• New NIST Cybersecurity Framework

    In February 2014, the NIST Cybersecurity Framework was introduced as a response to Executive Order 16363, ordered by President Obama in 2013. The Executive Order was a White House initiative to improve cybersecurity of critical infrastructure by developing a framework which incorporates a consensus of industry standards and best practices.
  • De-risking strategies in pension plans

    De-risking strategies in pension plans are currently much discussed by corporate management and pension plan fiduciaries. These strategies may include adopting a liability driven investment (LDI) strategy or purchasing participating annuity contracts (buy-in contracts) on the asset side to decrease volatility and manage cash flow.
  • Manage mobile device risks holistically

    Mobile devices transform the way your organization serves customers and generates business, as well as communicates with your employees and stakeholders. These same devices bring new and increased risks to your organization’s data, competitive advantage/intellectual property, and reputation. Managing these risks requires a holistic approach, which goes beyond just securing the software on a device.
  • Risk governance: What to expect

    For years, risk governance meant risk management, with a relatively narrow focus on specific areas: loans, legal, and possibly IT. Then, everything went sideways in 2008-2009, and regulators saw the need for a more proactive, comprehensive risk governance strategy. Within the past five years, new rules and guidelines have begun changing the flaws regulators could see boards of directors were not engaged at the right level; board members and executives weren’t getting the right information to make informed decisions; and management didn’t have tools in place to facilitate a timely and comprehensive analysis of overall risk.