Struggling with where to begin with your Information Security Program? Learn how taking a risk-centric approach can help accomplish your goals.
8 Simple Ways to Effectively Launch Your GRC Program
Learn the 8 fundamentals we recommend to establish an effective Enterprise Risk Management process from the ground up, which will set the stage for a successful GRC program rollout.
Using the ISO 27001 Control Framework with SimpleRisk
ISO 27001 has become the most requested framework to use within SimpleRisk. In this blog post you will learn about the different ways you can use their controls with our platform.
5 Reasons Why SimpleRisk is Disrupting the GRC Space
How can a relatively new vendor enter a mature market that has a multitude of established players and, with no outside funding, differentiate itself from the competition to make a global impact? Read on to learn how SimpleRisk is doing just that.
The Massive Benefits of Using a Common Control Framework with Your GRC Program
Struggling with managing compliance across multiple different control frameworks? Learn how a common control framework can help you to simplify your compliance, saving you time and money.
Compliance 101: Back to Basics
Let’s go back to the basics and break down what enterprise compliance is and how you can use it to ensure your organization is conforming with its stated requirements.
These CISOs GRC is Failing Them And I Know Why
Today I attended a CISO roundtable where a number of the attendees talked about their GRC platforms that have taken over a year to "connect all the wires" and they're still in the process of implementing. I know why their GRCs are failing them and there is a better way.
SimpleRisk Free and Open Source vs. Fully Featured Platform
Curious about SimpleRisk’s product offerings and available functionality? Read on to learn about our flexible deployment models – from free and open source to fully-featured GRC platform!
How To: Manage Personnel Changes in SimpleRisk
Explore your options for managing personnel changes in SimpleRisk.
What is GRC-as-a-Service?
SimpleRisk partners with various MSSP providers to give customers a one-stop "GRC-as-a-Service" offering. Learn more about how this works and whether the SimpleRisk GRCaaS platform may be a good fit for your organization.
How SimpleRisk Can Meet Your Custom GRC Requirements
What is the right way to do risk management? We hear this question fairly frequently on calls with prospects and my answer is always the same. There is no "right way" or "wrong way" to do risk management. There's only your way...
Simplifying the NIST Cybersecurity Framework with SimpleRisk
Learn how to use SimpleRisk's Import-Export and Risk Assessment Extras in order to efficiently use the NIST Cybersecurity Framework's controls to assess your organization's risks and perform a control gap analysis.
SimpleRisk Stands Against Hate
At the end of June 2020, a civil rights coalition, which includes the Anti-Defamation League (ADL) and the NAACP, launched the #StopHateforProfit campaign. This campaign calls upon major corporations to put a pause on Facebook advertisements, citing the company's...
SimpleRisk Now Offering Complimentary Risk Management Program Consulting to Customers
As the Information Security Program Owner at National Instruments, a $1.4B global enterprise, I've spent the past ...
How to Use Standards to Assess Your Organization's Cybersecurity Maturity (by SimpleRisk)
On March 29, 2019, Alex Polimeni and I presented at the BSides Austin conference on some of the work we've ...
GRC is Dead, Long Live GRC!
Recently, a friend sent me a blog post by John A. Wheeler of Gartner entitled "What Ever Happened to GRC?". In ...
The Origin of SimpleRisk - A Founder's Story
Every comic book superhero has a story behind them describing how they overcame some form of adversity in ...
