French Caldwell

A member of the Gartner Blog Network

Entries Categorized as 'Risk Management'


How to Get a Risk Aware Culture and Do It Today

by French Caldwell  |  May 8, 2014  |  3 Comments

A giant planet killing asteroid helps.  Short of that, perhaps losing millions of your customers over a data breach incident.  Actually, neither of those will create a truly risk aware culture.  When the risk probability is 100%, your people will tend to focus on that one risk and ignore those with lower probabilities.  So the [...]

3 Comments »

Category: Risk Management Transparency     Tags: , , ,

The Best Guarantors of Brand and Reputation Are Good People

by French Caldwell  |  May 1, 2014  |  2 Comments

Last week my colleagues Andrew Walls, Stessa Cohen and I published the “Regulated Social Media Survival Guide.”  While not all enterprises have strict regulations that limit how they can use social media, all do have in common the need to manage risk to brand and reputation.  I’ve been at the MetricStream GRC Summit today and [...]

2 Comments »

Category: compliance ethics Risk Management Social Technology     Tags: , , , , , ,

Gartner Dubai Symposium: An Interactive Conversation on Security and Risk Management

by French Caldwell  |  April 8, 2014  |  4 Comments

A couple of months ago, the conference chair for Gartner’s Dubai Symposium, Mary Mesaglio, presented me a challenge.  She said, “French, we need more local content and more security content.  What’s possible?” Having made some trips to the Gulf region in the last year, I’d met some really interesting people and heard some great stories.  [...]

4 Comments »

Category: Cloud Cybersecurity Risk Management     Tags:

#RSAC Buzz — Regulators Raising the Bar on Vendor Risk Management

by French Caldwell  |  February 27, 2014  |  2 Comments

  I went to the RSA conference once  — it was really busy and hearing from my buddies at the front, it’s now busier than ever.  So much for the boycott, eh? A lot of my security buddies are at RSA this week, and are broadcasting the buzz back to the rest of us here [...]

2 Comments »

Category: Cloud compliance Cybersecurity Risk Management Third Party Risk Management Vendor Contracts     Tags: , , ,

A Revolution in GRC Affairs at Gartner (or burning the EGRC mq)

by French Caldwell  |  February 4, 2014  |  3 Comments

Gartner’s coverage of vendors in the GRC marketplace is about to change.  The main reason for the change, as noted in the most recent Enterprise Governance, Risk and Compliance Platforms Magic Quadrant, is that GRC solutions buyers are shifting away from a platform-centric approach to one focused on targeted solutions for specific use cases. A [...]

3 Comments »

Category: Applications compliance GRC IT Governance Risk Management     Tags: , , , ,

To Improve Cloud Security, by 2020, Enterprises Will Fire Senior Managers

by French Caldwell  |  January 17, 2014  |  1 Comment

I came across a survey report last week from security and investigations service firm Stroz-Freiberg that highlights the fundamental tenet of effective compliance and risk management – tone at the top.   The survey of 764 information workers shows that senior managers are the worst offenders when it comes to using personal cloud services to manage [...]

1 Comment »

Category: Cloud compliance IT Governance Risk Management     Tags:

New FFIEC Guidance on Social Media Risk Management Effective Immediately

by French Caldwell  |  December 13, 2013  |  1 Comment

The final guidance from the FFIEC on social media risk management for financial institutions has been promulgated.  It is effective immediately.  As I mentioned earlier this year, regulatory guidance of this sort is not optional. I did a study recently on the public comments for my doctor in law and policy program at Northeastern University– [...]

1 Comment »

Category: Cloud compliance GRC public policy Risk Management Social Technology     Tags: , , ,

GRC Will Be a Performance Platform

by French Caldwell  |  May 1, 2013  |  1 Comment

I just returned from the MetricStream GRC Summit in Las Vegas where I presented a keynote on risk management and performance.  The summit was very well planned, organized, and executed.  The speakers and panel participants talked not just theory but provided practical examples of the benefits and challenges of using GRC technologies to improve their [...]

1 Comment »

Category: GRC Risk Management Uncategorized     Tags:

Compliance and Risk Hiring to Be Hot in 2013

by French Caldwell  |  February 6, 2013  |  Comments Off

Even as the economic recovery gains momentum, risk management and compliance are still growing in importance.  This trend should continue until there is a shift politically and culturally toward deregulation.  In the Gartner CEO survey, regulatory risk was ranked as the number one business risk, and in the Gartner Forbes Board survey, risk management, legal [...]

Comments Off

Category: compliance Legal IT Risk Management     Tags:

Next Up in Financial Services Regulation: Social Media Risk Management

by French Caldwell  |  January 25, 2013  |  1 Comment

I’ve read through new draft guidance from U.S. financial services regulators on the use of social media.  What struck me most is that instead of taking a compliance and control point of view, it talks instead of risks, and the need to ensure that social media risks are included in your risk management program.  That’s [...]

1 Comment »

Category: compliance public policy Risk Management Social Technology     Tags: