Blog library

Penetration testing and red teaming are essential cybersecurity practices that bolster an organisation’s security posture by uncovering vulnerabilities within their systems, networks, and people or business processes. These methodologies have distinct objectives, scopes, approaches and technologies employed.

Access to artificial intelligence (AI) and the drive for adoption by organisations is more prevalent now than it’s ever been, yet many companies are struggling with how to manage data and the overall process. As companies open this “pandora’s box” of new capabilities, they must be prepared to manage data inputs and outputs in secure ways or risk allowing their private data to be consumed in public AI models. Through…

What’s it like to change professions and gain a variety of experience? Amie Pinder, director of technology resilience risk at the London Stock Exchange Group, started her career in audit, but realised the world of technology was waiting for her. She speaks to Simran Sadhra and Rhianne Williams from Protiviti’s iGROWW network about her journey.

Ever since Steven Spielberg put the metaverse on the mainstream map in 2018 with his science-fiction adventure film, Ready Player One, based on Ernest Cline's novel of the same name, there has been a slow but steady drumbeat of momentum building around the potential and possibilities of this brave, new, immersive world. Sure, the metaverse had been talked about long before 2018, but once Spielberg made a…

Modern business is often defined not only by change, myriad projects and increasing regulation but also by culture, employee experience and well-being. Somewhere in the middle is the sweet spot of positive performance. Julie Wacker, occupational psychologist at Robertson Cooper, spoke to Matt Duncan, a managing director at Protiviti, about finding the balance.

Cybersecurity governance should do more than manage cyber risk. Good cybersecurity governance creates efficiencies by clarifying the outcomes expected from its processes and establishing boundaries of responsibility among cybersecurity practitioners, frontline operational areas, senior leaders and board members. Recently, numerous crises have drawn senior leaders and board members down into cybersecurity’s…

Last Thursday, the Committee of Sponsoring Organisations of the Treadway Commission (COSO) released interpretive guidance on how to effectively apply the 2013 Internal Control — Integrated Framework (ICIF) — which is currently applied to financial reporting — to sustainability reporting. The guidance results from a project approved by the COSO board a year ago with…

Senior leaders focused on cybersecurity recognise there is considerable guidance, best practices, frameworks, regulations and varied opinions on how programmes should design defensive capabilities. In addition, depending on the day, the various pressures in the organisation’s macro-environment may be greater or lesser and invite different priorities for time, team and budget. Despite these various pressures and…

Some of the toughest conversations CIOs will have within their organisations are likely to be about the benefits of adopting every emerging technology that’s caught business leaders’ attention versus the potential investments to be made in transforming legacy systems. As companies across all industries look to accelerate efforts to achieve their business transformation goals, a considerable amount of focus – and…

Could any security organisation benefit from greater innovation? Or from responding more effectively to diverse internal customers? How about benefitting by retaining the talent its leaders have so carefully nurtured, by accessing more diverse capabilities, or by improving problem-solving capabilities within the team?