When I started out in security, only very large organizations with a mature set of business processes dared to talk about implementing some form of governance, risk, and compliance (GRC) or enterprise program (e-GRC). They generally did it in an attempt to get ISO or similar certification, or to “move their programs to the next level,” and some, I think, attempted it just to prove they did it. Many of those efforts were monumental, costing millions of dollars and taking years to complete. However, a significant number seemed to end in compromise, yielding a smaller end result or totally failing after thousands of man hours and millions of dollars for software, systems, and consulting had been spent.
Allgress Insight Risk Management Suite Brings Flexibility and Functionality to IT-GRC
By David Monahan on Dec 19, 2014 1:04:02 PM
Topics:
Apps
Data management
Governance
IT Management
Software as a service
and Compliance (GRC)
Application software
David Monahan
Risk
Risk management
Scott Crawford
security
Security
Continue Reading
