2021-034-Khalilah Scott, good GRC tool practices - part1

GRC tools  (Governance Risk and Compliance)   @ki_twyce_   @TechSecChix   INfosec unplugged   Security Happy Hour   Eric’s cyberpoppa show   Cyber Insight show - cohost   Blumira is hiring https://www.blumira.com/careers/  https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html   https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html   https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/   Why do we need a GRC tool? https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register   What are our business goals? (to make money... :D ) Are we mature enough to be measuring ourselves? How can we use this to be more efficient?   https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/   Centralized Controls. ... Support for Future Standards. ... Automation Integrations (my add… helpdesk integrations,  3rd party) Scalability. ... Customizable Reporting. ... Flexibility. ... Task Delegation   GRC tool use in other areas   IT - makes more informed budget decisions, determines directions in business goals, asset mgmt Finance - Make better financial decisions, profitability Infosec-  vuln mgmt,  Compliance HR - determine hiring requirements Legal - ensures ethical management of the organization, reduces breach,    How do you implement GRC? https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation Step 0: everyone’s input and use cases  Determine the total value gained by using a centralized GRC platform Missing data  Duplicate processes Duplicate data Manual steps that can be removed or automated Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting Identify operational gaps to prioritize the areas you need to improve. Get your team on board with an effectively communicated plan. Build a strong foundation to support your GRC program Deploy a standardized GRC implementation across the board. Let the GRC framework evolve and grow after it's implemented.