Social Network For Security Executives: Help Make Right Cyber Security Decisions
Governance, Risk and Compliance is sometimes a managerial step or a mandatory step to adhere with regulations & maintain compliant systems. It widely helps in Risk Management.
Some of the major components of IT GRC are:
1. IT Policy Management
An administrative method to simplify management by defining and enabling rules(policies) for various apprehensive situations. This is done keeping in mind the organization's goals & belief
2. IT Risk Management
This includes all risk associated with owning IT assets. In larger scales, for an organization, all the data stored is part of this.
3. IT Compliance Management
A proper framework in place can save money, time and energy. The framework should be set up once and your organization should be compliant while it should be able to notify on the new compliance requirements and licenses
4. Threat & Vulnerability Management
This is a continuous process to manage all the assets owned by the organization. Prioritization is key as it directly estimates loss.
5. Vendor Risk Management
This refers to all third party vendor risk. Vendor selection should be preceded by checking their risk scenario.
6. Incident Management
This is constant monitoring, tracking analysis and reporting to make sure incidents are at bay. In case there is a breach, policies should be in place to tackle them.
1.Extracts have been taken from IT GRC Workshop, Decision Summit, Delhi 2015 by Ravi Mishra