Governance, Risk, & Compliance
My thoughts, observations, and readings on different facets of GRC.
While the Spotify Wrap for 2024 was underwhelming, the Strava Year in Sport was a pleasant surprise. A few stats: These stats are not completely accurate as they were released mid-Dec. Hoping to continue this with better stats in ’25.
๐๐ฅ๐ฅ ๐๐ฆ๐ฉ๐ฅ๐จ๐ฒ๐๐๐ฌ ๐ฆ๐ฎ๐ฌ๐ญ ๐๐จ๐ฆ๐ฉ๐ฅ๐๐ญ๐ ๐ญ๐ก๐ ๐ฌ๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐ฐ๐๐ซ๐๐ง๐๐ฌ๐ฌ ๐ญ๐ซ๐๐ข๐ง๐ข๐ง๐ ๐ฐ๐ข๐ญ๐ก๐ข๐ง ๐๐ ๐๐๐ฒ๐ฌ ๐จ๐ ๐จ๐ง๐๐จ๐๐ซ๐๐ข๐ง๐ ๐๐ง๐ ๐๐ง๐ง๐ฎ๐๐ฅ๐ฅ๐ฒ ๐ญ๐ก๐๐ซ๐๐๐๐ญ๐๐ซ.Sound familiar? Despite being a hard requirement and many organizations spending thousands of dollars on implementing the Learning Management System (LMS), tracking completion rates, and sometimes enforcing sanctions for not completing the training – this has always been a point…
The best thing you can do as a professional is to have one identity; the worst thing you can do as an individual is to have one identity.
I did not speak a full sentence in English until I was 20, and I am pretty sure the recruiter at HSBC only hired me because I told him my uncle worked there. I did not write my first blog post until Dec 2018 in an effort to make sense of all the InfoSec jargons…
As we enter the new year, many of us will start the annual third-party attestations. Itโs important toย remember that holding a third-party attestation provides a baseline assurance on the effective implementation of management, operational, and technical controls. Compliance demonstrated by a clean SOC 2 report, ISO 27001 certification, HITRUST certification, etc. does not equate to…