Insight Search Search Submit Sort by: Relevance Date Search Sort by RelevanceDate Order AscDesc Blogs April 13, 2021 IT Audit’s Perspectives on the Top Technology Risks in Energy & Utilities for 2021 Cybersecurity, Privacy, Data and Resilience Dominate the Top Technology Challenges for Energy and Utilities Organisations. Podcast March 13, 2024 Podcast ǀ Decoding CMMC Compliance for Government Contractor Data In this special edition of the Protiviti Legal Perspectives podcast series, we delve into the complexities of new data protection and cybersecurity government regulations in the defense industry with Alex Alexander W. Major, Partner, McCarter & English and Perry Keating, President of Protiviti Government Services. The Cybersecurity Maturity Model Certification (CMMC) was recently promulgated… Survey February 15, 2024 2024 Top Risks for Chief Financial Officers Chief financial officers (CFOs) have a unique vantage point regarding talent management, one that explains why the ability to attract, develop and retain top talent represents their top risk concern in both 2024 and 2034. Newsletter May 8, 2024 Sharpening the Board’s Focus on M&A Due Diligence Whether an acquisition is a stand-alone, complementary entity or an integration, the due diligence process is undergoing a paradigm shift due to the higher cost of funding and the impact of failed transactions. Boards should expect a more aggressive focus on due diligence.How has the due diligence process changed in recent years? For sure, the complexity of certain topics, such as environmental… Flash Report December 14, 2020 CISA Issues Emergency Directive to Mitigate SolarWinds Orion Code Compromise On December 13, 2020, the Cybersecurity & Infrastructure Security Agency (CISA) issued an emergency directive detailing required action for federal agencies to mitigate the threat of the recently discovered compromise involving SolarWinds® Orion® Network Management products that are currently being exploited by malicious actors. (Read the SolarWinds Security Advisory here.) Given the nature… Whitepaper August 1, 2022 Protecting the Enterprise: How a Well-Designed Security Analytics Programme Can Help The purpose of security analytics in an organisation Security metrics and the analysis of security information can be challenging concepts even for leading organisations. As information security professionals, most of us have been taught that in order to have a mature information security function we must both document and measure the organisation’s security capabilities. If policies are the… Whitepaper June 1, 2022 How can an enterprise use access management to establish a Zero Trust environment? A hybrid RBAC, ABAC and PBAC framework is the best practice approach A strong access management programme is foundational to establishing a Zero Trust environment by using contextual information to continuously validate that users are who they say they are and by restricting user access to necessary resources only. Within the Zero Trust framework, identity governance and risk-based conditional… Whitepaper July 12, 2021 Top 10 pitfalls of an IAM programme In spite of over 20 years of experience as an industry, Identity & Access Management (IAM) programmes continue to struggle — and with good reason. There is a lot that can go wrong with an IAM programme. Lack of funding, treating IAM like a project and not a programme, not having business buy-in, and trying to overly customise packaged software are all examples of significant challenges that… Whitepaper July 13, 2021 How to implement an effective identity management strategy Identity management doesn’t happen overnight; there’s no “Easy” button to press, or magic snap-of-the-fingers instant fix. In fact, identity management has transformed into something far more complex than password authentication and simple security measures. It’s important to understand that jumping into a new technology instantaneously isn’t necessarily the right first step to ensuring a… Video September 3, 2020 Cyber Risk Quantification FAQs Cyber risk quantification (CRQ) uses industry leading and highly vetted probabilistic models to more accurately describe the cyber security and technology-based risks facing an organisation. Tune in to Protiviti's subject matter experts answer 15 frequently asked questions about CRQ. Load More