AI notetaker apps take meeting minutes to the next level. But to deliver that convenience, the app owner may allow the tool to do things that matter from a GRC perspective. So, what can financial institutions do about it? Let’s take a closer look.
In February 2026, the Federal Financial Institutions Examination Council (FFIEC) updated their IT Examination Handbook to remove all references to reputation risk. What has changed and what do these updates mean for your financial institution? Let’s take a look.
How can we be prepared for deepfake attacks that look and sound real? In this article, we’ll explore how to train employees to recognize deepfakes quickly, verify unexpected requests, and report suspicious activity before it leads to serious damage.
What counts as an information asset? How do you evaluate risk at the information asset level? If you’ve asked any of those questions, this guide walks you through an asset-based risk assessment approach.
In our recent webinar, Level Up Your Tabletop Exercises, GRC Content Manager Alyssa Pugh walked through practical, experience-based guidance for making tabletops more effective and more valuable.
The Cybersecurity and Infrastructure Security Agency (CISA) published version 2.0 of their Cross-Sector Cybersecurity Performance Goals (CPGs). Let’s take a look at the CPGs and what changed in this latest version.
Smart glasses are being marketed as the next big leap in technology. They are powerful, but also risky when it comes to information security. So, how can you control the risk of wearables?
On September 16, 2025, the National Credit Union Administration (NCUA) announced an update to their Automated Cybersecurity Examination Toolbox (ACET). Here’s an overview of what’s new.
On September 1, 2025, Texas Senate Bill 2610 (SB 2610) went into effect. This new law was designed to support small businesses by creating a legal “safe harbor” for those that proactively adopt strong cybersecurity practices. Here’s what you need to know.
A cybersecurity control self-assessment is a process in which an organization benchmarks its own security practices against established standards. But what does that mean exactly?
Learn the complementary, but distinct differences between a risk assessment and a cybersecurity assessment, and how they both contribute to understanding an organization’s security posture.
