Lockpath launches templates to Keylight Team Edition, premier GRC platform

Lockpath just launched templates to its Keylight Team Edition, its premier governance, risk management and compliance (GRC) platform.  .

Templates included with the platform are a pre-built starting point for customers to solve their initial compliance management needs, the company said.

“In today’s rapidly changing regulatory environment, businesses are continually seeking ways to streamline and improve their integrated solutions,” said Chris Caldwell, Lockpath’s co-founder and CEO. “Our platform helps them overcome the challenge of building and implementing a robust compliance program quickly and efficiently.”

The addition of templates to Keylight Team Edition gives customers the ability to quickly create and implement policies. The additional steps needed for an effective compliance management program such as mapping to controls, logging awareness events and collecting attestations, can be accelerated with templates.

“Last year we launched Keylight Team Edition to give our SMB customers better access to an integrated risk management program and now templates further enhance this commitment to all of our customers,” Caldwell said.


Lockpath’s initial library of pre-defined templates includes the initial elements to comply with regulations and frameworks such as GDPR, CCPA (California Consumer Privacy Act), ISO 27001, NIST SP800-53, Sarbanes Oxley (SOX), HIPAA, COBIT, PCI-DSS and more. The library will continue to expand based on customer feedback. Templates can also be customized to fit any organization’s specific needs and preferences.


Templates are continuously updated to remain current as regulations change. This gives our customers assurance knowing they will have access to reliable, up-to-date information.


“As regulations change frequently or new regulations are established, compliance can be a daunting task for even experienced practitioners,” said Chris Goodwin, Lockpath’s Chief Technology Officer and Co-Founder. “An organization can choose from any of our pre-built templates for the most widely used frameworks or regulations and customize them as needed.”

Lockpath’s templates will be available out-of-the-box to all Keylight Team Edition customers and can be added by request to Standard and Enterprise editions of Keylight. To learn more about Lockpath, the Keylight Platform and templates visit lockpath.com.

About Lockpath: Lockpath is an enterprise software company that helps organizations understand and manage their risk. For more information on Lockpath and the Keylight Platform, visit lockpath.com.

Less Pain, More Gain: InfoSec risk management and ISO 27001

By Jason Eubanks

Lead Auditor, LockPath


Jason Eubanks, LockPath

Jason Eubanks, LockPath

How have the recent privacy and security violations reported in the news everyday changed your company’s behavior? There’s a silver lining to all the doomsday headlines — they should compel stakeholders in your company to pay more attention and provide more buy-in for proactive safeguarding activities against these risks.

How are you going to leverage this opportunity? You need a fresh approach, management support, a solid plan, and comprehensive technology to support all the moving parts involved in setting up an integrated security and risk management program.

As an experienced governance, risk management, and compliance (GRC) consultant and former auditor, I’ve assessed and supported many companies through the challenges inherent to building a mature, enterprise-wide information security risk management program that aligns with global standards and boosts competitive advantage.

One way many organizations are approaching this is through ISO 27001, an international standard for establishing, operating, maintaining and continually improving an Information Security Management System (ISMS).

This standard pushes organizations to move past checking boxes for adherence to controls by promoting a top-down, risk-based approach to developing processes, policies, and controls that specifically address the organization’s information security risks.

Organizations are certified based on adherence to a set of process level clauses (requirements) and controls used to support the processes, and auditors certify against these requirements.


Why try to certify?

I’ve seen a growing number of companies working toward ISO 27001 certification (or towards compliance without undergoing the certification process). Implementing this standard is a highly effective way to build an integrated risk management program by establishing an ISMS.

An ISMS is comprised of the people, processes and IT systems used to apply a risk management program for managing an organization’s most sensitive and valuable data.

Approaching ISMS development in alignment with ISO standards will help your organization protect its critical data and IT assets, build resilience against threats and incidents, and be prepared for challenges and opportunities as they arise.

Even though it is voluntary, ISO 27001 certification is a valuable undertaking for many reasons. ISO 27001 is highly recognized and respected worldwide, encourages continual improvement and serves as a solid foundation for other IT risk and compliance standards and frameworks.

If you can meet the ISO 27001 standard, you are well positioned to comply with most other information security regulations, as well as client information security requirements.

At this point, organizations doing business globally are increasingly encouraged to achieve certification to stay competitive and win new business. As US companies expand operations internationally, they are often forced to comply with additional privacy and security regulations and provide additional assurances to partners and customers.

In addition to being an important indicator of information security maturity, a certified ISMS operates as a marketing tool, and as a seal of approval, providing a competitive advantage over competitors. For evidence of this trend, do a quick search on ISO 27001 certification; note that the results are packed with company press releases announcing certification and re-certification.


A high bar to clear

Many companies struggle to achieve certification. The ISO 27001 standard sets a high bar — it is not a one-and-done, checkbox list of requirements.

It’s a continual living and breathing program that includes understanding interested party requirements, management commitment, cataloging risks, assessing the severity of risks, planning how to remediate risks, and producing documentation to substantiate the risk management activities.

The standard also requires that organizations apply a mindset of continual improvement, where management pushes past program mediocracy and strives to improve the overall health of the ISMS.


Manual approach not working 

Traditionally, ISO 27001-related tasks have been performed manually; documents are stored in network file folders or process owner local drives and tasks are managed through spreadsheets, documents and email.

It is nearly impossible for global, digital businesses to keep up using a manual approach, given the complexity of information security programs, the expanding reliance on supply chains and outsourcing, and the criticality of data and IT systems.


The pain points become acute when it is time for auditors to assess a company’s operations. Scrambling to pull together the proper documentation is a time-consuming hunt that distracts staff from core functions and operational improvement work.

An inability to efficiently prove compliance, of course, increases the likelihood of failing an audit.

This dynamic is disastrous enough for mandatory regulations like HIPAA and SOX. When it comes to voluntary standards like ISO 27001, failed audits, runarounds, and tedious tasks kill stakeholder enthusiasm and make it impossible to gain traction.


How can you bring focus and efficiency to your ISMS efforts, so you can build momentum towards certification? The key is to streamline, centralize, and automate.

As a first step, consider your current processes to document and manage ISMS processes. If they are performed through manual ad hoc processes, then departmental segmentation, duplicated efforts, lack of visibility and accountability, and wasted resources are sure to follow.


Integrated systems deliver lasting benefits

This is why a governance, risk management and compliance (GRC) technology platform is so critical to successful ISMS initiatives and efficient compliance programs. These enterprise software suites are comprised of interoperable tools that all types of organizations deploy to help manage risk, demonstrate regulatory compliance, automate business processes, and prepare for audits.


Streamlined documentation and automated tracking are key features of these tools. When a task (e.g., inventory, assessment, remediation workflow, exceptions approval, policy review, etc.) is performed within the tool, the tool automatically retains the required evidence, allowing GRC teams to gain significant efficiencies.

In contrast, if you’re performing or documenting that task in Excel, it’s nearly impossible to show when or by whom that task was completed.


GRC platforms do far more than establish evidence repositories. They support the work of integrating processes, policies, and controls across departments and business units, which is essential to extending comprehensive risk management throughout the value chain.

Digitally linking processes to risks you identify, to policies you create, and to control procedures you administer weaves a tighter web of protection and oversight. I see the “shall” requirement statements — the standards set by ISO 27001 and other security and risk management frameworks — as objectives.

The processes, procedures, and controls you put in place and maintain with the help of a GRC platform determine if you will achieve those objectives, and how expedient you’ll be getting there.
GRC as instrumental

GRC platforms, when combined with sufficient staff and expertise and supported from the top down, are instrumental in many ways. Whether your organization is building an ISMS from the ground up, seeking a better method for managing and integrating security and risk activities, or trying to streamline the audit process after certification, manual processes will no longer suffice.

Your team can leverage a GRC platform’s capabilities to manage regulatory requirements, policies and procedures, risk assessments, third parties, incidents, asset repositories, vulnerabilities, audits, and business continuity. When deployed across the organization, GRC technology systems facilitate collaboration, and increase visibility and accountability. A team attuned to the importance of working together to develop a world-class ISMS can reach compliance and certification more expediently with these capabilities at its disposal.
These benefits are valuable to every organization. Indeed, there are a lot of companies that will follow the ISO 27001 standards without attempting certification, but achieving the certification is the only way to provide assurance that your information security and risk management processes are compliant with the standard.

The public, legislators, and industry organizations are increasingly aware of and reactive to negative news about corporate data breaches, and individual data privacy issues.

Organizations that have built a mature ISMS that matches the standard of excellence set by the ISO will be well-positioned to sustain competitive advantage and protect their assets and reputation in the face of a myriad of challenges.

Jason Eubanks is a CRISC, ISO 27001 Lead Auditor, Principal Consultant at Lockpath, a provider of integrated risk management solutions.

Maturing Business Resilience Through Integrated Risk Management

Sam Abadir, LockPath

Sam Abadir, LockPath

With a new year comes a clear-eyed and optimistic perspective – a clean slate, a new leaf, a fresh start. It’s important to leverage these moments of clarity and opportunity into better planning before we are once again swept up in the muddle and rush of the daily grind.

The punishing disruptions of 2017 — hurricanes, massive data breaches, global ransomware attacks, and revelations of gross misconduct across many industries — should compel executives to focus on business continuity planning as they steer their enterprises into the uncharted waters of 2018. The list of new risk management priorities is already growing: GDPR compliance, cryptocurrency hacking, Shadow Brokers exploits, rapid Internet of Things proliferation, and Meltdown/Spectre vulnerabilities.

The disruptions, outages, and disasters capable of significantly impacting a modern enterprise can originate from many sources — internal and external, cyber and physical. The fallout can include damage to property and infrastructure, financial health, operations, and reputation, often in toxic combinations with cascading and unpredictable effects.

Careful, comprehensive risk assessment and detailed incident response planning are crucial to sustaining operations, revenue, and public trust in such a pressure-cooker environment.

Intelligent Risk Assessment

Business continuity/disaster recovery (BC/DR) planning optimizes the capabilities an organization needs to transition expeditiously from business interruption to business-as-usual. Modern enterprises dependent on a hybrid web of digital technology infrastructure and global supply chains cannot expect to respond and recover efficiently without well-rehearsed procedures and enterprise-wide systems.

The number of companies that have done little to none of this essential risk management work is astonishing; EY reports that 40 percent of businesses that experience a disaster go out of business within five years.

Thanks in part to Shadow Brokers exploits, a record-breaking breach at Equifax, and a cover-up scandal at Uber, board members are more attuned to their IT risks and more focused on BC/DR.

Business and IT leaders need to put data-driven processes in place so they know what to expect when risk becomes reality, and can communicate these insights to stakeholders. It’s important to model a variety of scenarios that include predictions about how long outages will last, how services, products, and revenues will be affected, what remediation will cost, and what the regulatory consequences might be.

Begin by planning around common threats and risks and mapping out possible scenarios specific to your company or industry. Prioritize risks such as hacking, fraud, and vendor failure.

Large-scale threats that are less likely but have potentially devastating consequences should still be addressed, especially if your business is particularly vulnerable to hurricanes or geopolitical strife. Initial efforts to mature business continuity should focus on identifying and planning for risks related to cybersecurity fundamentals, internal threats, and third parties.

Prepare for Things to Get Complicated

How do you plan for the unpredictable? This question goes straight to the core of integrated risk management. Only by acknowledging the complexity and interdependencies of modern enterprises – and implementing comprehensive systems and processes designed to find, define, and mitigate risks on a continuous basis – can we begin to develop greater control and agility.

Business continuity and incident response should be continuously optimized through coordinated planning, testing, and evaluation efforts. Controls should be implemented based on risk assessments and implemented through systematized processes that can be tracked and analyzed.

BC/DR plans should be kept up-to-date, incorporating software, infrastructure, vendor, personnel, and regulatory changes in addition to shifts in enterprise offerings, consumer priorities, and markets. To address third-party risk, include resiliency-oriented planning up front in contracts, negotiations, and acquisitions. Consistently enforce high standards for security-by-design, especially with IoT vendors and implementations.

Finally, when considering how to mitigate the impact of negative events, don’t forget to think through the cascading effects. Business operations depend on an ecosystem comprised of people, process, and technology and controlled internally and externally.

In the midst of executing core BC/DR plans to get operations back to normal, executives and managers will also have to communicate with various stakeholders and resolve issues related to employees, customers, supply chain partners, health and safety, and regulatory compliance.

Resiliency Builds Trust

In times of opportunity, disruption, and disaster, the best outcomes are only possible when everyone pitches in. Resiliency requires vision, leadership, and investment. Because BC/DR program effectiveness impacts everything from the bottom line to brand reputation, initiatives should involve a broad selection of business and operations managers.

Our digitally transformed economy relies on public trust. Vulnerabilities evolve and overlap, attackers grow more sophisticated, and the public becomes wary (and weary) as headlines highlight dangers around every Internet corner.

As partners and consumers become more aware and discerning, they begin to see insufficient risk management, sloppy security protocols, and non-compliance with industry standards as willful negligence.

There’s a lot of work to be done. Business resiliency start with good governance practices. Governance, risk management, and compliance (GRC) initiatives may not be perceived as exciting, but they are essential. We use automation and advanced analytics to enhance marketing, R&D, infrastructure management, logistics, and so much more.

We must similarly support GRC and IT security teams by investing in intelligent, flexible software platforms that streamline and centralize the systematic assessment, tracking, and remediation of risk across the enterprise.

Data and digital systems are critical to business operations. To keep everything running, we have to achieve levels of visibility and control that are only feasible through a combination of technology support, responsible leadership, and an enterprise-wide commitment to maturing resilient response and recovery capabilities.

Sam Abadir is the vice president of Industry Solutions at Lockpath, a leading provider of compliance and risk management software


LockPath integration helps efficiency in vendor risk management

From press release

lockpathLockPath has integrated SecurityScorecard’s security rating platform with its KeyLight compliance and risk management software. This product integration is aimed at helping organizations make their vendor assessment and management processes more efficient, while strengthening security programs, company officials said.

The integration is designed to provide LockPath customers with increased visibility into third-party security risk and the ability to quickly identify high-risk vendors through SecurityScorecard’s letter-grade ratings.

LockPath believes customers will significantly increase the efficiency of their security and compliance programs through better prioritization of vendors for assessment and remediation.

The integration will offer LockPath customers two key components of SecurityScorecard’s platform:

SecurityScorecard Integrated content will provide overall letter-grade security ratings free for Keylight cloud customers. This will give customers the ability to better prioritize what vendors need assessment and how frequently they should be assessed.

The SecurityScorecard Connector, which offers underlying factor- and issue-related data that informs the overall letter-grade score, can be purchased by cloud or on-premise Keylight customers.
“This integration with SecurityScorecard will provide our customers with an even more advanced solution for managing risk from third parties of all types,” said LockPath CEO Chris Caldwell. “The combination of Keylight’s management and analytics with SecurityScorecard’s continuous monitoring gives our customers a more streamlined and strengthened approach to third-party risk management.”

“We are excited to partner with LockPath on this integration with Keylight,´ said Aleksandr Yampolskiy, CEO and co-founder at SecurityScorecard. “LockPath customers using SecurityScorecard’s ratings data can protect revenues and brand integrity by continuously validating the security risk profile of their third-parties.”

Keylight 4.8 also has an enhanced audit log that tracks and makes administrative actions visible for audit and investigation purposes. Upgrades to Keylight’s patented Dynamic Content Framework allow structural changes to the platform to be immediately incorporated, leading to increased scalability and performance.

To learn more about LockPath and the Keylight Platform, visit our website.


Internal Audit Awareness: Challenges, trends, and recommendations

By Dennis Keglovits, LockPath 

Special to GRC & Fraud Software Journal

Dennis Keglovits, LockPath

Dennis Keglovits, LockPath


May is International Internal Audit Awareness Month, the perfect time to consider the challenges and trends in the internal audit arena, as well as how auditors can drive their organizations toward a more optimal state of governance, risk management, and compliance.

Central Challenges

Determining audit scope

First step: What are we auditing and why? Determining where to look is one of the biggest challenges auditors face today.

The majority of companies use risk assessments to determine their auditable entities and help with scoping specific activities. Once the auditors know what they will audit, narrowing the scope of the audit to finish within the desired time period is the next hurdle.

Beyond that, audits aren’t just looking at financial risk any more. The overall focus should be linked to management’s strategic objectives to ensure optimal value.

Finally, working with the auditees to understand the existing process and gathering the applicable supporting documentation can prove more valuable for both the auditor and auditee.


Having the right skill sets available at the right time is a challenge for internal audit teams. Teams are under pressure to do more with less, but risks are increasing and projects are becoming more complicated.

Couple that with the fact that auditors are occasionally tasked with assessing risks in an area outside their expertise, and the result is an audit with poor results. The right creative mix of outsourcing and technologies is the key to an effective and efficient audit.


Emerging Trends

 Data analytics

Auditors use data analytics to focus the scope of audits by pre-emptively analyzing the data to identify specific trends and unexpected patterns.

If inconsistencies in a high-risk area are identified, that area should likely be audited. Automated techniques allow auditors to look at an entire population instead of a small samples, increasing both efficiency and thoroughness.


Employees and partners are increasingly testing themselves and reporting results to internal audit. To validate controls, the auditors perform independent checks on these self-assessments. Self-testing drives down the expenses associated with select audits and eases the staffing challenge, without impacting the results.

IT audit function

Assessing cyber risk is a huge responsibility for internal auditors. Surveys tend to show that a majority of companies are concerned about cyber risk, but few believe they have adequately addressed or even adequately audited the risk area.

Most have defined a separate IT audit function, but too often this team operates in a silo. That means the organization has not properly incorporated the associated risks and controls into its overall risk appetite and program.

Recommendations for Process and Progress


Traditionally, internal audit teams do an inadequate job of educating the board, executives, managers, and users on the scope and purpose of internal audit functions. International Internal Audit Awareness Month presents a prime opportunity to make education a top priority.

Formalizing a sound audit charter and mission statement is a critical first step.

Hone and practice the mission statement like an elevator pitch—you don’t get many opportunities to articulate the virtues of internal auditing.

Senior executives will be more engaged if they understand the return on investment (ROI) and the excellent value internal audits create by helping any company achieve strategic objectives.

The risk assessment process is another area for critical improvement, which should first be formalized and communicated to auditees and senior management.

Some teams create an internal handbook, but find it difficult to follow when senior management requests a fast-tracked audit. Developing clear documentation that details how audits are executed help foster collaboration with the departments being assessed.

Continuous improvement

To keep an organization’s operations primed, you have to perform regular check-ups. Effective, regularly scheduled audits provide that third and final line of defense in risk management.

Audit findings must be unbiased and authoritative, providing valuable insight for making decisions, prioritizing efforts, and catching problems before they escalate.

Listen to your audit committee. Problem areas revealed by audits must be addressed to meet standards and optimize operations; follow up and remediate processes as indicated.

The findings of an internal audit in advance of an external audit allow the business to address issues proactively, ensuring fewer external findings and enforcement actions.

Technology solutions

Audits aren’t as painful as they used to be. Using spreadsheets to document and present evidence turns audit preparation into tedious work.

Fortunately, audit management can now leverage comprehensive technology known as governance, risk management, and compliance (GRC) solutions.

These cloud-based solutions organize the data collection and collaborative projects required for compiling audits. They automate the assembling of work papers, processing of findings, assessing of audit risk, distribution of reports, and monitoring of time and expense. The systemization of audit activities on a GRC platform streamlines the entire process, increases accountability, and integrates departmental data and procedures into an enterprise-wide view.

With stakeholder cooperation, technology support, and strategic focus, the benefits of optimized audit processes will be realized well beyond the internal audit team. A well-audited organization is prepared to face adverse conditions with resilience and tackle growth opportunities with confidence.

Dennis Keglovits is the vice president of Services at LockPath, a leading provider of governance, risk management and compliance (GRC) solutions.

LockPath includes enhanced reporting in Keylight 4.6

Update Includes Advanced Online Help System

From LockPath press release

LockPath, a provider of GRC and compliance solutions, has enhanced its KeyLight Platform for 2017.

lockpathIn the newest iteration, Version 4.6 LockPath added a new streamlined design to the platform to provide more reporting options and to create greater visibility for the company’s customers.

New online help system

Keylight 4.6 is designed to bring faster report creation, additional options for exploring data, and improved navigation. The new enhancements include a redesign of Keylight’s report creation and editing interface to ease the task of reporting to the executive board and other roles within the organization. Keylight customers will also benefit from a reorganized Online Help system, which allows them to more easily find information on performing particular tasks within Keylight.

User friendly, intuitive

“Keylight 4.6 reinforces our priority of providing one of the most user-friendly and intuitive GRC platforms on the market,” said Chris GoodwinLockPath Chief Technology Officer . “With these updates, our customers will find that reporting is faster, easier and more actionable.”

With multiplying regulatory requirements, cyber threats and third-party risks, today’s organizations face a complex and changing compliance and risk landscape. Boards and executives require frequent reports from compliance, risk and IT managers to help support oversight.

One database carries all

Keylight allows an organization to house its entire list of activities, processes and information in one database. The platform consists of a fully integrated suite of management applications designed to manage all facets of compliance and risk programs, including IT Risk Management, Operational Risk Management, Vendor Risk Management, Audit Management, Business Continuity Management and Corporate Compliance.

To learn more about LockPath and the Keylight platform, visit the LockPath website.



Assessing customer risk, vendor risk and preventing cyber debacles

By John Guerra

Editor, GRC & Fraud Software Journal
As we enter 2017, the president of the United States has pledged extreme reductions in federal regulations and compliance rules. The president and his cabinet picks, several of whom are billionaires and creatures of Wall Street, have shown disdain for conflict of interest rules and eschew transparency in reporting their personal finances. Those attitudes could loosen accountability in America’s business sector, behaviorists warn.

There are other challenges facing the GRC and fraud solutions space, so we’ve asked several top companies to predict what their clients may face in the next 12 months.

Sam Abadir, LockPath

Sam Abadir, LockPath

This week, Sam Abadir, director of product management for LockPath, weighs in with his thoughts.


Cybersecurity: Customers demand data security

Billions will be spent on cyber security by thousands of companies. Only a fraction of those companies will get the full value from their investments.
Governments, insurance agencies, consumers and more are demanding that their stakeholders keep their data safe while respecting their privacy.

Organizations, in turn, will increasingly invest in cyber tools such as SIEMs, vulnerability scanners, and threat feeds. Other companies are already building a robust governance framework to ensure their policies address risks, legal concerns and best practices.

Each element of cybersecurity is important and vital for a successful cybersecurity program. Companies, however, may overlook the duplicative and separate efforts required to manage every tool, every feed, and every component of a cybersecurity program.

This extra and unnecessary burden will slow down efforts, make reporting inefficient and ineffective, and add unnecessary complications and delays to cybersecurity programs. Those drawbacks make these programs not only more costly, but less secure.

Government will mandate cyber risk management

Cyber risk management of all disciplines will be mandated by governments, first at the industry level and then across all businesses.

Cyber criminals are here to stay. They will continue to hack into businesses and accounts belonging to celebrities, politicians, financial institutions, healthcare organizations, utilities, and just about everywhere else.

If the data is valuable, the criminals will try to steal it.

We have already seen healthcare and financial services industries create and develop rules and compliance regulations that require cybersecurity.

Because regulators are liberated from the politics that can influence their world, they often set rules before laws are widely enacted.

We should expect more industry regulators to bring cybersecurity into their management – long before highly partisan government officials make unified decisions on laws.

State legislatures will start pushing laws that require industries to protect their cyber assets. This likely will happen at an industry level first because so many states have three or fewer dominant industries states must protect. Many states will develop laws that are stronger or slightly different than federal regulations – causing organizations extra consideration and extra cost in reporting.

Vendor risk management will focus on customers

Vendor risk management practices will extend to customers as vendors are fined for customer support.

Organizations will focus more on reducing risk to suppliers, customers, and suppliers. As companies deepen their knowledge of operational and compliance risks, they will learn how suppliers and customers add to their risks.

Everyone by now has heard about how an HVAC vendor was partially responsible for the cybersecurity breach at Target, which may have led to the theft of millions of credit card numbers and other customer account information.

It makes sense that material suppliers can impact the overall quality of goods manufacturers make. The actions of customers also can be risky to organizations that supply them with goods and services.

It’s easy to imagine Internet providers assessing customers on their propensity to download illegal content. Why shouldn’t Internet providers report or punish customers that use the Internet to perform illegal actions? After all, such behavior can point out those who are creating problems before major hacks and theft occurs.

As organizations get wiser about risk and how customers and vendors impact risk, they will act to manage that risk, including assessments, monitoring key performance and risk indicators, and start rationalizing their vendors and their customers.

For more about LockPath, developers of the KeyLight Platform, go here.



LockPath makes Gartner’s IRM Market Guide

lockpathOVERLAND PARK, Kan. — Compliance and risk management software provider LockPath has been listed as a Representative Vendor in Gartner Inc.’s Market Guide for Integrated Risk Management Solutions (IRMS), a new report on the direction the market is taking to enable integrated enterprise risk management initiatives.

John Wheeler, Gartner research director, the 11 representative vendors evaluated in the report provide solutions that “fully meet the definition of the respective IRMS market segments and address a significant number of solution capabilities in three or more of market segments.”

Among the 11 vendors cited in the guide, LockPath addressed six of the 7 IRMS market segments: Customer Resource Management, ORM, IT Risk Management, BCMP, VRM, AM, and CCO.

LockPath’s Keylight Platform consists of a fully integrated suite of applications “that work together to strengthen an organization’s security, compliance and risk management programs,” KeyLight CEO Chris Caldwell said.

“Keylight allows organizations to address operational risk management, IT risk management, IT vendor risk management, business continuity management planning, audit management and corporate compliance and oversight all in one user-friendly platform.”

To learn more about LockPath and the Keylight Platform, visit LockPath’s website. For more information or to obtain Gartner’s Market Guide for Integrated Risk Management Solutions, visit Gartner’s website.


FBI agent will address ways to halt various kinds of cybercrime

Jeff Lanza

Jeff Lanza

GRC & Fraud Software Journal

Former FBI special agent Jeff Lanza will recommend ways to prevent the kinds of cybercrime that continue to bruise companies, including phishing attempts, ransomware and email schemes.

Lanza will present the keynote at LockPath’s Ready Summit on Oct. 4-5. The title of his speech: “Cybercrime: How to Keep Yourself and Your Business Safe.”

“Cybercriminals have become more and more sophisticated in the last decade,” Lanza says. “It’s up to individuals and businesses to ensure they are not an easy target for cybercrime, by taking the necessary precautions online and implementing strong information security programs in their organizations.”

Lanza spent more than 20 years in the FBI battling corruption, fraud, organized crime, cybercrime, human trafficking and terrorism. Much of that took place within the context of computer crimes and Internet fraud schemes.

The LockPath Ready Summit gathers users of LockPath’s Keylight GRC platform, as well as LockPath partners and other industry experts, for two days of workshops, customer presentations, solution showcases, and more.

Lanza’s presentation will also cover the most current cyber threats, using real-life examples of the latest methods employed by cybercriminals and countermeasures individuals and businesses of all sizes can take to combat the innovations of hackers. While at the summit, attendees also will:

  • Network with LockPath customers and partners and learn how others are using Keylight.
  • Hear from industry experts in compliance, risk management and IT security.
  • Preview what the future holds for LockPath and the Keylight Platform.

“Many of our customers are charged with protecting their organizations against instances of cybercrime,” said Chris Caldwell, LockPath founder and CEO. “With his experience as an FBI agent, Lanza brings important insights and valuable intelligence to our attendees. We want you to hear his insights on how cybercriminals think and act with business targets.”
For more information on LPRS and to request an invitation, visit lockpath.com/lprs.


LockPath enhances Keylight 4.4 platform

From LockPath press release

lockpathOVERLAND PARK, Kan. — LockPath has added significant enhancements to its Keylight® Platform. In version 4.4 of Keylight, LockPath extends the functionality of its patented Dynamic Content Framework across the entire platform.

As the scalable and flexible foundation of the platform, the Dynamic Content Framework is designed to give users the ability to create custom tables and fields and to import and modify large sets of records, with no coding required.

The most visible result of this expansion is increased integration, flexibility and efficiency of LockPath’s compliance management solution, the company said. In addition, users will find richer integration features throughout Keylight, such as expanded record comparison functionality, augmented search results and the ability to email records externally.

By increasing context and efficiency, Keylight 4.4 is designed to provide the flexibility that organizations require when struggling to deal with compliance requirements and new risks.

GRC has become more visible, more challenging and more complex for organizations in the last decade. As compliance demands from regulatory and governing bodies increase, and risks related to IT, third parties and operations multiply, organizations need GRC tools that can adapt to the changing landscape, the company said.

Keylight 4.4 includes the following enhancements to the Dynamic Content Framework:

  •  Extended data sharing capabilities across the platform to efficiently provide data to those who need it.
  • More specific search options, allowing users to more quickly access the information they need.
  • Expanded comparison capabilities across the platform, which allow users to easily review and report on data revision history.

To learn more about LockPath and the Keylight platform, visit Keylight’s website.