Thank you for Subscribing to CIO Applications Weekly Brief
Currently, GRC cyber reporting activities are heavily reliant on manual procedures, which take a long time and are vulnerable to a slew of errors.
Fremont, CA: The organization's internal Governance, Risk, and Compliance (GRC) team are falling behind as attacks and security technologies become more advanced.
Cyber is still a relatively recent addition to the GRC team's purview. When regulators demand more metrics on a company's cyber posture, it consumes more of their time and time from the security team that would be better spent working on security. They both face a variety of issues when it comes to cyber news, which is why bridging the GRC and security divide must become a strategic priority.
Currently, GRC cyber reporting activities are heavily reliant on manual procedures, which take a long time and are vulnerable to a slew of errors. While several tools, such as vulnerability scanners, endpoint security, SIEM, and IT access control systems, have reporting capabilities, GRC teams often lack ready access to robust and accurate data from them.
Many GRC and security teams, similar to the parable of the blind men and the elephant, can only test a limited sample of security controls or have siloed visibility into various asset types such as computers, accounts, and databases. This disconnect results in coverage disparities and misplaced confidence in the news.
The optimal solution is one in which GRC teams can confidently satisfy regulators' demands in a timely manner, with automated rather than manual data, and with access to security data to ensure complete evaluations of any instance of every security control are available automatically.
With a clear, up-to-date view of control deployments, precision and confidence are increased because judgments are based on evidence rather than subjective opinions.
This article describes a transition toward Continuous Controls Monitoring (CCM), which integrates with existing security, IT, and business resources to provide integrated information on security control posture. However, not all CCM solutions are created equal, and there is a range of essential capabilities to look for in a CCM solution to allow the GRC team to meet regulatory demands more easily, with trust in their data.
See Also: Artificial Intelligence Companies
I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info
Featured Vendors
-
Jason Vogel, Senior Director of Product Strategy & Development, Silver Wealth Technologies
James Brown, CEO, Smart Communications
Deepak Dube, Founder and CEO, Datanomers
Tory Hazard, CEO, Institutional Cash Distributors
Jean Jacques Borno, CFP®, Founder & CEO, 1787fp
-
Andrew Rudd, CEO, Advisor Software
Douglas Jones, Vice President Operations, NETSOL Technologies
Matt McCormick, CEO, AddOn Networks
Jeff Peters, President, and Co-Founder, Focalized Networks
Tom Jordan, VP, Financial Software Solutions, Digital Check Corp
Tracey Dunlap, Chief Experience Officer, Zenmonics