GRC Tools Help Manage Regulations


This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."

Download it now to read this article plus other related content.

We look at three GRC products and the distinct ways these tools can help organizations navigate the complicated regulatory game.

A decade ago, regulated industries were the rare exception; today, the industry that isn't regulated is the exception. In fact, most firms have multiple sets of regulatory requirements they need to address.

As the regulatory burden increases, businesses are finding themselves in an increasingly complex ecosystem of governance--we audit our contractors and clients to ensure their compliance to our security requirements, and the firms we service audit us.

As we implement security controls related to compliance, as well as controls contractually required of us by our clients, we put into production an ever more complicated laundry list of security controls to manage. Making risk decisions in this hive of controls, regulation and contractual obligations is nigh onto impossible.

IT governance, risk and compliance (GRC) tools promise to help us meet these challenges. They promise to help us make smarter risk decisions, manage our compliance efforts and govern everything about our security program, from security awareness to technical controls.

GRC is the latest information security buzzword, but marketing hype is doing a disservice to this array of products that address an organization's policy

    Requires Free Membership to View

governance, risk management and compliance needs. Most deliver only part of the picture they promise, and every tool in this market has its own focus, areas of maturity and strategies for solving the same business challenges.

To help you figure out what approaches might be right for your organization, Information Security took a close look at three GRC products that are very different in focus, coverage and technology: Archer Technologies' SmartSuite Framework 4.1, Symantec's Control Compliance Suite 8.60 and Modulo's Risk Manager 5.0

This was first published in June 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: