Risk or Compliance? I think you mean Risk and Compliance?

 

CyberOne is an end to GRC Saas platform for all-size companies and teams.

Like many of our clients, if you are heading into your audit season or just looking forward to building a stronger, more efficient security program based on the alarming and increasing trend in ransomware attacks and data breaches, then CyberOne can help. CyberOne engages your people, processes, and technology to build a culture of risk. From good governance to understanding your gaps and putting your risk data to work to make decisions that benefit the business, CyberOne is a single source of truth for your company to govern, protect, and build.

When we discuss compliance with our customers, we always encourage you to start the compliance journey by, first, understanding your risks. Before you take your auditor’s IRL and simply build controls against it, first, decide whether your company has risk in that area. Where there is no risk, there is likely no need for a control. By adopting this approach, you can quickly tailor the scope of your audit to what is relevant to your company only. Our clients estimate that this approach has helped reduce audit time and costs by 30%. You can read about what our clients say about us here on Capterra.

You can build your risk register and manage findings from all your different sources – compliance review, vulnerability scans, pen test, audits, assessments, more. Use our API integration with Nexpose, Nessus, Qualys, AWS, Microsoft to pull your data into CyberOne, and push out the workflow with our own automated notification process, or through Slack or Jira (Engineers love us!). Ultimately, you will see how easy it is to scale and build a security governance, risk and compliance program in CyberOne that is based on your company’s priorities, needs, and objectives. And, we have experts to support you every step of the way.

Start today with our free risk assessment. You can choose from ISO 27001, SOC 2, CMMC, or CAIQ. We will send you an assessment and help you build a roadmap to meet your security objectives.

Take our risk assessment here today for free.  

 

Make secure easy, and insecure obvious…  [Credit: A wise customer of CyberOne]

 

Weekends are Free: Get Your SOC 2 Free Readiness Assessment

 

CyberOne is offering a free readiness assessment for SOC 2 Type 1 for Type 2 readiness. Simply click the link below and put SOC 2 in the contact notes, and we will send your free assessment out and (optional) schedule some time to review the results with you and discuss next steps.

FREE SOC 2 Readiness Assessment

Let us support you and automate your SOC 2 Certification process. It’s as easy as one-click and costs as low as $3600/year with no need for expensive consultants.

CyberOne SOC 2 Step by Step Certification Process: (90 days or less to SOC 1 Type 1 and 6-8 Month typical timeframe to SOC 2 Type 2 Certification)

  1. Choose Auditor  – we have direct relationships with auditors who will fit your budget
  2. Define Audit Scope
  3. Control design documentation
  4. Control implementation. Capture up to 6 months audit records.
  5. Internal readiness gap analysis. Fix the gap for the audit
  6. Start the audit. Get audit evidence checklist from auditor
  7. Collect evidence
  8. Document SOC2 Report section 3
  9. Review audit results
  10. Sign audit report & obtain certification

 

The Value of Continuous Monitoring, (or “Come in spreadsheet row number 349, your time is up!)

 

IT WAS A FOOLPROOF PLAN! AREN’T THEY ALL?

It was a marvelous marketing maneuver! The whole company was literally bubbling with excitement. Market share had already sky-rocketed from 4% to 24% by the simple implementation of this beautiful bottle-cap bonanza.  Promotion, pay-rise, praise from all corners seemed inevitable for this, yes call it that which it is, genius plan! Until… It cost $32 billion. That will sure make you burp!

 

$1 MIIIILLLLLIIIIIION  PESOS FOR PEPSI-LOVERS!

You may have heard this story before, especially if you are my age. It’s from the ’90s after all – my formative years! It is the story of, what was indeed, a genius plan by Pepsico to grow its market share in the Philippines with a simple competition – a competition “borrowed” from the pages of Roald Dahl’s Charlie and the Chocolate Factory no less! A simple plan… Collect bottle caps from your “Pepsi” all with a magic number inside and on May 25th, 1992, the grand prize winners will be revealed. The prize? $1 Million (please read like Dr.Evil – an equally apt 90’s reference) shiny pesos, or the equivalent of about only $40,000 at the time. Enough, however, to buy one a rather spanking house in the Philippines or a whole lotta Pepsi, at the very least.

 

“I WON!” “So did I” “And me, too” “And me”!

The country went wild for Pepsi. The success surprised even the Pepsico execs. For an entire year, Pepsi-fever gripped the nation like grandpa gripping Charlie’s Golden Ticket. It was all working out perfectly. It was brilliant, and, it was initially well-executed. Strict implementation processes and security measures were immediately put in place to avoid fraud and any other miscalculations. For example, Pepsico’s suppliers were not allowed to print bottle caps, security codes accompanied bottle caps to eliminate fraud, and Pepsico even took charge of making the only two prize-winning bottle-caps with the magic number “349”. Except, there was a tiny hiccup – pre-burp – due to lack of communication with the supply chain and a teeny-tiny process error that was overlooked and then not monitored internally. Consequently, rather than printing 2 caps,  Pepsico inadvertently created 800,000 prize-winners. It was a happy day in the Philipinnes! Praise Pepsi!

 

Uhhh, yes, well, but, err, yes, err,  it’s tricky, err, and darned unfortunate, err… sorry chaps?

Upon discovery of the error, not too long after the winning number had been announced on national TV, Pepsico, of course, had an “oops my bad” moment and, long story short, riots ensued, lawsuits came forth, Pepsi ran in the streets, and there was a lotta egg-on-the-face. Not to worry, Pepsico managed to survive, though not surprisingly, it is not the drink of choice in the Philippines! I am a Pepsi imbiber to this day, though I am partial to RC Cola when I can get it – Yea! I said it.

 

People, Process, TECHNOLOGY!

The GRC moral of this story? Pepsi suffered from point in time issues all the way down their supply chain. From the initial implementation of this ill-fated marketing plan, key steps in that implementation were clearly not monitored, communicated and-or subsequently addressed. Vendors were unaware that ‘349’ was the magic number – perhaps understandable – but to print 800,000 ‘349 bottle caps’ points to a large breakdown in communication and oversight. As a GRC professional, I can say with some certainty that many of us are practicing one or more of the following: we are still working from spreadsheets; our risk evaluation is de-centralized; our governance oversight is decentralized; we are not continuously monitoring our controls, which also means our risk prioritization and information is out of date, now. The point about security measures is that they are just that… measures. Measures need to be measured, monitored, maintained, at all times.

 

TO SPREADSHEET OR NOT TO SPREADSHEET – THAT IS NOT A QUESTION!

So, should the powers-that-be question your need for a modern GRC solution to centralize, prioritize, and manage all your information from a single pane of glass, you might ask which they prefer? Coke or Pepsi? $32 billion versus $125 per month? And, please share this story with them, but “beware”, you may also want to step back, as this story is likely to cause loud burping!

CyberOne does not spend money on marketing (see article above!) enabling us to provide a cost-efficient full suite, integrated GRC SaaS platform with outstanding training and support for all your security team needs. Starting at $125 per month. Our best marketing campaign is our client’s satisfaction. You can read more about our client satisfaction on Capterra, a Gartner review site. The Power of One begins here.

No bottle caps were harmed in the creation of this article.

This source of this story originally appeared in the LA Times on July 26, 1993.