When a lost deal with the world’s largest healthcare company revealed a critical gap in SimpleRisk’s compliance posture, it set us on an 18-month journey to achieve ISO 27001 certification. From assessing our maturity and closing governance gaps to leveraging AI and tackling a rigorous third-party audit, we turned a challenge into an opportunity to enhance our operations and platform.
Revolutionizing Risk Management with SimpleRisk: A GRC 20/20 Perspective
In today’s complex business world, managing risks and compliance shouldn’t feel chaotic. Discover how SimpleRisk, as highlighted by Michael Rasmussen, the "Godfather of GRC," streamlines governance, risk, and compliance with efficiency and agility. Learn why organizations are switching to this game-changing platform in our latest blog post!
Certified in 18 Months: Lessons from SimpleRisk’s ISO 27001 Journey
On September 26, 2024, SimpleRisk proudly earned its ISO 27001 certification after a focused 18-month effort to refine security practices and address control requirements. Despite personal hurdles, their journey highlights how dedication and the right tools make ambitious compliance goals achievable.
Demystifying Residual Risk: The SimpleRisk Approach to Smarter Risk Management
Ever wondered how to truly gauge the effectiveness of your risk mitigation efforts? Learn how we transform complex risk assessments into actionable insights, helping you prioritize resources and make informed decisions. From home security analogies to cutting-edge GRC practices, this post will revolutionize your understanding of risk reduction.
7 Strategies to Mature Your GRC Program
Check out this guest blog from Michael Rasmussen of GRC 20/20 to learn about seven strategies to mature your existing GRC program for enhanced efficiency and effectiveness.
6 Ways to Create a Repeatable, Scalable Compliance Program
Check out this guest blog from Michael Rasmussen of GRC 20/20 to learn about six core elements required to craft compliance programs that meet current standards and are adaptable and scalable to meet future compliance challenges and opportunities.
8 Simple Ways to Effectively Launch Your GRC Program
Learn the 8 fundamentals we recommend to establish an effective Enterprise Risk Management process from the ground up, which will set the stage for a successful GRC program rollout.
The Right and Wrong Way to Assess Third-Party Risk
In this post, SimpleRisk's Founder and CEO walks us through the different approaches to assessing and managing third-party risks.
Responding to Inbound Risk Assessments with SimpleRisk
Learn how to use our Risk Assessment Extra to manage inbound assessments within SimpleRisk. Create a repeatable process without purchasing a separate tool.
How To Calculate Inherent vs. Residual Risk
Learn how to minimize the level of effort required to track a risk’s progress over time and how to measure the effectiveness of your risk mitigation.
These CISOs GRC is Failing Them And I Know Why
Today I attended a CISO roundtable where a number of the attendees talked about their GRC platforms that have taken over a year to "connect all the wires" and they're still in the process of implementing. I know why their GRCs are failing them and there is a better way.
Risk Management 101: Back to Basics
Let’s go back to the basics and break down what enterprise risk management is and how you can use it to mitigate the risks that threaten your organization.
What is GRC-as-a-Service?
SimpleRisk partners with various MSSP providers to give customers a one-stop "GRC-as-a-Service" offering. Learn more about how this works and whether the SimpleRisk GRCaaS platform may be a good fit for your organization.
How SimpleRisk Can Meet Your Custom GRC Requirements
What is the right way to do risk management? We hear this question fairly frequently on calls with prospects and my answer is always the same. There is no "right way" or "wrong way" to do risk management. There's only your way...
The OWASP Risk Rating Methodology and SimpleRisk
Over the years, we've received a number of inquiries about the OWASP Risk Rating Methdology with some contention around how we have integrated it into SimpleRisk. Some have questioned how SimpleRisk reaches its final risk score while others have pointed to differences in the Skill Level values. Let's delve into this...
Normalizing Risk Scoring Across Different Methodologies
If the "textbook" definition of risk scoring is Risk = Likelihood x Impact, then a Severe (5) impact and an Almost Certain (5) likelihood should have a score of 25, right? The answer isn't quite so simple...
Simplifying the NIST Cybersecurity Framework with SimpleRisk
Learn how to use SimpleRisk's Import-Export and Risk Assessment Extras in order to efficiently use the NIST Cybersecurity Framework's controls to assess your organization's risks and perform a control gap analysis.
SimpleRisk Stands Against Hate
At the end of June 2020, a civil rights coalition, which includes the Anti-Defamation League (ADL) and the NAACP, launched the #StopHateforProfit campaign. This campaign calls upon major corporations to put a pause on Facebook advertisements, citing the company's...
Risk Management for Dummies
Today I had a really interesting conversation with a guy from Japan via LinkedIn. It started with him trying to sell me...
The Security of Open Source vs Closed Source Software
When I first released SimpleRisk as a free tool back in March of 2013, I decided to license it under the open source ...
SimpleRisk On-Premise or Hosted - Which Deployment Model is Right for You?
As the Information Security Program Owner at National Instruments, I spent years contemplating the answer to a ...
What features do you want to see added to SimpleRisk?
Back in 2013, when I first started working on SimpleRisk in my spare time on nights and weekends, I started using a ...
SimpleRisk Founder Josh Sokol Featured on Dialed In With Kyle Burt
Last week I was invited to participate in Kyle Burt's live podcast featuring leaders in tech and business called ...
There is Nothing Simple About FAIR
Currently, SimpleRisk supports six different risk scoring methods. We have Classic Risk, which is the likelihood ...
How to Perform Risk Assessments (with SimpleRisk)
This is just a short (1 minute) animated video explaining some of the capabilities around performing internal and ...
How to Manage the Evolving Risk of Bluekeep (with SimpleRisk)
Unless you've been hiding under a rock for the past three weeks, you're probably familiar with CVE-2019-0708, also ...
Assessing Vendor Security Risks (with SimpleRisk)
As a CISO for a large enterprise, many times my first engagement with members of our internal teams was when ...
Quickly Customize Your Risk Management Program (using SimpleRisk.com)
When I first released SimpleRisk as a free and open source risk management tool at the BSides Austin conference...
How to Use Standards to Assess Your Organization's Cybersecurity Maturity (by SimpleRisk)
On March 29, 2019, Alex Polimeni and I presented at the BSides Austin conference on some of the work we've ...
GRC is Dead, Long Live GRC!
Recently, a friend sent me a blog post by John A. Wheeler of Gartner entitled "What Ever Happened to GRC?". In ...
Should Vulnerabilities and Risks be Managed in the Same Place?
While the distinctions between vulnerabilities versus risks has been widely documented in various forums, we ...
Pricing Integrity and Why We Won't Play the Pricing Games
Before starting SimpleRisk, I sat in the CISO chair, on the other side of the negotiating table. I learned the tricks ...
Why Management Doesn't Understand Your Security Woes
Has the number of security issues you deal with on a routine basis ever made you feel a bit like Atlas carrying the ...
What do Role Playing and Risk Management have in common?
A couple of weeks ago I participated in a CISO Summit with a focus on the topics of Security Visibility and Incident ...
How Does an Asset's Value Affect Your Risk?
Any CISSP will tell you that the way to calculate risk is by taking the likelihood and multiplying it by the impact...
