This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."
Download it now to read this article plus other related content.
We look at three GRC products and the distinct ways these tools can help organizations navigate the complicated regulatory game.
As the regulatory burden increases, businesses are finding themselves in an increasingly complex ecosystem of governance--we audit our contractors and clients to ensure their compliance to our security requirements, and the firms we service audit us.
As we implement security controls related to compliance, as well as controls contractually required of us by our clients, we put into production an ever more complicated laundry list of security controls to manage. Making risk decisions in this hive of controls, regulation and contractual obligations is nigh onto impossible.
IT governance, risk and compliance (GRC) tools promise to help us meet these challenges. They promise to help us make smarter risk decisions, manage our compliance efforts and govern everything about our security program, from security awareness to technical controls.
GRC is the latest information security buzzword, but marketing hype is doing a disservice to this array of products that address an organization's policy
| governance, risk management and compliance needs. Most deliver only part of the picture they promise, and every tool in this market has its own focus, areas of maturity and strategies for solving the same business challenges.
To help you figure out what approaches might be right for your organization, Information Security took a close look at three GRC products that are very different in focus, coverage and technology: Archer Technologies' SmartSuite Framework 4.1, Symantec's Control Compliance Suite 8.60 and Modulo's Risk Manager 5.0
This was first published in June 2008