ISO 27001 Compliance in 18 Months
When a lost deal with the world’s largest healthcare company revealed a critical gap in SimpleRisk’s compliance posture, it set us on an 18-month journey to achieve ISO 27001 certification. From assessing our maturity and closing governance gaps to leveraging AI and tackling a rigorous third-party audit, we turned a challenge into an opportunity to enhance our operations and platform.
Revolutionizing Risk Management with SimpleRisk: A GRC 20/20 Perspective
In today’s complex business world, managing risks and compliance shouldn’t feel chaotic. Discover how SimpleRisk, as highlighted by Michael Rasmussen, the "Godfather of GRC," streamlines governance, risk, and compliance with efficiency and agility. Learn why organizations are switching to this game-changing platform in our latest blog post!
Your GRC, Your Way: Introducing SimpleRisk’s Flexible Pricing Model
Ready to take control of your GRC strategy like never before? SimpleRisk's new pricing model eliminates confusion, aligns functionality with your needs, and brings transparency to both On-Premise and Hosted deployments. Explore custom packages, automatic discounts, and our intuitive Pricing Configurator—making your GRC journey truly simple.
What's New With SimpleRisk 20240819-001 Release
About the SimpleRisk 20240726-001 Release
Learn about the latest SimpleRisk release, featuring the new user interface, from SimpleRisk Founder and CEO, Josh Sokol.
What's New With SimpleRisk 20240603-001 Release
What's New With SimpleRisk 20240318-001 Release
What's New With SimpleRisk 20240315-001 Release
"How to Model Security Maturity in Your Organization" Webinar Recap
Check out this recap of the webinar, "How to Model Security Maturity in Your Organization," co-hosted by SimpleRisk and GRC 20/20. This webinar helped equip participants with a clear roadmap on how to establish a security maturity baseline within their own organizations, create a desired state of maturity, and identify where gaps exist in order to achieve their objectives.
What's New With SimpleRisk 20240205-001 Release
What's New With SimpleRisk 20240102-001 Release
What's New With SimpleRisk 20231103-001 Release
What's New With SimpleRisk 20231006-001 Release
What's New With SimpleRisk 20230331-001 Release
What's New With SimpleRisk 20230106-001 Release
What's New With SimpleRisk 20221013-001 Release
What's New With SimpleRisk 20220909-001 Release
What's New With SimpleRisk 20220823-001 Release
Responding to Inbound Risk Assessments with SimpleRisk
Learn how to use our Risk Assessment Extra to manage inbound assessments within SimpleRisk. Create a repeatable process without purchasing a separate tool.
What's New With SimpleRisk 20220701-001 Release
5 Reasons Why SimpleRisk is Disrupting the GRC Space
How can a relatively new vendor enter a mature market that has a multitude of established players and, with no outside funding, differentiate itself from the competition to make a global impact? Read on to learn how SimpleRisk is doing just that.
What's New With SimpleRisk 20220527-001 Release
What's new with the SimpleRisk 20220401-001 release?
What's new with the SimpleRisk 20220306-001 release?
What's new with the SimpleRisk 20220122-001 release?
What's new with the SimpleRisk 20211230-001 release?
What's new with the SimpleRisk 20211115-001 release?
What's new with the SimpleRisk 20211027-001 release?
What's new with the SimpleRisk 20211010-001 release?
The Impact of the Apache log4j Vulnerability (CVE-2021-44228) on SimpleRisk
SimpleRisk has assessed our risk against the Apache Log4j vulnerability and determined that no customers deployed with our standard deployment instructions, regardless of On-Premise or Hosted environment, should be impacted by this vulnerability.
These CISOs GRC is Failing Them And I Know Why
Today I attended a CISO roundtable where a number of the attendees talked about their GRC platforms that have taken over a year to "connect all the wires" and they're still in the process of implementing. I know why their GRCs are failing them and there is a better way.
SimpleRisk Free and Open Source vs. Fully Featured Platform
Curious about SimpleRisk’s product offerings and available functionality? Read on to learn about our flexible deployment models – from free and open source to fully-featured GRC platform!
Why SimpleRisk Doesn’t Require Professional Services
This blog details how our approach varies from that of our competitor’s and how we ensure customer success without including professional services in our pricing model.
How To: Manage Personnel Changes in SimpleRisk
Explore your options for managing personnel changes in SimpleRisk.
What is GRC-as-a-Service?
SimpleRisk partners with various MSSP providers to give customers a one-stop "GRC-as-a-Service" offering. Learn more about how this works and whether the SimpleRisk GRCaaS platform may be a good fit for your organization.
What's new with the SimpleRisk 20210930-001 release?
What's new with the SimpleRisk 20210625-001, 20210630-001 and 20210713-001 releases?
What's new with the SimpleRisk 20210305-001 release?
The OWASP Risk Rating Methodology and SimpleRisk
Over the years, we've received a number of inquiries about the OWASP Risk Rating Methdology with some contention around how we have integrated it into SimpleRisk. Some have questioned how SimpleRisk reaches its final risk score while others have pointed to differences in the Skill Level values. Let's delve into this...
Normalizing Risk Scoring Across Different Methodologies
If the "textbook" definition of risk scoring is Risk = Likelihood x Impact, then a Severe (5) impact and an Almost Certain (5) likelihood should have a score of 25, right? The answer isn't quite so simple...
What's new with the SimpleRisk 20210121-001 release?
What's new with the SimpleRisk 20201123-001 release?
What's new with the SimpleRisk 20201106-001 release?
Simplifying the NIST Cybersecurity Framework with SimpleRisk
Learn how to use SimpleRisk's Import-Export and Risk Assessment Extras in order to efficiently use the NIST Cybersecurity Framework's controls to assess your organization's risks and perform a control gap analysis.
The SimpleRisk 20180104-001 Release and The Future Direction of SimpleRisk
The SimpleRisk 20180301-001 Release and the Risk Assessment Extra
What's new with the SimpleRisk 20190630-001 release?
What's new with the SimpleRisk 20190930-001 release?
What's new with the SimpleRisk 20191130-001 release?
What's new with the SimpleRisk 20200328-001 and 20200401-001 releases?
What's new with the SimpleRisk 20200711-001 release?
What's new with the SimpleRisk 20201005-001 release?
SimpleRisk Stands Against Hate
At the end of June 2020, a civil rights coalition, which includes the Anti-Defamation League (ADL) and the NAACP, launched the #StopHateforProfit campaign. This campaign calls upon major corporations to put a pause on Facebook advertisements, citing the company's...
Risk Management for Dummies
Today I had a really interesting conversation with a guy from Japan via LinkedIn. It started with him trying to sell me...
The Security of Open Source vs Closed Source Software
When I first released SimpleRisk as a free tool back in March of 2013, I decided to license it under the open source ...
SimpleRisk's Plan for COVID-19
I've been avoiding sending out an e-mail about this since I know you all have already been inundated by e-mails ...
SimpleRisk On-Premise or Hosted - Which Deployment Model is Right for You?
As the Information Security Program Owner at National Instruments, I spent years contemplating the answer to a ...
What features do you want to see added to SimpleRisk?
Back in 2013, when I first started working on SimpleRisk in my spare time on nights and weekends, I started using a ...
SimpleRisk Founder Josh Sokol Featured on Dialed In With Kyle Burt
Last week I was invited to participate in Kyle Burt's live podcast featuring leaders in tech and business called ...
There is Nothing Simple About FAIR
Currently, SimpleRisk supports six different risk scoring methods. We have Classic Risk, which is the likelihood ...
How to Perform Risk Assessments (with SimpleRisk)
This is just a short (1 minute) animated video explaining some of the capabilities around performing internal and ...
How to Manage the Evolving Risk of Bluekeep (with SimpleRisk)
Unless you've been hiding under a rock for the past three weeks, you're probably familiar with CVE-2019-0708, also ...
Assessing Vendor Security Risks (with SimpleRisk)
As a CISO for a large enterprise, many times my first engagement with members of our internal teams was when ...
Quickly Customize Your Risk Management Program (using SimpleRisk.com)
When I first released SimpleRisk as a free and open source risk management tool at the BSides Austin conference...
How to Use Standards to Assess Your Organization's Cybersecurity Maturity (by SimpleRisk)
On March 29, 2019, Alex Polimeni and I presented at the BSides Austin conference on some of the work we've ...
GRC is Dead, Long Live GRC!
Recently, a friend sent me a blog post by John A. Wheeler of Gartner entitled "What Ever Happened to GRC?". In ...
Should Vulnerabilities and Risks be Managed in the Same Place?
While the distinctions between vulnerabilities versus risks has been widely documented in various forums, we ...
Pricing Integrity and Why We Won't Play the Pricing Games
Before starting SimpleRisk, I sat in the CISO chair, on the other side of the negotiating table. I learned the tricks ...
How Does an Asset's Value Affect Your Risk?
Any CISSP will tell you that the way to calculate risk is by taking the likelihood and multiplying it by the impact...
The Origin of SimpleRisk - A Founder's Story
Every comic book superhero has a story behind them describing how they overcame some form of adversity in ...