Introduction

The focus of this article is on the application of guidance (ISO 31000, FFIEC, etc.) often resulting in the appearance of compliance resulting from a checkbox perspective rather than actually and actively identifying and managing risk(s) by organizations.

Continue reading →