French Caldwell

A member of the Gartner Blog Network

Entries Tagged as 'Risk Management'


How to Get a Risk Aware Culture and Do It Today

by French Caldwell  |  May 8, 2014  |  3 Comments

A giant planet killing asteroid helps.  Short of that, perhaps losing millions of your customers over a data breach incident.  Actually, neither of those will create a truly risk aware culture.  When the risk probability is 100%, your people will tend to focus on that one risk and ignore those with lower probabilities.  So the [...]

3 Comments »

Category: Risk Management Transparency     Tags: , , ,

The Best Guarantors of Brand and Reputation Are Good People

by French Caldwell  |  May 1, 2014  |  2 Comments

Last week my colleagues Andrew Walls, Stessa Cohen and I published the “Regulated Social Media Survival Guide.”  While not all enterprises have strict regulations that limit how they can use social media, all do have in common the need to manage risk to brand and reputation.  I’ve been at the MetricStream GRC Summit today and [...]

2 Comments »

Category: compliance ethics Risk Management Social Technology     Tags: , , , , , ,

Hey, Corporate Director, Who’s Your CISO?

by French Caldwell  |  March 7, 2014  |  3 Comments

I’ve spoken to a few corporate boards on IT governance and risk management, and I’ve one question that I always ask — but first let me clarify this Target CISO tweet with my twitter handle on it. In an internal Gartner e-mail thread about the Target CIO resigning, I added some irony, writing:  “Another good [...]

3 Comments »

Category: Cybersecurity IT Governance     Tags: , , , ,

A Revolution in GRC Affairs at Gartner (or burning the EGRC mq)

by French Caldwell  |  February 4, 2014  |  3 Comments

Gartner’s coverage of vendors in the GRC marketplace is about to change.  The main reason for the change, as noted in the most recent Enterprise Governance, Risk and Compliance Platforms Magic Quadrant, is that GRC solutions buyers are shifting away from a platform-centric approach to one focused on targeted solutions for specific use cases. A [...]

3 Comments »

Category: Applications compliance GRC IT Governance Risk Management     Tags: , , , ,

New FFIEC Guidance on Social Media Risk Management Effective Immediately

by French Caldwell  |  December 13, 2013  |  1 Comment

The final guidance from the FFIEC on social media risk management for financial institutions has been promulgated.  It is effective immediately.  As I mentioned earlier this year, regulatory guidance of this sort is not optional. I did a study recently on the public comments for my doctor in law and policy program at Northeastern University– [...]

1 Comment »

Category: Cloud compliance GRC public policy Risk Management Social Technology     Tags: , , ,

The Risks Are Always Greener on the Other Side

by French Caldwell  |  October 24, 2012  |  Comments Off

I’m here at Orlando Symposium talking to a good colleague, Neil McDonald, and I ask Neil, “Why don’t IT service providers, who complain so much about the intrusiveness and costs of customer inquiries, inspections and audits of their security controls, just provide their customers an IT GRC dashboard?  That way customers can see for themselves [...]

Comments Off

Category: Cloud GRC Risk Management     Tags: , ,

One Week Left to the Rockefeller Cybersecurity Deadline — CEOs, What Do You Want To Do?

by French Caldwell  |  October 12, 2012  |  Comments Off

In the last week I’ve had two calls with companies deciding how to respond to the cybersecurity letter that Sen. Rockefeller sent to the CEOs of Fortune 500 companies.  The deadline to respond is 19 October. CEOs are not required to respond, and with the demise of the Cybersecurity Act of 2012, it’s tempting not [...]

Comments Off

Category: Cybersecurity public policy Risk Management     Tags: , ,

Oh, Michael — Your Rant ….

by French Caldwell  |  October 10, 2012  |  1 Comment

Dear Michael – Good to hear from you.  Thanks for sending me your latest blog post.  I have to say though that when you rant you really do go ballistic — you want to throw six months of my work on the compost pile — ooh, that hurts.  But I get it, it’s not me; [...]

1 Comment »

Category: Applications compliance GRC Risk Management     Tags: , ,

WikiLeaks, Twitter and the Risks to Political Order

by French Caldwell  |  February 8, 2011  |  1 Comment

Arguably if you are an authoritarian leader who is threatened to be deposed, you view social media that your opponents use to organize protests as a threat.  On the other hand, if your supporters can use it to organize counter-protests, then you might see it as an opportunity — perhaps this explains why Egyptians saw [...]

1 Comment »

Category: Risk Management     Tags: , , , , ,

Learning from Aunt Elsie

by French Caldwell  |  January 25, 2011  |  Comments Off

Aunt Elsie never went to the grocery store.  She’d call in her grocery list over the phone, and the grocer would deliver.  One day in the 1950s, Aunt Elsie called my grandmother and said, “Emily, do you ever shop at a supermarket?”  My grandmother said of course she did, and Aunt Elsie asked to accompany [...]

Comments Off

Category: Risk Management     Tags: , , , , ,