French Caldwell

A member of the Gartner Blog Network

Entries Tagged as 'Risk Management'


Hey, Corporate Director, Who’s Your CISO?

by French Caldwell  |  March 7, 2014  |  3 Comments

I’ve spoken to a few corporate boards on IT governance and risk management, and I’ve one question that I always ask — but first let me clarify this Target CISO tweet with my twitter handle on it. In an internal Gartner e-mail thread about the Target CIO resigning, I added some irony, writing:  “Another good [...]

3 Comments »

Category: Cybersecurity IT Governance     Tags: , , , ,

A Revolution in GRC Affairs at Gartner (or burning the EGRC mq)

by French Caldwell  |  February 4, 2014  |  3 Comments

Gartner’s coverage of vendors in the GRC marketplace is about to change.  The main reason for the change, as noted in the most recent Enterprise Governance, Risk and Compliance Platforms Magic Quadrant, is that GRC solutions buyers are shifting away from a platform-centric approach to one focused on targeted solutions for specific use cases. A [...]

3 Comments »

Category: Applications compliance GRC IT Governance Risk Management     Tags: , , , ,

New FFIEC Guidance on Social Media Risk Management Effective Immediately

by French Caldwell  |  December 13, 2013  |  1 Comment

The final guidance from the FFIEC on social media risk management for financial institutions has been promulgated.  It is effective immediately.  As I mentioned earlier this year, regulatory guidance of this sort is not optional. I did a study recently on the public comments for my doctor in law and policy program at Northeastern University– [...]

1 Comment »

Category: Cloud compliance GRC public policy Risk Management Social Technology     Tags: , , ,

The Risks Are Always Greener on the Other Side

by French Caldwell  |  October 24, 2012  |  Comments Off

I’m here at Orlando Symposium talking to a good colleague, Neil McDonald, and I ask Neil, “Why don’t IT service providers, who complain so much about the intrusiveness and costs of customer inquiries, inspections and audits of their security controls, just provide their customers an IT GRC dashboard?  That way customers can see for themselves [...]

Comments Off

Category: Cloud GRC Risk Management     Tags: , ,

One Week Left to the Rockefeller Cybersecurity Deadline — CEOs, What Do You Want To Do?

by French Caldwell  |  October 12, 2012  |  Comments Off

In the last week I’ve had two calls with companies deciding how to respond to the cybersecurity letter that Sen. Rockefeller sent to the CEOs of Fortune 500 companies.  The deadline to respond is 19 October. CEOs are not required to respond, and with the demise of the Cybersecurity Act of 2012, it’s tempting not [...]

Comments Off

Category: Cybersecurity public policy Risk Management     Tags: , ,

Oh, Michael — Your Rant ….

by French Caldwell  |  October 10, 2012  |  1 Comment

Dear Michael – Good to hear from you.  Thanks for sending me your latest blog post.  I have to say though that when you rant you really do go ballistic — you want to throw six months of my work on the compost pile — ooh, that hurts.  But I get it, it’s not me; [...]

1 Comment »

Category: Applications compliance GRC Risk Management     Tags: , ,

WikiLeaks, Twitter and the Risks to Political Order

by French Caldwell  |  February 8, 2011  |  1 Comment

Arguably if you are an authoritarian leader who is threatened to be deposed, you view social media that your opponents use to organize protests as a threat.  On the other hand, if your supporters can use it to organize counter-protests, then you might see it as an opportunity — perhaps this explains why Egyptians saw [...]

1 Comment »

Category: Risk Management     Tags: , , , , ,

Learning from Aunt Elsie

by French Caldwell  |  January 25, 2011  |  Comments Off

Aunt Elsie never went to the grocery store.  She’d call in her grocery list over the phone, and the grocer would deliver.  One day in the 1950s, Aunt Elsie called my grandmother and said, “Emily, do you ever shop at a supermarket?”  My grandmother said of course she did, and Aunt Elsie asked to accompany [...]

Comments Off

Category: Risk Management     Tags: , , , , ,

Crisis Management Is What You Do When Risk Management Fails

by French Caldwell  |  January 21, 2011  |  Comments Off

In the drugstore the other day, my wife was searching for Tylenol Cold and Flu.  She insists that’s the only thing that works when she has a cold and with the onset of winter she wanted to make sure the medicine cabinet was stocked.  We searched and searched, but where almost any Tylenol product was [...]

Comments Off

Category: Risk Management Strategic Planning     Tags: , , ,

We Come to Kill GRC, Not to Praise IT

by French Caldwell  |  January 12, 2010  |  6 Comments

I’ve been involved in some discussions recently around GRC that remind me about the arguments around KM — as to whether it is a valid term or not.  The antagonists argue that GRC does more harm than good.  They argue that the term creates market confusion, that the vendors that claim to offer GRC solutions [...]

6 Comments »

Category: Uncategorized     Tags: , , , , ,