BrakeSec Education Podcast

A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.

http://www.brakeingsecurity.com

subscribe
share






2021-035-GRC selection discussion, TechSecChix, and the 'job description problem'


GRC tools  (Governance Risk and Compliance)

 

@ki_twyce_

 

@TechSecChix

 

INfosec unplugged

 

Security Happy Hour

 

Eric’s cyberpoppa show

 

Cyber Insight show - cohost

 

Blumira is hiring

https://www.blumira.com/careers/ 



https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html

 

https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html

 

https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/

 

Why do we need a GRC tool?

https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register

 

What are our business goals? (to make money... :D )

Are we mature enough to be measuring ourselves?

How can we use this to be more efficient?

 

https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/

 

  • Centralized Controls. ...
  • Support for Future Standards. ...
  • Automation
  • Integrations (my add… helpdesk integrations,  3rd party)
  • Scalability. ...
  • Customizable Reporting. ...
  • Flexibility. ...
  • Task Delegation

 

GRC tool use in other areas

 

IT - makes more informed budget decisions, determines directions in business goals, asset mgmt

Finance - Make better financial decisions, profitability

Infosec-  vuln mgmt, 

Compliance

HR - determine hiring requirements

Legal - ensures ethical management of the organization, reduces breach, 

 

How do you implement GRC?

https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation

  1. Step 0: everyone’s input and use cases 
  2. Determine the total value gained by using a centralized GRC platform
    1. Missing data 
    2. Duplicate processes
    3. Duplicate data
    4. Manual steps that can be removed or automated
    5. Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting
  3. Identify operational gaps to prioritize the areas you need to improve.
  4. Get your team on board with an effectively communicated plan.
  5. Build a strong foundation to support your GRC program
  6. Deploy a standardized GRC implementation across the board.
  7. Let the GRC framework evolve and grow after it's implemented.

 


fyyd: Podcast Search Engine
share








 September 29, 2021  1h6m