Aug 07, 2012
Strategy: A Security Pro’s Guide to GRC
In order to comply with multiple regulatory mandates, organizations are increasingly adopting a holistic GRC framework—or, the alignment of governance, risk and compliance. GRC can be adopted at the organizational level, with enterprise GRC bringing together the three disciplines for corporate governance, as well as at the IT level. Indeed, GRC programs can help ensure appropriate due diligence but can also help the security organization gain visibility and address control selection.
By championing the GRC effort, and by carving out a seat at the table for itself, IT can be instrumental in effectively implementing GRC organization-wide. In this report we will examine the drivers for GRC and the essential steps organizations must take to adapt GRC into the existing security model. (S5470812)