Skip to main content


Is Cyber Security Your Next Career: (ISC) Global Information Security Workplace Study

The recent (ISC)Global Information Security Workplace Study illustrates the issue of Filling the Cybersecurity Gap in stark detail. The report projects that the global information security workforce shortfall will reach 1.5 million workers in five years. 

The nearly 14,000 qualified information security professionals who took part in the study are already struggling with this: Only half believe their organization is capable of sufficiently discovering and recovering from a breach. 

As a result, only one-fifth indicate that they can complete remediation after a system or data compromise within a day (down from 33% in 2011). Other findings reveal additional, troubling developments:With an insufficient pool of avail-able, suitable job candidates, 62% of respondents say that their organization has too few information security professionals, up from 56% in 2013.

Two-thirds are concerned about security technology “sprawl”—a significant increase in the numb…
Recent posts

Three Lines of Defense

What is the 3 lines of defense model?

3 lines of defense model distinguishes the three interrelated functions of an effective enterprise risk management program. These are:

1) Own and manage
2) Oversee
3) Independent Assurance

What is the role of first line in the 3 lines of defense model?

The first line is responsible for managing risks and maintaining effective internal controls. It is a bottom up approach where risk assessments are performed and include - RCSA - Risk Control Self Assessment, KRI - Key Risk Indicators, Risk Profile and Escalation process.

What is the role of second line in the 3 lines of defense model?

The second line is responsible for design and implementation of risk program. It provides the framework used by the 1st line to assess and manage risks.  The goal is to connect dots by taking a portfolio view of risks across the enterprise. Primarily provides top down view relative to strategy and risk appetite. 

What is the role of third line in the 3 lines of defense model?


The 3 Lines of Defense for Good Risk Management

For years, risk in many organizations was managed on an ad-hoc basis by tenured leaders relying on their own experience, such as the CEO and any credit, market, legal and fraud experts on hand. Internal audit functions existed to identify necessary internal controls and make sure there were no gaping holes. Typically, internal audit was the only part of an organization performing regular risk assessments, and when something went wrong, management would cry, “Where were the auditors?” Today, a new governance model is gaining popularity. The “three lines of defense” (3LoD) model mobilizes three separate groups—business managers, central risk and compliance management teams, and internal auditors—to work together at different stages to provide increased protection against an ever-widening array of risks. The model promotes risk ownership and a stronger risk management culture while eliminating inefficiencies, gaps and overlaps that often occur in the management of risk and compliance by…

Risk Management, What If Analysis and Emergency Preparedness

Visit to learn more about Naval risk management and pirate risk assessment!

Embedding Risk Management Within The Organization

Embedding Risk Management Within The Organization
Whether you are in manufacturing, service industry of healthcare, embedding risk management into daily work is going to be a key challenge. It is often difficult because many risk managers and leaders don't really know how to do this. I am sharing the two key tips that can help you in being very successful in embedding risk management within your organization. Connect the dots: This deals with employees understanding and knowing the rules of the games and taking pride in their work as well as being engaged. The organization will be able to connect the dots for its employees when it is open, transparent and willing to share information on key metrics and performance such as Quality, Delivery, Safety, Cost and Morale. Sharing these metrics is the first step. There are many other next steps that should follow. We can help you and your organization in connecting your business Why with your ERM's Why? visit us at …