Comment

Automate or Fail: Scaling Third Party Risk Management

We delve into the necessity of automating third-party risk management processes to handle the complexity and scale of today's cyber threats effectively. Craig shares insights on the challenges organizations face, the evolution of risk management strategies over the past decade, and the crucial role of cutting-edge technologies in enhancing security frameworks.

Comment

Comment

Third Party Risk Management and Cyber Security

Craig Callé talks about third party risk management (TPRM), with an emphasis on cybersecurity. TPRM is a subset of Governance Risk and Compliance (GRC), which aims to help organizations achieve their objectives, address uncertainties, and act with integrity. TPRM is crucial as over half of all data breaches occur through insecure third parties. Companies need to understand their third party relationships and monitor them more carefully, which requires a variety of tools and processes. Craig explains that TPRM can cover a variety of risks, including cybersecurity, but also financial viability, compliance with privacy, sanctions and other regulations, reputation management, supply chain issues, and alignment of ESG and sustainability objectives.

Comment

Contemplating Counterparty Risk Management Across the Organization

Are weak third parties affecting the safety of your organization? In today’s podcast, Host Craig Jeffery talks with Craig Callé, CEO of Source Callé, about navigating third-party risk with real-world examples. The dialogue covers requirements and inefficiency, as well as the vision for the next ten years.

The Rise of Vendor Risk Management

Full article published in GRC Outlook

Vendor risk management (VRM) is getting increasing attention at almost every company because the dependencies on third parties need to be better scrutinized.  Not surprisingly, VRM programs typically focus, often exclusively, on data security.  However, VRM is integral to other aspects of supply chain resilience, including privacy compliance, financial viability, ESG and sustainability practices, sanctions compliance, brand threats (e.g., labor practices), vendor concentration, geopolitical risk, shipping delays owing to extreme weather and inaccessible routes and ports, and dislocations attributable to n-tier dependencies.

What Good Looks Like in Cybersecurity

Full article published in CFO Magazine

We live in insecure times, and it’s not for lack of trying to develop effective cyber defenses. Naturally, C-level executives want to know what good looks like and how to measure it. Penetration tests, internal vulnerability scans, and IT control checklists remain go-to tactics, but a new generation of tools is taking things to the next level.

Stand Up Straight: A Proper Posture on Cyber Security

Discrete actions to protect the organization against cyber security threats are necessary. In order to be most effective an organization must take an appropriate posture that is directed to their entire operation. The entire operation includes the perimeter, interior and off-premises data and system. The IoT (internet of things) can’t be ignored as it sits within this domain.

Craig Jeffery, Strategic Treasurer’s managing partner, continues the conversation with Craig Calle a former banker and CFO now founder of the security firm SourceCalle. This session builds upon their first podcast called: Understanding the 2nd chapter of the cloud. This podcast title is: Security: Standing Up Straight – Achieving a Proper Cyber Security Posture.

Comment

Security: Understanding the 2nd Chapter of the Cloud

The movement of functionality and services to the cloud has been underway for over a decade. It began with sales management and has extended to every area of the corporate world. This has created an opportunity for better services to become available to more companies. At the same time, the challenges that are raised need to be addressed. These include issues of data protection in all domains and understanding that security must extend beyond the internal data center.

Development of new services and functions create change which must be managed. As we are deep into the second chapter of the cloud, how do we adapt properly?

If PII and other secure data is outside the organization, how do IT and treasury ensure this asset is protected at all times and in all locations?

If the promise of the cloud is the democratization of technology, what is the danger of shadow-IT (nearly everyone adding applications or services to the company platform without any vetting)? What needs to be done?

Craig Jeffery, the Managing Partner of Strategic Treasurer discusses these topics with Craig Callé, founder of the security firm SourceCallé and a former CFO of Amazon Digital Services and other companies.

Comment

Correcting Wall Street’s Cyber Blind Spot

Full article published in CFO Magazine

Investment bankers and their clients have a blind spot when it comes to information technology (IT) issues. Deal teams can be intimidated by technical concepts, leaving them to IT specialists who get involved late in the process, often after a deal closes. They also can understate the significance of IT as a valuation driver, despite news headlines about company-crippling hacks.

Cyber Ratings Services Can Help Thwart Hackers

Full article published in CFO Magazine

We learn about data breaches almost every day, and the first-line victims range from large, seemingly sophisticated companies to the local dentist’s office. Our ability to assess and understand a company’s cyber hygiene has been fairly limited, so knowing who’s safe has been a guessing game — until now.