyAware on Data Privacy Day!

Published on January 27, 2016 By | Posted in: Data, Data Privacy Day

January 28th, is international Data Privacy Day. With a theme of Respecting Privacy, Safeguarding Data, and Enabling Trust, each year hundreds of organizations come together to drive awareness and education on key data protection concepts targeted to help employees, individuals and businesses. Educational tools are made available through the website to help people and […]

The Seemingly Illusive Nature of Tone at the Top

Published on October 28, 2015 By | Posted in: Newsletter, Tone at the Top

Think Tone at the Top doesn’t matter? A front page headline in the Friday, September 25th New York Times Business Day section, commenting on Volkswagen’s use of sophisticated software to circumvent omissions standards, read “Problems at VW Start at the Boardroom” and continued “The governance of Volkswagen was a breeding ground for scandal. It was […]

Three Tips to Manage Vendor Risk and Combat Cyberattacks

Published on August 28, 2015 By | Posted in: Blog, Cybersecurity, Vendor Risk, Vendor Risk Managment

It has been a banner year for cyberattacks in healthcare, and the threats show no sign of stopping. The growing dangers of cyberthreats should make vendor risk management a business-critical issue for all organizations, and healthcare companies, in particular. With the increasing number of cyberattacks, intensified regulatory scrutiny and the extreme sensitivity of patient information, […]

2nd Annual Vendor Risk Management Benchmark Study Shows Need for Step-Function Improvement

Published on July 21, 2015 By | Posted in: Benchmark Study, Newsletter, Shared Assessments, Third Party Risk Management, Vendor Risk Managment, Vendor Security

Early summer 2015 is proving to be a busy one for those interested in cyber security maturity models, first with the June 30th publication of the FFIEC’s Cyber Security Assessment Tool (which incorporates a cybersecurity maturity model) and now with the release of the second annual Shared Assessments Vendor Risk Management Benchmark Study. Questions about […]

PCI and Tomorrow’s Payments Security Environment

Published on April 30, 2015 By | Posted in: Newsletter, Payments, PCI

Every so often it’s useful to sit back and reexamine a subject from a 40,000 foot perspective. In the last six to eight weeks, three unrelated items have caused me to do just that as I think about security issues in the payments card arena, never an easy subject even in the best of circumstances. […]

Happy New Year EMV

Published on January 30, 2015 By | Posted in: Payments, Tokens

2014, on balance, was a very good year for progress in securing electronic retail payment transactions. Most importantly, many of the key payments stakeholders seemed to coalesce around the general understanding that three basic tools, EMV chip cards, payment tokenization, and end-to-end encryption were all essential to make real progress toward next generation payments security. […]

Shared Assessments Program licensee Churchill & Harriman logo
Shared Assessments Logo Deloitte
Shared Assessments Licensee ZS logo
Shared Assessments Logo radian
Shared Assessments Licensee Protiviti
Shared Assessments Logo Ernst & Young
Shared Assessments Licensee Lockpath
Shared Assessments Logo Deluxe Corp
Shared Assessments Licensee Bank of the West
Shared Assessments Logo pwc
Viewpoint Logo
Shared Assessments Licensee Rsam
Shared Assessments Licensee ControlCase
Shared Assessments Logo Iron Mountain
Shared Assessments Logo sei
Shared Assessments Logo first data
Shared Assessments Logo usbank
Shared Assessments Licensee Pivot Point Security
Shared Assessments Licensee Power Advocate
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Licensee TD Ameritrade
Shared Assessments Logo dtcc
MetricStream logo