<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet href="https://riskpublishing.com/wp-content/plugins/pretty-rss-feeds/xslt/pretty-feed.xsl" type="text/xsl" media="screen" ?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	xmlns:media="http://search.yahoo.com/mrss/" >

<channel>
	<title>Enterprise risk management &#8211; Risk Publishing</title>
	<atom:link href="https://riskpublishing.com/enterprise-risk-management/feed/" rel="self" type="application/rss+xml" />
	<link>https://riskpublishing.com</link>
	<description>Connecting Risk Professionals</description>
	<lastBuildDate>Wed, 08 Jul 2026 15:44:42 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0.1</generator>

<image>
	<url>https://riskpublishing.com/wp-content/uploads/2021/12/cropped-favicon2-32x32.png</url>
	<title>Enterprise risk management &#8211; Risk Publishing</title>
	<link>https://riskpublishing.com</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Sanctions Screening in Third-Party Risk Management</title>
		<link>https://riskpublishing.com/sanctions-screening-third-party-risk-management/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Wed, 08 Jul 2026 15:44:42 +0000</pubDate>
				<category><![CDATA[Risk Assessment]]></category>
		<category><![CDATA[Sustainability]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=37015</guid>

					<description><![CDATA[On November 21, 2023, OFAC announced a $968,618,825 settlement with Binance, the largest in the agency&#8217;s history, hours after chief executive Changpeng Zhao pleaded guilty in a Seattle courtroom. Across Treasury, DOJ, and CFTC, the package reached $4.3 billion. Binance failed to screen its own customers, but the same statutes reach every US company&#8217;s suppliers, ... <a title="Sanctions Screening in Third-Party Risk Management" class="read-more" href="https://riskpublishing.com/sanctions-screening-third-party-risk-management/" aria-label="Read more about Sanctions Screening in Third-Party Risk Management">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>Critical Supplier Identification and Tiering Methodology</title>
		<link>https://riskpublishing.com/critical-supplier-identification-tiering/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 15:57:38 +0000</pubDate>
				<category><![CDATA[Risk Assessment]]></category>
		<category><![CDATA[Supply chain risk management]]></category>
		<category><![CDATA[Critical Supplier]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=37008</guid>

					<description><![CDATA[At 12:09 a.m. Eastern on July 19, 2024, a faulty CrowdStrike Falcon update began knocking 8.5 million Windows devices offline, and Delta Air Lines spent the next five days canceling roughly 7,000 flights. Chief executive Ed Bastian put the bill at $500 million, and Delta sued CrowdStrike that October. By procurement&#8217;s math, CrowdStrike was a ... <a title="Critical Supplier Identification and Tiering Methodology" class="read-more" href="https://riskpublishing.com/critical-supplier-identification-tiering/" aria-label="Read more about Critical Supplier Identification and Tiering Methodology">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>SaaS Vendor Risk Assessment: Cloud-Specific Evaluation</title>
		<link>https://riskpublishing.com/saas-vendor-risk-assessment/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 15:39:44 +0000</pubDate>
				<category><![CDATA[AI Governance]]></category>
		<category><![CDATA[Risk Assessment]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[SaaS Vendor Risk Assessment]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=37001</guid>

					<description><![CDATA[On August 20, 2025, Salesloft and Salesforce revoked every live OAuth token for the Drift chat application after the threat group UNC6395 spent ten days exporting data from more than 700 corporate Salesforce environments. Cloudflare, Zscaler, and Palo Alto Networks all confirmed exposure, and not one of them had been breached directly. Every victim inherited ... <a title="SaaS Vendor Risk Assessment: Cloud-Specific Evaluation" class="read-more" href="https://riskpublishing.com/saas-vendor-risk-assessment/" aria-label="Read more about SaaS Vendor Risk Assessment: Cloud-Specific Evaluation">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>Concentration Risk in Third-Party Relationships: Assessment Guide</title>
		<link>https://riskpublishing.com/concentration-risk-third-party-relationships/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Mon, 06 Jul 2026 15:51:51 +0000</pubDate>
				<category><![CDATA[Enterprise risk management]]></category>
		<category><![CDATA[Third-Party Risk Management]]></category>
		<category><![CDATA[concentration risk in third-party relationships]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=36987</guid>

					<description><![CDATA[At 04:09 UTC on July 19, 2024, CrowdStrike pushed a defective Falcon sensor update that crashed 8.5 million Windows devices in 78 minutes. Concentration risk in third-party relationships stopped being an abstract exam finding that morning: insurance modeler Parametrix put direct Fortune 500 losses at $5.4 billion. The failure propagated because one security vendor protected ... <a title="Concentration Risk in Third-Party Relationships: Assessment Guide" class="read-more" href="https://riskpublishing.com/concentration-risk-third-party-relationships/" aria-label="Read more about Concentration Risk in Third-Party Relationships: Assessment Guide">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>Fourth-Party Risk Management: Assessing Your Vendors&#8217; Vendors</title>
		<link>https://riskpublishing.com/fourth-party-risk-management/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Sat, 04 Jul 2026 14:38:36 +0000</pubDate>
				<category><![CDATA[Enterprise risk management]]></category>
		<category><![CDATA[fourth-party risk management]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=36979</guid>

					<description><![CDATA[In June 2023, the California Public Employees&#8217; Retirement System told roughly 769,000 members that their personal data had been stolen. Fourth-party risk management exists for the strange part of that disclosure: CalPERS itself was never breached. The data left through PBI Research Services, a subcontractor that ran death audits on Progress Software&#8217;s MOVEit file transfer ... <a title="Fourth-Party Risk Management: Assessing Your Vendors&#8217; Vendors" class="read-more" href="https://riskpublishing.com/fourth-party-risk-management/" aria-label="Read more about Fourth-Party Risk Management: Assessing Your Vendors&#8217; Vendors">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>Greenwashing Risk Assessment: How to Audit ESG Claims</title>
		<link>https://riskpublishing.com/greenwashing-risk-assessment/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Sat, 04 Jul 2026 14:09:19 +0000</pubDate>
				<category><![CDATA[Enterprise risk management]]></category>
		<category><![CDATA[Risk Assessment]]></category>
		<category><![CDATA[Greenwashing Risk Assessment:]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=36971</guid>

					<description><![CDATA[In September 2024, Australia&#8217;s Federal Court ordered Vanguard Investments Australia to pay a record A$12.9 million penalty for misleading ESG claims. A greenwashing risk assessment run honestly would have caught the problem years earlier: about 74% of the securities in the fund Vanguard marketed as ethically screened were never screened at all. ASIC called it ... <a title="Greenwashing Risk Assessment: How to Audit ESG Claims" class="read-more" href="https://riskpublishing.com/greenwashing-risk-assessment/" aria-label="Read more about Greenwashing Risk Assessment: How to Audit ESG Claims">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management</title>
		<link>https://riskpublishing.com/nydfs-cybersecurity-regulation-ai-amendment/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Sat, 04 Jul 2026 13:37:15 +0000</pubDate>
				<category><![CDATA[Enterprise risk management]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=36965</guid>

					<description><![CDATA[On May 21, 2026, the New York Department of Financial Services issued two warnings on a single day to the banks, insurers, mortgage servicers, and money transmitters it licenses. One flagged a heightened cyber threat environment; the other warned that “frontier AI” models can now find exploitable vulnerabilities at a pace human patching cycles were ... <a title="NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management" class="read-more" href="https://riskpublishing.com/nydfs-cybersecurity-regulation-ai-amendment/" aria-label="Read more about NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>PESTLE vs PESTEL vs STEEPLE: Which to Use</title>
		<link>https://riskpublishing.com/pestle-vs-pestel-vs-steeple-which-to-use/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Tue, 30 Jun 2026 07:30:44 +0000</pubDate>
				<category><![CDATA[Enterprise risk management]]></category>
		<category><![CDATA[pestel]]></category>
		<category><![CDATA[PESTLE vs PESTEL]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=36950</guid>

					<description><![CDATA[On March 10, 2023, California regulators seized Silicon Valley Bank, the second-largest bank failure in US history at that point. The trigger was the most basic external force any strategist is supposed to watch: interest rates. The PESTLE vs PESTEL question starts right here, because the letter E for Economic is exactly the signal SVB ... <a title="PESTLE vs PESTEL vs STEEPLE: Which to Use" class="read-more" href="https://riskpublishing.com/pestle-vs-pestel-vs-steeple-which-to-use/" aria-label="Read more about PESTLE vs PESTEL vs STEEPLE: Which to Use">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>Physical Security Risk Management: A Step-by-Step Guide</title>
		<link>https://riskpublishing.com/physical-security-risk-management-a-guide/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Mon, 29 Jun 2026 12:54:36 +0000</pubDate>
				<category><![CDATA[Risk Assessment]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=36892</guid>

					<description><![CDATA[On the night of December 3, 2022, gunfire disabled two Duke Energy substations about ten miles apart in Moore County, North Carolina. Roughly 45,000 customers lost power for five days, a state of emergency followed, and an 87-year-old resident who relied on medical equipment later had her death ruled a homicide tied to the outage. ... <a title="Physical Security Risk Management: A Step-by-Step Guide" class="read-more" href="https://riskpublishing.com/physical-security-risk-management-a-guide/" aria-label="Read more about Physical Security Risk Management: A Step-by-Step Guide">Read more</a>]]></description>
		
		
		
			</item>
		<item>
		<title>NIST CSF Risk Assessment: How to Run One Under CSF 2.0</title>
		<link>https://riskpublishing.com/nist-csf-risk-assessment-how-to-run-one/</link>
		
		<dc:creator><![CDATA[Chris Ekai]]></dc:creator>
		<pubDate>Mon, 29 Jun 2026 11:12:46 +0000</pubDate>
				<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Risk Assessment]]></category>
		<category><![CDATA[NIST CSF Risk Assessment]]></category>
		<category><![CDATA[risk assessment]]></category>
		<guid isPermaLink="false">https://riskpublishing.com/?p=36884</guid>

					<description><![CDATA[On February 21, 2024, UnitedHealth Group detected ransomware inside Change Healthcare, the clearinghouse that handles about a third of US medical claims. The attackers had been inside for nine days, having entered through a Citrix remote-access portal that had no multi-factor authentication. A NIST CSF risk assessment is built to surface exactly that missing control ... <a title="NIST CSF Risk Assessment: How to Run One Under CSF 2.0" class="read-more" href="https://riskpublishing.com/nist-csf-risk-assessment-how-to-run-one/" aria-label="Read more about NIST CSF Risk Assessment: How to Run One Under CSF 2.0">Read more</a>]]></description>
		
		
		
			</item>
	</channel>
</rss>
