2021-034-Khalilah Scott, good GRC tool practices - part1
GRC tools (Governance Risk and Compliance)
@ki_twyce_
@TechSecChix
INfosec unplugged
Security Happy Hour
Eric’s cyberpoppa show
Cyber Insight show - cohost
Blumira is hiring
https://www.blumira.com/careers/
https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html
https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/
Why do we need a GRC tool?
https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register
What are our business goals? (to make money... :D )
Are we mature enough to be measuring ourselves?
How can we use this to be more efficient?
https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/
- Centralized Controls. ...
- Support for Future Standards. ...
- Automation
- Integrations (my add… helpdesk integrations, 3rd party)
- Scalability. ...
- Customizable Reporting. ...
- Flexibility. ...
- Task Delegation
GRC tool use in other areas
IT - makes more informed budget decisions, determines directions in business goals, asset mgmt
Finance - Make better financial decisions, profitability
Infosec- vuln mgmt,
Compliance
HR - determine hiring requirements
Legal - ensures ethical management of the organization, reduces breach,
How do you implement GRC?
https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation
- Step 0: everyone’s input and use cases
-
Determine the total value gained by using a centralized GRC platform
- Missing data
- Duplicate processes
- Duplicate data
- Manual steps that can be removed or automated
- Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting
- Identify operational gaps to prioritize the areas you need to improve.
- Get your team on board with an effectively communicated plan.
- Build a strong foundation to support your GRC program
- Deploy a standardized GRC implementation across the board.
- Let the GRC framework evolve and grow after it's implemented.