Blog Posts Tagged with "GRC"

D39e8a0d81c2a146f879631550fb065b

GRC: Going Beyond the Acronym

March 10, 2017 Added by:Corey Wilburn

An effective GRC disciple requires a company-wide buy-in. The easier you make it for your colleagues, the easier you make it for yourself.

Comments  (0)

7477d0986a135e5e948d70e9995a609c

ISO 27001 and HITRUST for Healthcare Organizations

January 23, 2012 Added by:John Verry

HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Tao of GRC

December 23, 2011 Added by:Danny Lieberman

Effective GRC management requires neither better mathematical models nor complex software. It does require us to explore new threat models and go outside the organization to look for risks we’ve never thought about and discover new links and interdependencies that may threaten our business...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

SOX Compliance and Evolution to GRC Conference

October 20, 2011 Added by:Infosec Island Admin

The SOX Compliance series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. Since it is not a vendor driven conference, the higher level focus allows the delegates to network with their industry peers and speakers...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Get Your SOX Compliance On

October 12, 2011 Added by:Infosec Island Admin

SOX Compliance & Evolution to GRC Conference is a unique opportunity to review the required blend of compliance and risk-based strategies and methodologies necessary to meet federal mandates while delivering greater efficiency across their GRC footprint...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Why Less Log Data is Better

October 05, 2011 Added by:Danny Lieberman

One of the crucial phases in estimating operational risk is data collection: understanding what threats, vulnerabilities you have and understanding not only what assets you have (digital, human, physical, reputational) but also how much they’re worth in dollars...

Comments  (1)

15058930cc374dcfa98c0342a08be0b2

Security Trends: Which to Avoid and Which to Embrace

September 30, 2011 Added by:Ken Stasiak

With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

SOX Compliance and Evolution to GRC - Chicago

September 23, 2011 Added by:Infosec Island Admin

The SOX Compliance series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. Since it is not a vendor driven conference, the higher level focus allows the delegates to network with their industry peers and speakers...

Comments  (0)

F520f65cba281c31e29c857faa651872

GRC is Not a Tool But a Business Enabler

June 04, 2011 Added by:Rahul Neel Mani

GRC is not an out of the box solution, which would immediately make you compliant. It is a tool that will allow you to collect information, report to you, help you to make changes in it, put the feedback into the new policy, see how much variance exists...

Comments  (0)

959779642e6e758563e80b5d83150a9f

What is Security?

November 19, 2010 Added by:Danny Lieberman

It’s clear that a driver with a lighter foot will get better mileage, and perhaps spending less money on security technology and more on security professionals will get you better return on your investment. Challenge your assumptions about what is effective security in your organization...

Comments  (9)

959779642e6e758563e80b5d83150a9f

The Tao of GRC for CISOs and CSOs

March 25, 2010 Added by:Danny Lieberman

The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance such as PCI DSS 1.2 and growing numbers of data security breaches and Internet acceptable usage violations in the workplace. $14BN a year is spent in the US alone on corporate-governance-related IT spending . 

Comments  (2)