A security message from HRH the Queen on Independence Day

 

All freedom comes at a price. Good security helps maintain freedom by protecting your company from exposure to an increasingly threatening landscape. Help keep we pesky Brits and other “ne-er-do-wells” from invading (again) your systems and networks this coming Independence Day weekend.

 

It’s all about getting the Crown Jewels without paying a Queen’s ransom!

 
As you launch your search, here’s a quick, totally unbiased, summary of the capabilities you should require from your tool:
  1. Policy Management: Can you write, review, update and communicate policies and connect them to your internal controls and regulatory requirements?
  2. Asset Management: Can you attach controls to specific assets and monitor those assets in your tool?
  3. Control Management: Can you work with multiple regulations and consolidate your internal controls to meet multiple requirements?
  4. Evidence Collection: Can you automate evidence collection and use one piece of evidence to meet many controls?
  5. Control tests: can you validate evidence and create reports that demonstrate validation by control and assets?
  6. Issue Management: Can you create findings from findings, as well as view, prioritize and mitigate findings (corrective actions, issues) form all areas of the business (compliance review, vulnerability scans, vendor review, internal audit, etc.)
  7. Risk Management: Can you define risk metrics and objectives, and cascade risk > threat > issue > incident > controls > assets to understand for a comprehensive understanding of your risk and compliance status and environment?
  8. Data application: Can you take that data and apply it to organizational strategy?

 

CyberOne is cloud-based GRC automation. We bring governance, compliance, and risk together with purpose. If you are ready to go beyond the checkbox, reach out to CyberOne and we will tell you more.

See what HRH and our clients say about CyberOne here:

    

Completely unbiased advice for how to select the right GRC Tool

 

Do you need Compliance Certification? Does your soul begin to resemble a spreadsheet? Do you need a GRC tool? Do you think you only need a compliance tool? Do you know the difference?

It’s all about getting the Crown Jewels without paying a Queen’s ransom!

As you launch your search, here’s a quick, totally unbiased, summary of the capabilities you should require from your tool:
  1. Policy Management: Can you write, review, update and communicate policies and connect them to your internal controls and regulatory requirements?
  2. Asset Management: Can you attach controls to specific assets and monitor those assets in your tool?
  3. Control Management: Can you work with multiple regulations and consolidate your internal controls to meet multiple requirements?
  4. Evidence Collection: Can you automate evidence collection and use one piece of evidence to meet many controls?
  5. Control tests: can you validate evidence and create reports that demonstrate validation by control and assets?
  6. Issue Management: Can you create findings from findings, as well as view, prioritize and mitigate findings (corrective actions, issues) form all areas of the business (compliance review, vulnerability scans, vendor review, internal audit, etc.)
  7. Risk Management: Can you define risk metrics and objectives, and cascade risk > threat > issue > incident > controls > assets to understand for a comprehensive understanding of your risk and compliance status and environment?
  8. Data application: Can you take that data and apply it to organizational strategy?

CyberOne is cloud-based GRC automation. We bring governance, compliance, and risk together with purpose. If you are ready to go beyond the checkbox, reach out to CyberOne and we will tell you more.

See what our clients say about CyberOne here:

The Value of Continuous Monitoring, (or “Come in spreadsheet row number 349, your time is up!)

 

IT WAS A FOOLPROOF PLAN! AREN’T THEY ALL?

It was a marvelous marketing maneuver! The whole company was literally bubbling with excitement. Market share had already sky-rocketed from 4% to 24% by the simple implementation of this beautiful bottle-cap bonanza.  Promotion, pay-rise, praise from all corners seemed inevitable for this, yes call it that which it is, genius plan! Until… It cost $32 billion. That will sure make you burp!

 

$1 MIIIILLLLLIIIIIION  PESOS FOR PEPSI-LOVERS!

You may have heard this story before, especially if you are my age. It’s from the ’90s after all – my formative years! It is the story of, what was indeed, a genius plan by Pepsico to grow its market share in the Philippines with a simple competition – a competition “borrowed” from the pages of Roald Dahl’s Charlie and the Chocolate Factory no less! A simple plan… Collect bottle caps from your “Pepsi” all with a magic number inside and on May 25th, 1992, the grand prize winners will be revealed. The prize? $1 Million (please read like Dr.Evil – an equally apt 90’s reference) shiny pesos, or the equivalent of about only $40,000 at the time. Enough, however, to buy one a rather spanking house in the Philippines or a whole lotta Pepsi, at the very least.

 

“I WON!” “So did I” “And me, too” “And me”!

The country went wild for Pepsi. The success surprised even the Pepsico execs. For an entire year, Pepsi-fever gripped the nation like grandpa gripping Charlie’s Golden Ticket. It was all working out perfectly. It was brilliant, and, it was initially well-executed. Strict implementation processes and security measures were immediately put in place to avoid fraud and any other miscalculations. For example, Pepsico’s suppliers were not allowed to print bottle caps, security codes accompanied bottle caps to eliminate fraud, and Pepsico even took charge of making the only two prize-winning bottle-caps with the magic number “349”. Except, there was a tiny hiccup – pre-burp – due to lack of communication with the supply chain and a teeny-tiny process error that was overlooked and then not monitored internally. Consequently, rather than printing 2 caps,  Pepsico inadvertently created 800,000 prize-winners. It was a happy day in the Philipinnes! Praise Pepsi!

 

Uhhh, yes, well, but, err, yes, err,  it’s tricky, err, and darned unfortunate, err… sorry chaps?

Upon discovery of the error, not too long after the winning number had been announced on national TV, Pepsico, of course, had an “oops my bad” moment and, long story short, riots ensued, lawsuits came forth, Pepsi ran in the streets, and there was a lotta egg-on-the-face. Not to worry, Pepsico managed to survive, though not surprisingly, it is not the drink of choice in the Philippines! I am a Pepsi imbiber to this day, though I am partial to RC Cola when I can get it – Yea! I said it.

 

People, Process, TECHNOLOGY!

The GRC moral of this story? Pepsi suffered from point in time issues all the way down their supply chain. From the initial implementation of this ill-fated marketing plan, key steps in that implementation were clearly not monitored, communicated and-or subsequently addressed. Vendors were unaware that ‘349’ was the magic number – perhaps understandable – but to print 800,000 ‘349 bottle caps’ points to a large breakdown in communication and oversight. As a GRC professional, I can say with some certainty that many of us are practicing one or more of the following: we are still working from spreadsheets; our risk evaluation is de-centralized; our governance oversight is decentralized; we are not continuously monitoring our controls, which also means our risk prioritization and information is out of date, now. The point about security measures is that they are just that… measures. Measures need to be measured, monitored, maintained, at all times.

 

TO SPREADSHEET OR NOT TO SPREADSHEET – THAT IS NOT A QUESTION!

So, should the powers-that-be question your need for a modern GRC solution to centralize, prioritize, and manage all your information from a single pane of glass, you might ask which they prefer? Coke or Pepsi? $32 billion versus $125 per month? And, please share this story with them, but “beware”, you may also want to step back, as this story is likely to cause loud burping!

CyberOne does not spend money on marketing (see article above!) enabling us to provide a cost-efficient full suite, integrated GRC SaaS platform with outstanding training and support for all your security team needs. Starting at $125 per month. Our best marketing campaign is our client’s satisfaction. You can read more about our client satisfaction on Capterra, a Gartner review site. The Power of One begins here.

No bottle caps were harmed in the creation of this article.

This source of this story originally appeared in the LA Times on July 26, 1993.

Security-Focused Strategies

On Monday, Microsoft TEAMS app crashed in Europe, driven by an overwhelming number of employees working from home, highlighting the real challenges that companies and employees will face as new work rules go into effect.  Today, we are noticing certain applications being supercharged! Our Salesforce APIs are at lightning speed (pardon the pun!).  

As new guidelines are published almost by the minute to stem the rising tide of COVID-19, one single, unified opinion is that we should avoid unification and ‘stay home’! 

Now is a great opportunity to use these expert guidelines to update your business continuity plans

Many, if not most, corporations have been quick to respond or by now, required by local government to shut down and allow employees to work from home. Bravo! Protect your people first. Here are some of the things to prepare for from a company and employee perspective. 

Checklist for management:

  • CEOs and leaders should be sending communication to customers and employees with their guidance during times of uncertainty for the company. Take care of your people by keeping them informed, safe and define emergency fund allocation
  • Review your telecommuting policy and procedures. Provide flexible work hours to enable employees to find quiet moments to work, and, in the reality of this situation, to give them the time to prioritize family, safety and health
  • Check and implement operation and infrastructure support for remote productivity. This includes software licenses to your critical applications like VPN, Zoom conferencing, GitHub, and Slack services for collaboration and others. Paramount, make sure your security controls are operating to protect from defensive and offensive threats to your logical assets

Checklist for individuals:

  • Review and address your logical and physical workspace obstacles. You may be used to a shared workspace at the office in today’s plug and play world, but sharing a kitchen table with the kids and the cats is an entirely different experience 
  • Talk to your manager to set expectations for your performance measures. Let your manager know what you need to be effective
  • Communicate with your customer and co-workers to offer support and be helpful. Make yourself resourceful. Be helpful. Working remotely may feel isolating. This is normal. Connecting with people globally through different platforms is our new way of life!

About Us

CyberOne provides SaaS for end to end Governance, Risk, and Compliance, including content libraries, workflow and templates for self-serve compliance programs. Our expertise is an extension of your team. Our technology is a powerful risk and compliance platform for any size company. Learn more at www.cb1security.com.