Sign up to save your podcasts
Or
Share 2021-034-Khalilah Scott, good GRC tool practices - part1
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
2021-034-Khalilah Scott, good GRC tool practices - part1
GRC tools (Governance Risk and Compliance)
@ki_twyce_
@TechSecChix
INfosec unplugged
Security Happy Hour
Eric's cyberpoppa show
Cyber Insight show - cohost
Blumira is hiring
https://www.blumira.com/careers/
https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html
https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html
https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/
Why do we need a GRC tool?
https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register
What are our business goals? (to make money... :D )
Are we mature enough to be measuring ourselves?
How can we use this to be more efficient?
https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/
- Centralized Controls. ...
- Support for Future Standards. ...
- Automation
- Integrations (my add… helpdesk integrations, 3rd party)
- Scalability. ...
- Customizable Reporting. ...
- Flexibility. ...
- Task Delegation
GRC tool use in other areas
IT - makes more informed budget decisions, determines directions in business goals, asset mgmt
Finance - Make better financial decisions, profitability
Infosec- vuln mgmt,
Compliance
HR - determine hiring requirements
Legal - ensures ethical management of the organization, reduces breach,
How do you implement GRC?
https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation
- Step 0: everyone's input and use cases
- Determine the total value gained by using a centralized GRC platform
- Missing data
- Duplicate processes
- Duplicate data
- Manual steps that can be removed or automated
- Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting
- Identify operational gaps to prioritize the areas you need to improve.
- Get your team on board with an effectively communicated plan.
- Build a strong foundation to support your GRC program
- Deploy a standardized GRC implementation across the board.
- Let the GRC framework evolve and grow after it's implemented.
View all episodes
By Bryan Brake, Amanda Berlin, and Brian Boettcher
4.7
9898 ratings
GRC tools (Governance Risk and Compliance)
@ki_twyce_
@TechSecChix
INfosec unplugged
Security Happy Hour
Eric's cyberpoppa show
Cyber Insight show - cohost
Blumira is hiring
https://www.blumira.com/careers/
https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html
https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html
https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/
Why do we need a GRC tool?
https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register
What are our business goals? (to make money... :D )
Are we mature enough to be measuring ourselves?
How can we use this to be more efficient?
https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/
- Centralized Controls. ...
- Support for Future Standards. ...
- Automation
- Integrations (my add… helpdesk integrations, 3rd party)
- Scalability. ...
- Customizable Reporting. ...
- Flexibility. ...
- Task Delegation
GRC tool use in other areas
IT - makes more informed budget decisions, determines directions in business goals, asset mgmt
Finance - Make better financial decisions, profitability
Infosec- vuln mgmt,
Compliance
HR - determine hiring requirements
Legal - ensures ethical management of the organization, reduces breach,
How do you implement GRC?
https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation
- Step 0: everyone's input and use cases
- Determine the total value gained by using a centralized GRC platform
- Missing data
- Duplicate processes
- Duplicate data
- Manual steps that can be removed or automated
- Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting
- Identify operational gaps to prioritize the areas you need to improve.
- Get your team on board with an effectively communicated plan.
- Build a strong foundation to support your GRC program
- Deploy a standardized GRC implementation across the board.
- Let the GRC framework evolve and grow after it's implemented.
More shows like BrakeSec Education Podcast
View all
Security Now (Audio)
2,000 Listeners
CyberWire Daily
1,020 Listeners
Smashing Security
319 Listeners
Strict Scrutiny
5,788 Listeners