CIO Magazine recently distributed an email promoting its “FutureEdge 50 Awards” with a playfully sinister line: I know what you did last summer... in IT... during the pandemic. Now get rewarded for your work. The plug is a reference to the campy late-‘90s slasher...
Charlie Miller
Is the New Federal IoT Law a Sign?
Feb 12, 2021 | Data & Cybersecurity, Internet of Things (IoT)
During the three years it took for the IoT Cyber Security Improvement Act of 2020 to complete its legislative journey, more than 11.8 billion devices were connected to the Internet. That’s a decidedly conservative estimate of IoT device growth, one based on former...
Third Party Risks – A Cascading Convergence – 2021 Perspectives
Nov 4, 2020 | Data & Cybersecurity, Internet of Things (IoT)
In a recent report on the future of cybersecurity risks, The Wall Street Journal published a Top 10 list of systems and devices that hackers will attack in the coming decade. Santa Fe Group Senior Advisor Charlie Miller has been talking about most of these targets for...
Risk Questions for IoT Products and Services
Oct 7, 2020 | Data & Cybersecurity, Internet of Things (IoT)
October is Cybersecurity Awareness Month – in step with this first week’s focus on internet-connected devices and “empowering users to own their role in security by taking steps to reduce risks,” this blogpost examines what enterprise organizations need to understand...
Principle of Least Privilege Security Principle
Oct 1, 2020 | Data & Cybersecurity, Data Protection, Information Security, Third Party Risk Management
Shared Assessments' Insurance Vertical Strategy Group came together for its quarterly meeting last week. Conversation was engaging and covered the widening scope of assessments, the multitude of third party types and the need for re-risking vendors in light of the...
Supply Chain Concentration and Resilience Risk
Aug 25, 2020 | Business Continuity, Business Resiliency, Incident Reponse, Pandemic Planning, Supply Chain
How do we actually address Supply Chain Concentration and Resilience Risk? Disaster has a way of bringing 'supply chain’ into the common lexicon. In the aftermath of the 2011 Tohoku earthquake, major companies including Apple and Toyota experienced shortages of...
IoT Risk Due Diligence Questions
Jul 27, 2020 | Data & Cybersecurity, Internet of Things (IoT)
We’ve been fielding many IoT (Internet of Things) questions this summer. Organizations who already use the SIG tool in their TPRM programs and organizations evaluating the SIG tool have asked us about the proper lines of inquiry around IoT. What questions do we need...
Financial Crime Risks: What A Vendor Manager Must Know About Sanctions and Money Laundering
Jun 24, 2020 | Banking and Financial Services
Shared Assessments’ Continuous Monitoring Working Group recently convened to examine the financial crime risks that a vendor manager must understand. Ken Wolckenhauer, head of vendor due diligence and review for the New York branch of Finland-based Nordea Bank, led...
Third Party 5G Risks & The Power of ‘And’
Jun 14, 2020 | Cyber Risk, Cybersecurity, Data, Data & Cybersecurity
Sharp leaders deploy it, improv performers embrace it and fifth generation (5G) wireless technology depends on it. I’m referring to the power of “and.” Skim through any thought leadership concerning 5G’s massive potential to generate new business models and...
Third Party Financial Health A Leading Indicator for All Areas of Risk
May 5, 2020 | Third Party Risk Management, Vendor Risk Management
Complexity and uncertainty in the supply chain have increased exponentially in recent months leading to higher risk related to all aspects of third parties and supply chains. With the economic downturn expected to continue due to the destabilizing impacts of COVID-19,...
Sign up for our Newsletter
Learn about upcoming events, special offers from our partners and more.
Sub Topics
- Agreed Upon Procedures (AUP)
- Artificial Intelligence
- Assessment Firms
- Banking and Financial Services
- Benchmark Study
- Best Practices
- Best Practices
- Best Practices
- Big Data
- Board of Directors
- Brexit
- Briefing Paper
- Business Continuity
- Business Resiliency
- California Consumer Privacy Act (CCPA)
- Certification
- Certified Third Party Risk Professional (CTPRP)
- Cloud Computing
- Collaborative Onsite Assessment
- Compliance
- Contracts
- Corporate Culture
- Corporate Reporting
- Cyber Crime
- Cyber Insurance
- Cyber Risk
- Cyberattacks
- Cybersecurity
- Cyberwarfare
- Data
- Data & Cybersecurity
- Data Breach
- Data Governance Tools
- Data Privacy Day
- Data Protection
- Dodd-Frank
- Education and Training
- Environmental Social Governance (ESG)
- Event
- FINRA
- Framework
- Fraud
- General Data Protection Regulation (GDPR)
- Global Risk
- Governance
- Guidance
- Hacking
- Health Insurance Portability and Accountability Act (HIPAA)
- Healthcare
- Incident Reponse
- Industry Members
- Industry Verticals
- Information Security
- Internet of Things (IoT)
- Larry Ponemon
- Licensees
- News
- News And Events
- Office of the Comptroller of the Currency (OCC)
- On-site Assessment
- Operational Risk
- Operational Technology (OT)
- Outsourcing
- Pandemic Planning
- Payments
- Payments
- PCI
- PHI
- Ponemon Institute
- Press Release
- Privacy
- Program Tools
- Program Tools
- Public Policy
- Regulations
- Regulatory Compliance
- Regulatory Requirements
- Research And Publications
- Risk
- Risk Assessment
- Risk Compliance
- Risk Management
- Risk Professionals
- Security
- Service Providers
- Shared Assessments
- Shared Assessments Summit
- Standardized Control Assessment (SCA)
- Standardized Information Gathering (SIG)
- Standards
- Supply Chain
- Supply Chain
- Survey
- Third Party Oversight
- Third Party Risk
- Third Party Risk Management
- Tokenization
- Tone at the Top
- Tools & Templates
- Uncategorized
- Vendor Assessment
- Vendor Oversight
- Vendor Risk
- Vendor Risk Management
- Vendor Risk Management Maturity Model (VRMMM)
- Vendor Security
- Virtual Assessment
- Webinar
- White Papers