Mercury Risk and Compliance, Inc.

Love this visual from our #CISO, Matthew Rosenquist - conveys the messaging around prioritization, strengths, weaknesses, and opportunities all in the same vista! #grc #cybersecurity #grc #riskmanagement #crq

Come and join Grace Beason and Gavin Anthony Grounds today at ISACA GRC 2024, with #IIA. Monday 12 August from 1:45 – 2:45 p.m. in Lone Star F, Level 3 Learn how to leverage automation, machine learning, and #AI models to address complex #GRC requirements whilst simultaneously driving efficiency, improving accuracy and maintaining privacy. Join us later at Booth 212 and catch up with Matthew Rosenquist (#CISO) and Allen Wuescher (#CIO)

Very excited to see Gavin Anthony Grounds, Grace Beason, Supra Appikonda, and Susan Palm sharing the stage on this one! Join them on this insightful webinar to get some real-world experiences and knowledge on how to effectively and efficiently map and verify compliance, across multiple frameworks and regulatory environments - and how to represent and manage compliance (or the lack of) in the context of Operational Risk. Sign up to join… see you there! #riskmanagement #grc #cisco #risk Mercury Risk and Compliance, Inc. 4CRisk.ai

Agreed that there may be apathy in certain groups, perhaps even consumers and even with Cyber Security professionals... But, it's almost certain that the FCC might care about the number of Regulatory violations for failing to protect Call / SMS records. Many of their Corporate clients will be concerned about potential failures to meet contractual obligations - both in public sector and private sector. Various shareholders and other stakeholders won't be quite so passive as this post implies, about the downstream impacts (actualized risks) of this significant data loss event. The data loss is the OUTCOME, or resulting state. The materialized risk(s) will be the realized consequences of that outcome. Risk = potential Consequence(s). Risk ≠ Likelihood x Impact. Ask AT&T!!! Their impact (consequences) will not be diluted by the previously incorrectly estimated likelihood - because once likelihood = 100% (i.e. the risk materialized), then the Risk(s), or Consequence(s), are 100% realized. No dilution based on a foundationally flawed risk quantification method. #riskmanagement #ciso #crq #riskquantification #groundsrules

If you are in the Austin area tomorrow (July 16th), be sire to look to register and attend this session by Allen Wuescher, hosted by Society for Information Management. This will be as insightful and educational as it will be entertaining. Come and join if you can! #riskmanagement #fraud #cio #crq

Coming off the heels of the Gartner Security & Risk Management Summit, RSA Conference, and our workshop at the GRC Summit 2024 hosted by MetricStream, we are thrilled to announce the arrival of AURORA and A.D.A.M. (Automated Dynamic Asset Mapping). These innovations mark "the dawning of a new day" in Cyber and Technology Risk Management, 3rd-Party Risk Management, and User Risk Management. The integration of Aurora, ACET, and A.D.A.M. offers business-centric decision-making, prioritization, and risk optimization, focusing on driving return-on-risk, rather than solely avoiding losses. This milestone is a significant step in our continuing journey, in collaboration with our clients, partners, and investors. Check out our milestone announcement here... #CISO #GRC #CRQ #RiskManagement #GRCsummit2024 #RSAC2024 #GartnerSummit

Why has there been so much noise and hustle around Cyber Risk Management, Cyber Risk Quantification (#CRQ), Third Party Risk Management (#TPRM) and yet, so little progress and meaningful business return? (Yes, we know there is a small number of anomalies of success and you might be one!.. YOU know and WE know who you are! 😊 ) But the truth is that for the vast majority, building, scaling, and earning measurable business return on these programs is still unattainable. Similarly, with the billions of dollars spent on Cybersecurity, and Risk and Compliance Management programs, breaches and legal / regulatory failures are increasing exponentially. Why? The answer is quite simple. The foundations typically being used for Cyber Risk Quantification, Third Party Risk Quantification and Management, and Compliance Management are fundamentally flawed for these domains. And even worse, throwing automation and AI at a solution where the model and design itself is already flawed, will produce nothing but negative returns. If your Cyber / Technology Risk quantification, Compliance, and Third Party Risk Management models are based solely on loss avoidance, history, manual assessments, likelihood calculations based on regression models (e.g. Monte Carlo simulations), and are essentially based on imagined scenarios, then they will fail - not least of which because they are based on Loss Avoidance instead of Value Protection, Value Development and Return on Risk. If you are available in Baltimore, MD USA on June 17, 2024, join our co-founders, Gavin Anthony Grounds and Grace Beason for an in-person workshop on how to build an effective, value-based, business-centric Risk and Compliance Management program. This is a FREE workshop for anyone attending the GRC Summit 2024, hosted by MetricStream. Register now to secure your spot: https://lnkd.in/g7vx-QM5 If you plan to attend in person and also want some additional (free) time with Gavin and Grace to discuss your plans, ideas, questions, issues, or concerns, use this link to set up some on-site office hours: https://lnkd.in/gPjKw5xF If you can't attend the event, but want to learn more from Gavin and Grace, request a FREE 1:1 briefing here: https://lnkd.in/g2_G4qqg If you want to have a session with Gavin, Grace AND our CISO and Cybersecurity Strategist, Matthew Rosenquist, use this link to find a time: https://lnkd.in/g9bc2ANb Hope you can connect with our team soon! #ciso #riskmanagement #grc #metricstreamgrc

Not “post run risk tips” - just random insights from our CEO, Gavin Anthony Grounds

Why do you even do Cyber Risk Quantification? Why do you NOT do Cyber Risk Quantification? Why do you drive for compliance in Cyber and Technology? Why do you NOT manage compliance well enough? How and why can you address all of these opportunities effectively, delivering business value? Join us for this live, free (NO-SALES-PITCH) educational webinar tomorrow (May 29th) hosted by MetricStream. It will be delivered in a conversational panel discussion style, with live audience participation, by Pat McParland, Grace Beason, and Gavin Anthony Grounds. Click the link below to register. See you there! #ciso #cybersecurity #grc #crq #riskmanagement #compliance