The human element is considered the weakest element in the security “onion.” How do we understand what our users may or may not be doing to create some level of risk to our cyber environments? Organizations need a way to...

In case you haven’t heard, Internet of Things (IoT) adoption is soaring. This mobilization has cybersecurity and third party risk management implications that are often overlooked. By 2030, McKinsey research projects that IoT applications “could enable $5.5 trillion to $12.6...

During the 1990s, Procurement professionals were at the heart of strategic sourcing initiatives, focusing on reducing costs, enhancing quality, expanding services, and founding organizations like the International Association of Outsourcing Professionals and the Sourcing Industry Group. Composed of buy-side procurement...

As tax season comes to a welcome close (file your returns – or an extension -- by April 18!), a recent spike in phishing attacks camouflaged as official IRS emails reminds us that basic cyber-hygiene, like fundamental third party risk...

Data privacy is a fraught subject in any industry. But in healthcare, the stakes are especially high. Many consumers have made (at least some degree of) peace with trading personal data for the convenience of entertainment offered by their favorite...

Risk practitioners wonder about it: “CTPRP vs. CTPRA? Which certification is right for me?"  Poet Robert Frost wrote about it: “Two roads diverged in a yellow wood…” Major League Baseball player Yogi Berra spoke of it: “When you come to the fork in...

By now we’ve all heard of SaaS (software as a service) and many have heard of IaaS (Infrastructure as a Service), PaaS (Platform as a Service), or the term that contains them all: XaaS (anything as a service). The as-a-Service...

As the war in Ukraine enters its second month, and China implements its most severe lockdown since the CoVID-19 pandemic began, it is imperative that businesses with international operations rethink their scenario planning. The pandemic, followed by the war, has...

As numerous reputable security and analysis organizations continue to weigh the criticality of the recent Spring4Shell (aka: “SpringShell”) vulnerability, Shared Assessments has opted to take a neutral stance as to its prevalence and criticality. Regardless of this, it is crucial...

How to Scope a Custom SIG Questionnaire The video guides you through the creation of a custom SIG scoping template, which is then used to generate a custom SIG questionnaire.   Functionality of the SIG scoping template (more…)

In a recent Fireside Chat presented by Shared Assessments Committees’ Leadership on “Current and Evolving Cyber & Supply Chain Risks,” conversation topics included Conti, CISA, the geopolitics of SWIFT payments, chip shortages, and how the war in Ukraine might influence...

For the past few weeks, a worldwide audience has watched in fear and shock as war unfolds in the streets of Ukraine, causing thousands of casualties and deaths and displacing thousands of people. This is the bloody side of war,...