™ www.mirrorreview.com December 2020
Medium
LOW
HIGH
FOREMOST
RISK
Management
COMPANIES OF 2020
LEADER’S INSIGHT Travel Industry in COVID-19 Redefining Cyber Risk Management
COMFIN
GERALD NEHER CEO & MD
SOFTWARE
PIONEERING COMMODITY TRADING AND RISK MANAGEMENT SOFTWARE SOLUTIONS
IMAGE CREDIT: HURCA
EDITOR’S LETTER
P
Prepared for The Future
W
hile the world was gradually moving towards being virtual, the pandemic changed the course of the digital platform overnight. Work from home became the new normal. Consequently, this also gave rise to cyber breaches. In order to mitigate these risks, the integration of risk management became vital. Moreover, these issues highlighted the importance of risk management assistance. The industry is budding with several risk management companies, but the unprecedented crisis managed to segregate the leading risk management companies amongst the crowd. In our latest issue, “The 10 Foremost Risk Management Companies of 2020”, we have featured such companies that are prepared for the future. These companies have developed robust risk processes and helped their clients identify, assess, manage, report, and limit the risks they faced—despite the crisis. On the cover, we have featured ComFin Software, which deals with Commodity training and risk management. It is a veteran in the industry and since 1997, has been providing trading and risk management solutions to customers in the global oil and gas sector. Furthermore, readers will also find the leading risk and compliance management solution providers offering unique solutions in risk, compliance, content, and mappings. As the risk landscape is changing fast, many new risks and strategies are prospering. To help the readers understand these demographics we have covered the leader's perception in the section “Leader's Insight”. The C-Suite has shared their thoughts on the travel industry in COVID-19 and how cyber risk management will be redefined. Furthermore, in the section “Success Story”, readers will find the enthralling journey of Salesforce—the #1 CRM Company's path from rags to riches.
Vidya Joshi Editorial Coordinator
PUBLISHER
ARCHANA GHULE
EDITOR-IN-CHIEF
VIKRAM SURYAWANSHI
EDITORIAL COORDINATOR VIDYA JOSHI SHUBHAM BIRADAR UTKARSH DESHPANDE SANYUKTA MULEY
PROJECT MANAGERS DAVID THOMAS BHUPENDRA PATEL
ART DIRECTOR VINOD ALHAT
VISUALIZER
MARK DAVIS
GRAPHIC DESIGNERS SUSHANT KAMBLE SHUBHAM GHODKE
HEAD OF DISTRIBUTION & PRODUCTION AAKASH MAHAJAN
HEAD OF OPERATIONS ROBERT SMITH
RESEARCH ANALYSTS JAMES ADAMS
ADVERTISING MARIA SMITH
FOLLOW US mirrorreviewofficial MirrorReview1 mirror-review mirrorreview mirrorreview
Mirror Review Media & Tech C-206, Wisteriaa Fortune, Laxmi Chowk Rd, opp. Silver Spoon Hotel, Bhumkar Nagar, Wakad, Pimpri-Chinchwad, Maharashtra 411057
+1 (850) 564-8517
info@mirrorreview.com
www.mirrorreview.com
Mirror Review Magazine is published by Pericles Ventures Pvt Ltd. No part of Mirror Review magazine may be reproduced, published or used in any manner without prior written consent from the publisher. The team of Mirror Review Magazine has made every effort to ensure the accuracy of the content. The publisher assumes no responsibility of any part of the content of any advertisement in this publication, including any errors and omissions therein.
CONTENTS COVER STORY
12 Pioneering Commodity Trading and Risk Management Software Solutions
22 Modernizing Cybersecurity Risk Management
26 The GPS for Compliance Mapping & Management
30 Catalyst to a Sustainable World
36 The Right Way to Travel
CONTENTS LEADER'S INSIGHT
24
Travel Industry in COVID-19
40
Redefining Cyber Risk Management
32
SUCCESS STORY Story of Salesforce: The Journey of CRM Platform, From Rages To Riches
Medium
LOW
HIGH
FOREMOST
RISK Management
COMPANIES OF 2020
Pioneering Commodity Trading and Ris Management Software Solutions
12 | December 2020
COVER STORY
sk
Gerald Neher CEO & MD | 13
‘
COVER STORY
We do not need a m as we all love wh And where other people see pr
O
ver the past few months, the oil markets around the world have been rather bearish due to the COVID-19 pandemic, resulting in a financial struggle for several companies in the industry. The commodity markets, in general, have become more volatile due to the pandemic, which may lead to opportunities for traders who better manage their risk. Moreover, banks are becoming more cautious when financing commodity trades, particularly for smaller trading firms. Consequently, the existence of suitable compliance and risk management measures has turned from a luxury to an all-important necessity today. The interest in Commodity Trading and Risk Management (CTRM) software has thus risen to almost unprecedented levels. ComFin Software is meeting this increasing demand with its cost-competitive, fully functional trading and risk management software applications to the global energy and commodity industries with particular expertise in traders and shipping companies. It has been
14 | December 2020
providing trading and risk management solutions to customers in the global oil and gas sector since 1997 and last year extended its offering to the soft commodities and metals industry. The company was originally founded as part of the PVM Group, however, it became fully independent in 2005. With over two decades of progress and industry knowledge under its belt, ComFin Software is recognized and trusted as a leading provider of cost-competitive fully functional commodity trading and risk management solutions. COMPREHENSIVE CTRM SOFTWARE SOLUTIONS ComFin software strives to continuously support commodity traders with its CTRM solutions including, •
Comcore: The Comcore system combines the latest cutting-edge technology with over two decades of trading and risk management application development to provide customers with the most
‘
motivation mantra hat we are doing. roblems, we see opportunities.
•
•
cost-competitive and fully-functional solutions in the market. Designed to be highly flexible, the Comcore CTRM system can be used as a standalone solution or can be integrated into existing software infrastructures such as SAP, Oracle, or Navision. TheBulldog:It is ComFin Software's legacy Energy Trading and Risk Management Solution. It offers clients an entry-level CTRM system at a very competitive price. First implemented in 1999, TheBulldog'sfunctionality has evolved over 20+ years with its clients' business requirements and the growth of the refining and oil trading industry. ComFIX: It is ComFin's connector to the ICE and the CME Group. It automates trade flow between the front and middle office. Using ComFIX, all trades done on the exchange are automatically imported into TheBulldog, Comcore, or any other third-party E/CTRM system. ComFIX supports and has been certified for all product groups available on the exchange.
These services are primarily provided in the industries such as Oil, Gas & Coal Trading, Refining, Petrochemical, LNG & NGLs, Shipping, and Metals & Soft Commodities. Besides these solutions, ComFin Software also provides support, training, and consultingservices to its clients. A VETERAN DRIVING THE DEVELOPMENT Gerald Neher (CEO and Managing Director at ComFin Software) is at the helm of the company's operations. After studying economics and I.T., Gerald joined ComFin in 2005 as a consultant. He became the CEO of the company in 2010 and pushed the development of its “Comcore” system, being the stateof-the-art successor of the legacy system “TheBulldog”. Gerald, along with his partner Gunther Dauner together bought ComFinSoftware in 2018. Both of them own 50% of the company through a holding company. At ComFin Software, Gerald's primary role is advising
| 15
COVER STORY
COMMODITY TRADING & RISK MANAGEMENT SOLUTIONS
16 | December 2020
| 17
and supporting market participants. Being the CEO of a mid-sized vendor, he is closely involved in all the aspects of the company, from pre-sales to customer support, internal and external consulting, product management, etc. “Our clients value its CEO and company owners being close to them and easily reachable in case of any pressing issues,” he added. ENCOURAGING THE STAFF Gerald believes that the most important investment in a company is the staff. It is essential for a company to have a motivated and knowledgeable staff asthey will pass their satisfaction and knowledge to the clients. At ComFin Software, Gerald ensures the staff has all the information they need and can work in a pleasant environment, also encouraging them to raise questions and suggestions for improvements. Due to the close personal relationships he has maintained with the staff members, they have remained friends even after their professional paths were parted.
18 | December 2020
‘
Our award-winning support team is widely recognized for its professionalism, efficiency, and high level of customer satisfaction.
Medium
LOW
HIGH
FOREMOST
RISK Management
COMPANIES OF 2020
ESTABLISHING STRONG PARTNERSHIPS Establishing strong partnerships is a crucial aspect of any growing business. Being a mid-size company, ComFin Software does not have many of the resources that some big players might have. The challenge for the company was to optimize the available resources. For that, it has established strong partnerships with companies and private individuals. The company works with sales partners globally that help it spread the word about its software solutions. It also works with consultants and technology partners globally to be able to provide a full set of solutions to its clients in various industries.
FLEXIBILITY AND FASTER IMPLEMENTATIONS Alongside the challenge of managing resources, the pandemic confronted a significant challenge for companies such as ComFin Software. Like most other businesses, the company has adapted the “work from home” model since March 2020. The transition to remote working was smooth due to its existing IT infrastructure and the independent working style of its staff members. ComFin Software also offered and delivered remote training for its new clients. As many companies struggled due to the pandemic, it quickly released a new liquidity and cashflow simulator to help its clients understand the impact of late payments and defaults on their liquidity. “As we understand that our customers typically operate in different ways, we have always
offered the flexibility to customize any part of the software and quickly add new functionality to it. This flexibility is certainly one of our USPs,” asserts Gerald. Additionally, as more companies get active in commodity trading, the demand for professional Risk Management systems is also increasing. Companies are thus looking to implement those systems relatively quickly and at a reduced CAPEX cost. Due to the corporate structure of ComFin Software, it has a competitive edge in this regard over its competitors.The company can perform implementations in as little as two to four weeks at prices that no other major vendor can offer.
UPGRADING THE PORTFOLIO As the world moves further towards digitization and automation, ComFin Software's flexibility is expected to play a greater role in many areas. (For example—technical flexibility to add or remove components as needed, contractual flexibility to be able to quickly adjust to new challenges, and flexibility to work from different places). The company is working with established technology partners to offer add-ons to its current CTRM package. It is currently emphasizing on add-ons in the fields of Artificial Intelligence (AI), Blockchain Technology, and crisis management. ComFin Software strives to continuously develop and upgrade its software with new features and functions.
| 19
The 10 Foremost Risk Management Companies of 2020 COMPANY NAMES
INFO
Brinqa, Amad Fida & Hilda Perez, Founder
Brinqa Cyber Risk Services is built for security; transforming security, context and threat data into knowledge-driven insights that empower organizations to own their cyber risk. www.brinqa.com
C2C Smart Compliance, Steve Crutchley, Founder and CEO
C2C SmartCompliance provides compliance infrastructure management services, compliance software (Enterprise and SaaS) and mapping solutions. c2csmartcompliance.com
ComFin Software, Gerald Neher, CEO & Managing Director
ComFin Software provides cost competitive, fully functional trading and risk management software applications to the global energy and commodity industries. www.comfinsoftware.com
Corsica Cybersecurity, Dale Walls, Founder
Corsica Cybersecurity delivers advanced cyber technologies to the private sector and government agencies. www.corsicatech.com
ITC Secure, Arno Robbertse, CEO
ITC delivers high quality managed security services to help organisations manage the growing complexity of cyber threats and securely support their digital transformation. itcsecure.com
Libryo, Peter Flynn, Garth Watson, & Malcolm Gray, Co-founders
Libryo filters all law and delivers only the regulations that matter to the business. www.libryo.com
Ondato, Liudas Kanapienis, Co-Founder & CEO
Ondato provide a complete compliance management suite in regards to KYC procedure www.ondato.com
policyIQ , Chris Burd, Managing Director
policyIQ is a mature Governance, Risk and Compliance technology that is easy to use and easy to implement. www.policyiq.com
Seven Corners, Justin Tysdal (Co-founder and CEO), Jim Krampen (Co-founder and Executive Officer)
Seven Corners is an innovative and service-focused travel insurance and benefit management company that serves a global market. www.sevencorners.com
Verisk Insurance Solutions, Scott G. Stephenson, Chairman, President, & CEO
Verisk helps customers assess and price risk, improve underwriting and claims outcomes, and build resilience to extreme events. www.verisk.com
BRINQA
Modernizing Cybersecurity Risk Management Syed Abdur
VP | Product Management & marketing at Brinqa
omprehensive Coverage of Risk Analysis and Management
T
oday, most organizations have well-defined policies and processes for responding to vulnerabilities, findings, alerts, and other security gaps in their network and software infrastructure. However, these practices don't often extend to newer or less prevalent technologies such as cloud infrastructure, IoT, operational technology (OT), etc. With the continued growth and proliferance of cloud infrastructure within the enterprise, companies need to address these challenges urgently than ever. Established in 2009, Brinqa is helping companies address these challenges with its solutions. The Austin, TXbased company was founded by cybersecurity veterans Amad Fida and Hilda Perez with an aim to solve the most challenging, pervasive, and critical problems in cybersecurity. The company is on a mission to bring diverse stakeholders with different agendas and backgrounds together to work on a common goal; build cybersecurity solutions to protect businesses when their technology stacks are constantly evolving and in flux; and foster collaboration and knowledge-sharing between teams and processes in environments that are fragmented and siloed.
Brinqa cyber risk services provide the most comprehensive coverage for risk analysis and management across the entire enterprise technology infrastructure. Through dedicated purpose-built applications for Vulnerability Management, Application Security, and Cloud Security, Brinqa customers can implement a consistent cyber risk management strategy across these three critical components, while establishing and highlighting any dependencies between them. The company also provides a knowledge graph—the cyber risk graph—which is the real-time representation of an organization's technology infrastructure and applications, delineation of interconnects between IT assets and business services, and a unified knowledge source for cybersecurity decisions. The single, unified knowledge source for cybersecurity streamlines communication across varied stakeholders, departments, and regions. The Standard Out-of-the-Box Ontology Brinqa solutions are built on a
22 | December 2020
comprehensive, standardized data ontology that clearly defines, delineates, and represents the common IT, security, and business assets that comprise a typical technology infrastructure, and relationships between them. The standard out-of-thebox (OOB) Brinqa ontology is designed based on best practices, industry standards, and its experience with real-world customers. Brinqa's customers have complete access to the data modeling capabilities used to define and develop this ontology, and can further tweak the OOB risk models to accurately represent their unique environments. This is crucial for effective risk analysis and prioritization as presently there is very little standardization in how organizations implement their technology and security environments. Renowned and Ever-growing Customer Base A significant percentage of Brinqa's customers are large Fortune 100-type organizations. Its customer base includes some of the largest enterprises in retail, healthcare, insurance, and logistics verticals with a massive technology footprint. Moreover, in recent years, the company has seen an uptick in demand from smaller, technology-focused organizations. “Any business that has a strong dependency on their technology infrastructure requires a solution like Brinqa. Our smaller customers range from internet-based businesses, technology companies, and mobile-first solutions,” asserts Syed Abdur,VP of
Medium
LOW
HIGH
FOREMOST
RISK Management
COMPANIES OF 2020
Products at Brinqa. Empowering the Customers Brinqa provides customers with everything they need to start their Cyber Risk Management program. It provides packaged connectors, risk models, standard risk scoring, remediation workflows, and dashboards & reporting. Most of Brinqa's customers are quickly expanding the scope of their Cyber Risk Management programs to incorporate Vulnerability Management, Application Security, Cloud and Container Security, Mobile Security, Configuration Management, and Identify & Access Management. Besides this, the customers use Brinqa to automate many components of their risk management programs – from the collection of all relevant risk data, to the building of risk knowledge, to the communication of risk to all stakeholders, and the risk remediation process. The company's automation capabilities orchestrate better hygiene in customers' risk management solutions. Brinqa reconciles asset management data with live data and can be used to automate continuous checks and corrections as well. As a result, the customers benefit with a consistent understanding of assets that factor into determining their associated risk and better knowledge of their risk posture based on accurate information. Brinqa empowers customers with the ability to identify and suppress false positives while highlighting the most critical risks for remediation. The Accelerating Need for Cybersecurity The COVID-19 pandemic has highlighted some significant challenges
that most cybersecurity programs and organizations struggle with. “The notion of the traditional enterprise with well-defined boundaries has been consistently eroding for many years, and cybersecurity policies and practices have been slowly evolving to address this change,” adds Syed. The pandemic has forced large sections of the workforce to work remotely, accelerating the need for cybersecurity solutions to be re-architected for a highly-distributed, centralized, and dynamic technology infrastructure. Syed believes that the pandemic should
Brinqa cyber risk services are built for security; transforming security, context, and thread data into knowledge-driven insights that empower organizations to own their cyber risk.
have a positive impact on the cybersecurity industry in the long term – resulting in more dynamic, faulttolerant cybersecurity programs and solutions. Making the Platform Dynamic and Extendable The upcoming projects of Brinqa aim to make the platform even more dynamic and extendable. As part of this effort, it is working to open up its connector development framework – to allow customers and partners to
develop connectors on their own and expand its integrated ecosystem at a faster rate. The company is also working on the new GraphQL-based API that can be used by developers as well as business owners with limited or no development knowledge. Furthermore, by combining its graph database (Neo4j) with a new API methodology (GraphQL), Brinqa provides UI developers with the flexibility to create a rich report builder that is immediately relevant to business users. This is beneficial to developers as they can leverage the same API, improving code quality and consistency through more interactive and self-documenting API usage than traditional REST APIs. Securing the Software Development Life Cycle By mapping how IT enables and impacts business to create accurate cybersecurity data ontology, modern Cyber Risk Management provides a unique opportunity to introduce security early into IT processes and the Software Development Life Cycle (SDLC). It drastically reduces the cost of identifying and remediating vulnerabilities, as well as delivers software that is more robust, secure, and reliable. In the near future, Syed believes that organizations will continue to improve their ability to develop IT and SDCL processes that are secure and riskaware. “This is very important as enterprise technology environments become more distributed and rapidly evolve to adjust for changes in the real world. The pandemic has shown us that the changes can be drastic and organizations need to be prepared to adjust on short notice,” he concluded.
| 23
Leader's Insight
How COVID-19 Has Impacted the Travel Industry By Jeremy Murchland, Seven Corners, President
T
he COVID-19 pandemic has impacted nearly every aspect of people's lives, and travel is no exception. In fact, the travel industry may have been one of the most affected areas, as travel plans were changed, postponed, or canceled entirely. The year 2020 saw an 80% decrease in travel, both internationally and domestically. While we've seen a slight uptick in leisure travel again, business travel is still significantly depressed, and we expect to see that continue into next year. This year, travelers began to place greater importance on safety, cleanliness and flexibility when booking travel, as opposed to luxury or comfort. This means that despite the travel industry declining, consumers' awareness of travel insurance increased. In fact, the instance of travelers purchasing travel
24 | December 2020
insurance for their trips is expected to increase by 50% this year, and that trend should continue into next year. Because of the pandemic, people are more aware of travel insurance and its benefits in protecting expensive trip costs. I've outlined the major changes in travelers' behaviors and how travelers can stay prepared for the future during this uncertain time. Travelers' priorities have changed As mentioned, people are now more conscious of safety and cleanliness when considering travel plans, and they're more aware of what their options are. Because of these concerns brought about by COVID-19, people are now booking trips closer to when they'll leave instead of making plans in advance. For example, now is usually the time we see people begin
to start making plans for spring break travel. With travel regulations constantly changing and next spring still unknown for COVID-19 restrictions, people will likely make plans closer to their departure date to ensure there aren't changes with their trip. Understand cancellation penalties prior to booking Travelers are also more mindful of their health and whether or not their trip plans are flexible. If people are traveling out of the country, they now have to consider whether or not they are covered for contracting COVID-19 abroad, and who will help them get home in case of emergency. I encourage travelers to understand what their flexibility options are when they book a trip and ensure that you fully understand the booking terms. If
About the Author Jeremy Murchland is the president of Seven Corners, an innovative and service-focused travel insurance and benefit management company that serves a global market. Based in Carmel, Ind., the company offers customized travel insurance solutions and 24/7 emergency medical and travel assistance services for individuals and groups. Seven Corners also administers health care benefits for select U.S. government programs. Murchland became president of Seven Corners in January of 2020 after serving as the senior vice president of sales and marketing for the company. Murchland has more than 20 years of senior management experience and a long history of building high-performance teams and growing revenue. As president, Murchland is responsible for leading the execution of the Seven Corners' strategic plan along with the management of day-to-day business operations.
your trip is interrupted or canceled, know what your penalties are. Because of potential penalties, it's a good idea to consider purchasing travel insurance to protect trip costs. Consider adding travel insurance I recommend that people purchase a comprehensive type of travel insurance that covers trip cancellation and interruption as well as injuries and illnesses that occur on a trip. Some plans offer medical only, or if you're taking a cruise, the plan may only cover the cruise. Make sure you purchase travel insurance that is fully comprehensive and covers all angles of your trip. It's also prudent to consider adding Cancel for Any Reason (CFAR) coverage to your insurance plan.
CFAR is always going to provide the most flexible options for travelers to cancel a trip for any reason of their choosing. Adding CFAR will provide you a refund of up to 75% of your nonrefundable trip costs. We've experienced a large increase in CFAR sales as people continue to be hypersensitive to sudden trip cancellations and interruptions during the pandemic. Even in a decreased travel market, we're seeing an increase in travel insurance sales as awareness of travel insurance begins to increase. Prior to the pandemic, people didn't understand what travel insurance was or why they needed it. Now, they recognize its importance and understand that a travel insurance plan can protect them in the event of an emergency situation.
The future of travel Of course, the future of the travel market is difficult to predict with the constant changes COVID-19 has brought us. However, we're expecting a return to leisure travel as we start to move into summer of next year, with trip bookings expected to take place in March or April. Business travel will still likely be behind as people continue with virtual means of communication. One thing is certain: people are anxious to return to a sense of normalcy. It's possible that 2021 could experience a major travel boom, as travelers use their flight credits and finally take those long-awaited trips. Hopefully, they are able to do so safely while protecting their trip costs.
| 25
C2C SMART COMPLIANCE
e GPS for Compliance Mapping & Management
Steve Crutchley Founder and CEO
A
s government regulations spread around the globe, geopolitical, regulatory, legal, and compliance risks continue to present challenges for enterprises. Moreover, with the increasing proliferation of laws and rules and an increase in stakeholder expectations, organizations are more vulnerable to compliance risks than ever. Today, a majority of companies still take an old-school approach when it comes to managing compliance risk. As the risk issues change as per the business, their strategy and process must also change accordingly. C2C Smart Compliance, a Virginia VA-based leading risk and compliance management solution provider is helping organizations optimize their risk and compliance management operations. It is a premiere GRC firm, providing compliance infrastructure management services, compliance software (Enterprise and SaaS), and mapping solutions that support international regulatory standards and best practices for commercial and government enterprises. C2C's web-based, automated compliance
26 | December 2020
platform is designed for improved business performance and audit readiness across the entire organization.
without a structure threat library, MyRA allows this process to be undertaken painlessly and supports the findings.
Unique Service Offerings
It also shows Risk Values, Inherent Risk Values, Residual Risk Values, and Control effectiveness – all outputs from the risk management process using the threat tables. Alongside this, MyRA also offers Business impact Analysis, Assessment Questionnaires, Risk Treatment, and remediation with workflow and full reporting including filtering and graphical representations.
C2C Smart Compliance was established in 2005 as Consult2Comply. However, its name was changed in 2013 to C2C Smart Compliance as it aligned its business more to the compliance and risk industry and the demand for its products started increasing. The company provides unique offerings in risk, compliance, content, and mappings including,
• •
Compliance Mapper (CM)
MyRiskAssessor (MyRA)
It is a fully functional risk product that contains a comprehensive set of threats linked to vulnerabilities linked to control infrastructures. This allows the risk management process to be streamlined in the organizations and supports the skills needed to effectively undertake a risk assessment and manage the risks. Moreover, as organizations cannot effectively apply a correct threat
It is a unique compliance product. CM has over 10,000 regulations, standards, and best practices in the product. The CM Mapping Capability allows mappings to be applied (manually, semi-manually, and automatically) to the frameworks and showing mapping level as a guide to the compliance staff. This provides a good level of understanding to the teams that are measuring compliance effectiveness.
Medium
LOW
HIGH
FOREMOST
RISK Management
COMPANIES OF 2020
Furthermore, CM is also capable of finding possible mappings as well. Alongside these prominent products, C2C provides several compliance services such as — Banking & Financial Management, Regulatory Change Management, C2C Content Library, Assessing Compliance and Policy Gap Analysis, GDPR, Mapping/Crosswalk Services, etc. “We at C2C are pushing the envelope to ensure that compliance professionals can easily get to grips and understand the relationships of multiple differing frameworks into one coherent compliance infrastructure,” said Steve Crutchley (Founder and CEO at C2C Smart Compliance). Foremost Authority in the GRC Arena Steve is a recognized leader and the foremost authority in the GRC arena, with more than 25 years of experience in business protection. He came to the U.S. in 2002 just after 9/11 and started his business 4FrontSecurity that, which was later acquired by Symantec. Steve left Symantec to start Consult2Comply and to develop the Compliance Mapper product. Compliance Mapper was developed to help businesses understand a line of sight into regulations, standards, and best practices from policies, a major requirement still being used today. MyRA was initially developed for IT risk but it also has moved on significantly. He takes pride in leading a team that is committed to understanding customer needs and delivering success.
As the founder and CEO, Steve's roles are to ensure the client needs are met, to design the software to deliver what the client wants, and to manage the teams to make sure they can respond quickly and effectively.
severely affected by the pandemic. The company provided continuous services throughout the pandemic and has also maintained the relationships with its clients. It takes pride in listening and delivering to the clients' needs.
Offering Value-added Services Since its inception, C2C's aim has been keeping everything simple and not over-complicating subjects like risk and compliance. However, the cutthroat market competition seeks
While many organizations give you what you don't want, C2C prides itself on listening and delivering to your needs.
unique methods and tends to over complicate everything. “We strive to offer value- added services and this can be difficult because people want complication which makes life more difficult and takes much longer putting organizations at risk,” adds Steve. Delivering to the Clients' Needs The COVID-19 pandemic has unsettled several businesses around the world. C2C, however, was not
Before the pandemic, all the C2C staff was used to travel extensively, supporting its clients on-site. However, being deskbound due to the impositions, it has adapted to the conferencing facilities. Moreover, as the 9 am to 5 pm days have disappeared into obscurity, the company's solid work ethic has supported it. Heaping praises on his team, Steve further added that the C2C team was excellent and very professional in their approach to business in these unprecedented times. Continually Improving Functionality Presently, C2C has numerous projects in hand such as working with large bank groups and legacy GRC vendors, providing them with regulatory content. Moreover, the company has recently made in-roads to the Australian Market with the help of a partner who understands the Australian market and conditions. In the near future, the company aims to continually improve functionality to make the risk process easier for people that do not necessarily understand risk and want to undertake risk assessment and get proven results.
| 27
YOUR N ARE OUR OUR SYSTEMS •
•
With over three decades experience, we have developed and enhanced the Industry pioneering off-the-shelf Energy and Commodity Trading & Risk Management Systems “TheBulldog” and its successor . At ComFin, we tailor our CTRM solutions to meet our clients' requirements and needs. With these solutions, companies can manage the whole lifecycle of physical/paper trade from front to middle to back office, with relevant risk management, reporting and compliance functionality such as invoicing, audits and permission management.
www.comfinsoftware.com
WHY COMCORE IS THE IDEAL CHOICE FOR YOUR BUSINESS •
• • • •
Maximise profits by reducing associated risks (Market risk, Credit risk, Operation risk) Streamline and automate workflows Enforce financial and operational checks Improve efficiency of Mid and Back Office departments Maintain database of trading and market data for historical analysis and informed decisionmaking
info@comfinsoftware.com
NEEDS R DUTIES! WHY WE ARE UNIQUE • • • •
100 % Made in Austria, no outsourcing User-friendly working, cost-effective usage services Dedicated and experienced support and consulting staff Offer standard implementation within two weeks, inclusive of system configuration, data migration (if systems are replaced) and user training • High level support from the head quarter (no call centre)
For further enquiries please contact us!
TEL: +43-1-513 47 04
LIBRYO
Catalyst to a Sustainable World
Peter Flynn Co-founder
L
ibryo is the brainchild of the trio of Peter Flynn, Garth Watson, and Malcolm Gray (Co-founders). Established in 2016, the London-based compliance scaleup sees a world where anyone can know what the law requires of them and others, to achieve environmental, social, and financial justice. Libryo exists to be a catalyst for a sustainable world by radically reorganizing the world's regulation and making it easily available. It is also building a definitive global marketplace for legislation, where Libryo users can seamlessly obtain legal content and professional services. Over the next few years, the company aims to have all of the world's regulations readily available on its platform for easy access. Presently, it offers a legal tech solution to businesses. However, it ultimately aims to help a broad set of stakeholders with solutions around legal requirements and policies. Comprehensive Compliance Services Libryo is the only company in the
30 | December 2020
world that turns legal content into legal data and then uses a customer's context to determine what legal requirements apply to them. Typically, competitors require their customers to spend large amounts of time figuring out what law applies to them manually. Then, they collect the applicable content in various formats and keep it up to date in a manual way. This is prone to human error and creates problems for multinational organizations that are not able to see cross-comparable legal information for their whole business, across all operations. Subsequently, Libryo is building a database of the world's law in a consolidated format to help reduce human errors and streamline the legal information. This allows customers and third parties to access the law through its API for their different use cases. It also provides a SaaS solution, which its customers subscribe to on an annual basis. Moreover, the company provides its legal data (Data as a Service) via API keys for the partners and works with them to integrate data and use it to deliver regulatory compliance
solutions for the partners' customers. Libryo takes the legal research legwork away from its customers and partners, and delivers only the applicable regulations and requirements to each customer at a local, regional, national, or global level. Turning Law into Data Most people in business want to comply with all applicable laws, however, they often fail to do so. This is essentially due to a fact that law exists as unstructured content in multiple formats, in multiple spoken languages, and has to be sourced from many different physical places, thus making it near impossible to know legal requirements in an everchanging regulatory environment. Resolving this issue, Libryo is turning law into data by extracting legal text and using metadata to put the text into context and to identify meaning in a uniform, global, and cross-comparable machine-readable format. “We believe that the existence of this data will revolutionize the entire legal requirements element of the global risk management industry,” adds Flynn. The Trio Optimizing its Capabilities Peter, alongside his fellow co-
Medium
LOW
HIGH
FOREMOST
RISK Management
COMPANIES OF 2020
founders, has a non-traditional and non-hierarchical way of defining his roles and responsibilities at Libryo. The trio divides responsibilities according to their personal and professional strengths, using the RASCI framework. Peter's responsibilities are technology, product development, and sales of new products, while also working closely with Garth and Malcolm on developing the company strategy. He has had a multifaceted career as a professional musician, a freelance web developer, and the co-founder of a large web application development consultancy and large technology conference in South Africa. Peter alongside his co-founders, is leveraging all his experience to drive Libryo towards hypergrowth, both in revenue and realized value to customers. New Strategies, New Solutions Like most companies, the COVID-19 pandemic forced Libryo to find new ways to operate. Being a venturebased startup, it strategically runs the business at a loss to pour as many resources as possible into product development and growth. When the pandemic hit, the company realized that it needed to extend its cash runway as far as possible and act fast without losing any employees. Heeding to this COVID crisis, Libryo implemented a strategy of a 20 percent pay cut across the whole company, which has enabled it to extend its runway far into the future. The company is also closing a new round of capital (over £1m already closed as at December 2020), which will see it in a strong financial
position for the foreseeable future. Besides operational changes, the pandemic also forced companies to embrace digital solutions quickly. Being an agile tech provider, Libryo quickly got to work developing a free solution called the COVID-19 Regulation Tracker, to help other businesses globally know their legal requirements concerning the pandemic. This helped to support the organizations struggling to cope with the impact of the virus and ensure that the work environments are safe for their employees and customers.
We are a team of frontrunners on a mission to make it easier for companies to know the law, and keep it.
Remote Working: The New Standard The lockdown impositions due to the pandemic have resulted in companies asking the employees to work remotely. While remote working was relatively new for most companies, Libryo was used to the concept as it was a 'Remote First' business since its inception. At Libryo, no employee has a fixed desk, and its employees, spread across 8 countries, can work
from wherever they choose, provided the internet is good. “For us, it's really just been about less travel for meetings, a more deliberate regime of rest and being able to hire the best talent without forcing them to have to move from their communities,” asserts Peter. Preparations for the Future Once there is global herd immunity to COVID, Peter foresees a huge cultural resistance to returning again to the office or factory 5 days a week, and also to travelling as frequently for business meetings as before COVID. This has massive repercussions in regard to what work-related tasks look like in the future, and the systems needed to manage the associated risks. He believes that occupational hygiene and related categories of risk management will be important in organizational management in the future. Anticipating the changes, Libryo recently launched version 3 of the Libryo Platform which makes the ingestion of the legal content even faster, thus enabling it to onboard customers in brand new territories within weeks. It is also finalizing the Libryo Assess module, built to help organizations complete selfassessment and gain visibility of their compliance and risk status across all of their operations in a single dashboard. By 2025, the company aims to be the best and most comprehensive global Data-as-aService ecosystem and Software-asa-Service marketplace for legal and other requirements.
| 31
SUCCESS STORY
Story of The Journey of #1 CRM Platform, From Rages To Riches
T
he goal of an enterprise CRM (Customer Relation Management) platform is to manage a company's interactions with their present and future customers. Back in the early 90's, CRM companies were offering expensive softwares to enterprise users, which they had to monetarily manage from start to finish. However, Marc Russell Benioff had a change savvy vision to create a Software as a Service (SaaS) CRM model for customers who will be charged as per software usage only. This new approach faced severe backlash from venture capitalists and investors who ridiculed his idea at that time. However, he remained determined towards his vision and did not falter. Marc invested his personal funds which he had obtained from his investments in Siebel Systems, Inc. Salesforce.com was brought to life from a nutshell of an idea, transformed later into a revolutionary one. Following mentioned is a milestone journey of Saleforce.com from humble beginnings to a skyrocketing dynasty.
TELEGRAPH HILL, SAN FRANCISCO (1999) In March, 1999 Salesforce took its first breath in a miniscule apartment located atop Telegraph Hill, Sanfranciso, USA, next to Marc Benioff's apartment. Joining hands with Marc were Parker Harris, Frank Dominguez and Dave Moellenhoff with inspirational posters of the Dalai Lama, Albert Einstein and two dogs in their office backdrop. After a decade of experience in Oracle, Benioff wanted to establish a CRM company which would offer CRM based services over the internet by utilizing central servers to store customers' data rather than selling packaged software to businesses. In this way, he wanted to prevent enterprises in leveraging millions of dollars, otherwise required to purchase, implement and constantly upgrade the softwares. Marc, along with his three programmers developed the fundamental prototype within months, following the footsteps of Amazon.com. He wanted to replicate the similar easy accessibility, rapid availability and user friendly nature of Amazon's over the internet program for his CRM platform. In July 1999, Salesforce found a home at Rincon Center with 10 employees working full time in an eight thousand square foot office. With new developments and fructified ideas, Salesforce again relocated by November 2000 to One Market Street.
32| |December December2020 2020 32
DAWN OF THE MILLENIUM: SALESFORCE ENTER IN THE BUSINESS LANDSCAPE (2000) The millennium era marked the arrival of Salesforce, a power packed product developed by a highly skilled team at an upscale location. Mark, who is known as the rookie and pitchman of sales and marketing, came up with a distinctive marketing campaign to introduce Salesforce to its audience. To depict a visual advertising presentation, the lower level of the Regency Theatre was transformed into a space, imitating the Enterprise Software as 'Hell' with stage actors shouting and screaming at the top of their lungs. Soon, after getting released from the cages and covering their way on dirt, the actors find Salesforce.com. This entire setting of the launch was publicly advertised under the heading of 'No Software'. In addition to that, the campaign also showcased a feisty fighter jet defeating a biplane. This fighter jet illustrated the technically blessed and futuristic software unlike its rival competitors. On the other hand, biplane represented the harrowing software industry unable to cater to the customer requirements.
BIRTH OF DREAMFORCE (2003) Salesforce's City Tour was a regular symposium, lasting for a few hours held across the country. This event was used as a platform by the CRM solutions provider company to introduce their latest range of products and to understand the requirements from the target users. However, in 2003, Salesforce initiated a new event called Dreamforce which was attended by 1,000 registered participants. Sforce 2.0, the CRM industry's first on-demand application service was launched at Dremforce.
BRINGING OHANA CULTURE TO LIFE AT SALESFORCE (2004) The Founder of Salesforce was highly impressed as well as inspired by the spirited nature of Hawaii. In June 2004, Marc threw a Hawaiian themed launch party to introduce Salesforce Ohana. He not only wanted to instill a free spirited work culture in his employees, but also the global community they have built. Marc also purchased its first office in Hawaii at the Rincon Centre.
CHANGING THE WORLD OF BUSINESS SOFTWARE DYNAMICS WITH APPEXCHANGE (2005) Under the flagship of Salesforce, the innovative CRM company introduced AppExchange. Here, customers were given complete freedom to develop their own applications as per their requirements and also, make it available for other Salesforce user communities.
LOGICAL EXTENSION OF PLATFORM AS A SERVICE (PAAS) (2006) Since the introduction of Dreamforce, the number of eager participants and business enthusiasts started escalating along with Salesforce product users and its avid followers. Apex was an on-demand programming language, allowing third party customers, for the first time, to inscribe and run code on Salesforce.com's shared architecture. This reinforced users, partners and program developers to operate on the same language. Parker Harris was one of the pioneer developers behind the success of Salesforce. Parker formulated a technology called Visualforce, permitting users to design interfaces, including buttons, forms, links and embed anything as per their personal liking and necessity. This technology opened doors to the Salesforce Platform-as-a-Service (PaaS) called as Force.com. This futuristic program ran multiple times faster than the conventional programming methods. Big shots like Citigroup, Morgan Stanley, Thomson Reuters and Japan Post began using Force.com to build their custom applications.
| 33
SUCCESS STORY
CLOUD COMPUTING OPENS LARGER AVENUES OF MARKETING (2012) After enjoying a decade of successful innings, Salesforce till 2012 had managed to cover sales, service & PaaS platforms with Dreamforce playing a significant role. During the same time, Salesforce went on a shopping spree to acquire numerous companies related to their space and managed to reap tremendous benefits from them as well. By 2012, Cloud Computing arrived in the market with infinite opportunities and room full of advancements.
ULTIMATE MOBILE EXPERIENCE (2013) With half of the world's population using smart phones, Salesforce rolled out the Salesforce1 platform with a rationale to allow access to unlimited information available on the internet. Through this advanced platform, users can access other Salesforce products as well as AppExchange applications from the App store.
AGE OF CUSTOM MAKEOVER (2015) Salesforce had managed to keep the look of its browser simple and hustle free for about 16 years. Owing to the advancements in marketing strategies and advertising, Salesforce launched The Lightning Experience with a focus on color schemes, eye catchy look and responsiveness of the app for revamping its brower appearance.
IMPACT OF ARTIFICIAL INTELLIGENCE (2016) The 2016 Dreamforce summit showcased the launch of Einstein, offering advanced AI capabilities to sales, service and marketing along with the flexibility to build custom apps. The event was witnessed by 170,000 crowd in a 4 day conference with over 15 million additional viewers streaming through Salesforce Live.
QUIP COLLABORATION PLATFORM (2017) The global CRM leader introduced the Quip Collaboration Platform, allowing teams to join forces and work effectively at a faster pace via one live document. Through Live Apps, records, calendars, kanban boards could be used. Moreover, Quip is equipped with workflow templates, pre-built Quip documents and spreadsheets for distinct industries, projects and functions, enabling teams to deliver productive outcomes.
SALESFORCE ESSENTIALS (2018) In 2018, the team of Salesforce came up with an easy-to-use sales and service apps for small start-up companies through Essentials. The latest launch is powered by Salesforce Trailhead, Einstein AI, Lightning and AppExchange, which stores the user data over Cloud and cater to all the requirements of its clients. Essentials, is a blessing in disguise for entrepreneurs of small businesses and start-ups who can now maintain excellent customer relationships using this platform. Over the last 19 years, Salesforce has managed to surpass its competitors by delivering an outstanding range of products one after the other. With resonating technology and its advancements, the business enterprises and customers have huge expectations from Mark Benioff as well as the Salesforce empire in the future.
34 | December 2020
Seven Corners e Right Way to Travel
Justin Tysdal
Co-founder & CEO
T
ravel insurance is one of the most important investments for a traveler, particularly for traveling abroad, as travel insurance covers numerous risks such as medical risks, travel risks, flight disruptions, etc. Thus, numerous travelers today prefer to buy a comprehensive travel insurance policy while planning their journey. At present, there are many travel insurance providers available in the market. However, distinguishing itself with more than two decades of experience, Seven Corners is one of the best travel insurance solution providers around. Incorporated in 1993, the Carmel, Indiana-based company is an innovative and service-focused travel insurance and benefit management company that serves a global market. The company was co-founded by two young travel insurance industry professionals —Justin Tysdal (Cofounder and CEO) & Jim Krampen (Co-founder and Executive Officer)—with a mission to protect travelers while building loyal customers, inspiring team members, and driving value for its partners. Specialized Services and Solutions
36 | December 2020
Beginning with a single travel insurance product, Seven Corners today serves the needs of hundreds of thousands of members worldwide through its diversified portfolio of products and services. The company offers a plethora of travel insurance plans including travel medical plans, student plans, annual plans, visitor plans, group plans, etc. Besides these plans, it also offers customized services such as medical assistance, including emergency medical evacuations and repatriations and medical case management. The Seven Corners team services their customers through several different communication tools as well as an online portal that allows them to view their purchases, extend and cancel plans, and check the status of a claim. Furthermore, in the wake of the COVID-19 pandemic, Seven Corners designed specialized COVID-19 travel medical plans. The company accomplished this by adding a specific benefit to its existing plans and rebranding plans with 'plus,' to clarify the expansion of the plan. This new benefit covers medical expenses if a customer contracts
COVID-19 on their trip. Moreover, the coverage is not tied to travel warnings. Seven Corners also launched the “Right Way to Travel”—an initiative to improve service via new communication tools and additional self-service options for customers. Ensuring a Customer-centric Culture The team of Seven Corners believes in community, and the company culture is centered around extending a sense of community to its customers regardless of where they are. This varies from guiding a customer to choose the best benefits for his/her needs, to managing an emergency medical evacuation halfway across the globe. The team works with company values at the heart of its efforts. Seven Corners' team is led by the two co-founders who ensure these core values remain at the forefront of the company operations. Justin is involved in developing the company's strategic direction and long-term planning and works on processes and operations, while Jim
Medium
LOW
HIGH
FOREMOST
RISK Management
COMPANIES OF 2020
handles sales and growth. Both the veterans have different skillsets and personalities, which they have leveraged to provide a well-balanced approach to the business and drive the company towards growth. Pivoting to Meet the Changes The pandemic presented numerous challenges for businesses in the travel insurance industry. For Seven Corners, the major challenge was the inability of folks to travel internationally. However, the company had an excellent marketing plan in place before the pandemic hit, which resulted in record sales in January and February of 2020. The organization continues to manage that plan nimbly, pivoting quickly to meet changes in the market. “Our team has also reviewed expenses, instituting cost-savings measures when it made sense and evaluating partner relationships to ensure the value we need is there,” Justin added.
Jim Krampen
Co-founder & Executive O cer
company meets virtually every Monday where updates from all areas
At Seven Corners, we want to give you the freedom to experience new places and re-visit places that may be close to your heart.
Upholding Communication and Values In response to the pandemic, Seven Corners initiated remote work for team members in early March. Most of the team still works remotely although the company has provided options for anyone who wishes to work from the office. Moreover, Seven Corners' motivational mantra is based on communication and company values. “If you don't know there is a problem or gap for customers, you can't fix it,” asserts Justin. The entire
of the business are reviewed. In the meeting, performance metrics are covered and if needed, the next steps for improvements are also discussed so that Seven Corners is ready to face the upcoming challenges postpandemic. Anticipating the Changes The pandemic has impacted the travel insurance market significantly. For most companies, sales were up in the first quarter of 2020 and tumbled
when the pandemic hit. As people get more comfortable traveling post pandemic, Seven Corners anticipates a strong return to travel towards the end of the second quarter with travelers purchasing travel insurance more frequently than they did previously. Throughout the pandemic travel crisis, consumers have learned how travel insurance works and now have a better understanding of travel insurance and the difference it can make for a traveler who encounters both small and large obstacles while traveling. Seven Corners promises to continue to aggressively review its products and services, checking in with customers to identify their wants and needs. “We believe travel will return in a big way, and the steps we take now will make a difference once folks can travel again,” adds Justin. Perseverance and Sustainability Having successfully led a company for more than two decades, Justin believes that perseverance and the ability to hold on to the dream are crucial to success for any entrepreneur. Citing his own experience, he added that both he and Jim had second jobs to ensure they had the income to carry through until the company was self-sustaining. Whenever they hit roadblocks, they found a way through or around them and moved on. These, according to Justin, are the keys to success for aspiring entrepreneurs.
| 37
Leader's Insight
COMING TOGETHER ON ENTERPRISE CYBER RISK MANAGEMENT By: Syed Abdur, VP, Product Management & Marketing, Brinqa
I
t is not uncommon for two people to talk about enterprise cyber risk management and walk away with different understandings of the topic. What enterprise cyber risk management is can even vary within an organization, often depending on which function you belong to – business, IT, InfoSec, or another. It is important to establish a common understanding of this important discipline, since the proper execution of enterprise cyber risk management is so critical to an organization. Defining Enterprise Risk Business leaders generally are referring to some force outside of their control that may damage corporate assets when talking about risk. The risk gamut can range from critical systems being held hostage by ransomware, to exposure of confidential client information. It's a critical focus because a company's executives have a duty to protect shareholders' assets from risks, particularly financial damage. Enterprise risk refers to this idea in a big company context. It is critical for enterprise risk management to include a cyber component, especially as business functions and processes move to the cloud, and as businesses undergo
40 | December 2020
rapid digital transformation. Clarifying Enterprise Cyber Risk Management It can be a difficult endeavor coming to a practical understanding of enterprise cyber risk management. One reason is that the Enterprise Risk Management (ERM) field is large and diverse. There are multiple frameworks for ERM, which take different angles to address the problem. For example, the COSO ERM framework focuses on financial risk, including risks from fraud or bad debt. The Chief Risk Officer (CRO) is responsible for ERM in many organizations, but often the focus is mostly in the context of compliance. As a result, the organization may be required to meet some cybersecurity standards. However, it is important to not make compliance the primary driver for cyber risk management strategies and goals. For example, an organization may be compliant with the law but still be at serious risk from a cybersecurity perspective. In addition, the CRO may have no corporate mandate to deal with cyber risks.
The absence of a common understanding and clear definition leaves too much ambiguity for the various stakeholders to execute on a unified plan and strategy. To be effective, enterprise cyber risk management must be a continuous, consistent process that brings together people, processes and information across business, IT and Information Security teams. Enterprise Cyber Risk Defined Enterprise cyber risk in our context can be defined as any situation where a cyber-borne threat affects business value or operational effectiveness of a corporate asset in a negative way. This is a far broader definition of cyber risk than is normally used in cybersecurity circles. CISOs tend to view risk in context of digital assets, for example any threats to destroy data or software, or disrupt networks. However, enterprise cyber risks are far more widespread in nature. Consider these examples: • Customers' confidential information being compromised causing diminished brand reputation • Hacking of IT systems leading to physical damage or even fatalities
•
DDoS attacks resulting in critical business applications being unavailable and financial losses
As you may recall, the handling of the Equifax breach a few years ago led to significant outrage from the public and caused considerable damage to the Equifax brand. Key executives, including the CEO, abandoned ship in the weeks and months following the disclosure. The company faced more than 240 class action lawsuits and investigations from state and federal agencies, including the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC). Equifax reported it recorded $87.5 million for expenses related to the breach that quarter. While a web application vulnerability was determined to be the cause of the breach, the extensive damage to the business and brand was a result of Equifax's inability to manage and understand enterprise cyber risk. Enterprise Cyber Risk Management's Main Challenge There is no final, end goal in enterprise cyber risk – it's an ongoing endeavor. Consider the literally hundreds of millions of new cyber threats that appear every year. Corporate assets are exposed to cyber threats in almost every imaginable way. Especially with work from home (WFH), the attack surface area is immense these days, including every endpoint, application, data store and infrastructure element. And, all of these are dynamic, including applications which are constantly changing, and operating systems and hardware which are being continuously updated. In addition, connections between a company, its partners and the outside world are never static. Cyber risk management challenges
revolve around maintaining control and awareness in a hugely complex and rapidly shifting environment. The lack of understanding of the Information Security function in most organizations further complicates this. Confusion abounds around the roles, responsibility and division of InfoSec and IT. One way to think about it is to consider IT and InfoSec as essential but ancillary functions (such as legal, HR, etc.) that exist together to support the business. Neither function is accountable to the other, but rather is accountable to the business and exists to help the enterprise reach its ultimate goals. The Approach To Enterprise Cyber Risk Management Considering that IT and cybersecurity work together to achieve common goals, we can begin to put a practical framework together for enterprise cyber risk management. For the most part, InfoSec usually has good visibility into IT data and processes, and works extensively on this information to accomplish various assessment and monitoring activities to identify gaps, vulnerabilities and threats. However, to effectively evaluate the associated cyber risks, we must understand the potential impacts of these weaknesses and threats to the business. This can be accomplished by building relevant and accurate business context into the cyber risk analysis process. While it may seem daunting at first, most enterprises have information somewhere within the enterprise to build business context. Business continuity and disaster recovery (BC/DR) initiatives can report the business impact of technical assets. Data protection programs can provide details about which areas of the infrastructure process sensitive and
confidential information. Compliance initiatives monitor the status of assets that must be tracked in accordance with various standards. What most organizations struggle with are the data management capabilities and analytical maturity needed to incorporate and operationalize this information. Establishing the right ownership and accountability model for cyber risk is also very important. Repeated alerts and notifications from InfoSec may go unresolved, but making the business owner part of the risk remediation process can have a very different affect. In this way, cybersecurity is simply facilitating the conversation between responsible and accountable stakeholders. Making business users part of the risk ownership and escalation chains ensures that those directly impacted by the problem have a say in how and when it is addressed. A cyber risk management platform can facilitate this process. It can aggregate all the data required for cyber risk analysis – across business, IT, and cybersecurity data sources. The platform can normalize and correlate risk data so enterprise risk managers can discover the connections between technology assets and understand the threats and impact to business. Armed with this knowledge, risk managers can prioritize vulnerabilities and focus mitigation efforts on the most critical risks and most valuable assets. An organized, data-centric approach to enterprise cyber risk management can bring the CISO and CRO, and their distinct perspectives on cyber risk, together for a shared business purpose. Properly correlated and interpreted risk data creates the common ground necessary for a truly enterprise-wide approach to cyber risk management.
| 41
e b i r c s Sub Now
CONNECTING GLOBAL PRO
SCAN & GET INSPIRED, STAY UPDATED WITH ALL THE BUSINESS WORLD BUZZ WITH MIRROR REVIEW MAGAZINE
OFESSION WITH BUSINESS