Ten risk management blogs to follow

Published on September 12, 2018

10-blogsTen risk management blogs to follow

Risk management is fascinating in its diversity and complexity. There are all types of risk, including IT, operational, third party, cyber and identity. Risk is also complex and dynamic like the three lines of defense, frameworks, and integrated risk management.

With 2019 only a few months away, it’s a good time to take stock of your risk management program and see where it needs to mature in the year ahead. Fortunately, help is a click away. Many companies involved in risk management give their advice away for free on their blogs.

Here are ten risk management blogs that address many risk areas.

Digital Shadows Blog:

As the world has gone digital, so has risk. Digital Shadows monitors and manages an organization’s digital risk. By following Digital Shadows Blog, you’ll stay current on breaches, cybercrime, hacktivism and more. A Security Analyst Spotlight Series brings the company’s analysts “out of the shadows and into the spotlight.”

EY’s Latest Thinking

EY’s approach to a risk management blog is to package it as Latest Thinking. Topics like teaching AI the value of trust contribute to the discussion about artificial intelligence while “How risk management can turn a crisis into an opportunity” shares the story of a family business decimated by a fire but undaunted.

FAIR Institute Blog

FAIR stands for Factor Analysis of Information Risk. It’s a risk methodology based on analytics and used primarily for cybersecurity and operational risk management. The FAIR Institute blog is lively with frequent posts on a wide range of risk topics like Risk Appetite vs. Risk Tolerance and What Belongs in a Risk Register?

Focal Point Blog

Focal Point is on point with risk, advising companies to shift from “finding and fixing” to thinking and thriving.” The Focal Point Blog is where the company shares its thinking on data risk. Posts excel at straight talk or compare and contrast as one recent post did: Regulation Comparison: The California Consumer Privacy Act and the GDPR.

Gartner Blog Network/John A. Wheeler

Gartner’s John A. Wheeler writes extensively about integrated risk management (IRM) and frequently calls the GRC Era over. Wheeler is best known for being a champion of IRM. And because he’s with Gartner, you benefit from that unique perspective.

GRC 20/20 Blog

GRC 20/20 is a buyer advocate, solution strategist and market evangelist for GRC. It’s the evangelism aspect that makes for interesting blogs written by the GRC Pundit, Michael Rasmussen. Take policy management. In Improving Policies Through Metrics, Rasmussen makes the case that an annual policy review is the best way to address risk.

Lockpath Blog

Lockpath’s blog (what you’re reading right now) focuses on discussions around integrated risk management. Blogs like What is Integrated Risk Management? and Four Keys to Making Risk Meaningful strive to educate. The Risk Roundup series recounts significant events and their risks and ramifications.

OCEG Blog

OCEG is the nonprofit think tank dedicated to driving principled performance and improving GRC. The OCEG Blog tackles major topics and helps center discussion where it needs to be. Recent blogs like Confused by Controls? and Three Ways to Maintain Professional Culture blend practical with professional.

RapidRatings Blog

RapidRatings rates organizations on their financial health, the gateway to understanding a company’s strengths and weaknesses. The RapidRatings Blog covers risk management with financial implications in posts about supply chains, credit risk, market events and more.

Shared Assessments Blog

Shared Assessments is best known for their SIG assessment. But when you want to know more about third-party risk management, swing by the Shared Assessments Blog. You’ll learn a lot about managing third-party risk and its intersection with GDPR and SOC2, as well as topics like The Fraud Implications of Weak Third-Party Risk Management.

That’s our list of 10 blogs focused on risk management with unique viewpoints. It’s a field that continues to grow and transform, all of which makes for fascinating blog reading.

 

 

 

Related Articles:

NYDFS Cybersecurity Regulation Isn’t Just a Phase

NYDFS Cybersecurity Regulation Isn’t Just a Phase

The New York Department of Financial Services (NYDFS) Cybersecurity Regulation was a first-in-the-nation cybersecurity regulation when it became effective on January 1, 2017. It was big news then, and it’s big news now.