Security

Zero Trust isn’t a product, but a strategy. In modern environments, it’s also essential. This blog post tries to cut through at least some of the jargon to explain how Zero Trust really works, where companies go wrong, and how CISOs can apply it in practical ways. I also Include practical tips on identity, device posture, ZTNA, and GRC alignment. No buzzwords, just straight talk.

The SolarWinds catastrophe is back in the news. But, this time for a new reason: corporate and CISO liability. Here’s my initial take: CISOs beware!

It’s important to base your security program on a standard. This helps with ensuring that you have a solid, well-rounded program that doesn’t have any gaping holes. But, picking which framework can be a challenge. In this article, I provide some guidance on how to go about picking a framework and where I typically start.

Have you struggled with how to get started on your GRC journey? You’re not alone. At Trace3, we commonly see organizations getting stuck at one point or another. Often these challenges result from a lack of focus on the core aspects of GRC.

In this article, I want to cover some basic GRC concepts and relationships that have helped me over the years. If you’re doing these basic things well, you’re ahead of the game! In the future, I’ll have additional articles to describe how you can build on this foundation to take your GRC program to the next level.