GRC Tools Help Manage Regulations


This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."

Download it now to read this article plus other related content.

One Size Doesn't Fit All
Each of the products we looked at interprets governance, risk and compliance in a different way and has a feature set tailored to its vision. Archer emphasizes regulatory compliance, most useful for the compliance or security group in a heavily regulated industry. Modulo focuses on risk management, which is of special value to the auditor or consultant out in the field validating organizational compliance to controls. Symantec focuses on technical control validation, most useful to information security technical personnel.

But in order to know how the vendor interprets the GRC vision, you must look beyond the marketing. All of these products are marketed similarly; they get coverage from analysts in the same reports and they're lumped together in the industry press. But they're really very different.

What does that mean to the industry? Maybe we should start segmenting the GRC market to reflect the fact that these products aren't the same. What does it mean for GRC vendors? Maybe it's not a threat if your product doesn't do exactly the same thing as the other guy's product. And what does that mean for the consumer? It means you need to be extra careful before you buy: Make sure your vendor's vision of the market aligns with yours, and that the product you're buying does what you think it will.

    Requires Free Membership to View

It's Time to recognize the industry's Best
Information Security magazine and SearchSecurity.com will honor innovative security practitioners in seven vertical markets this fall with our annual Security Seven Awards. The awards, to be handed out at the Information Security Decisions conference in Chicago and featured in the magazine's October issue, will recognize the efforts, achievements and contributions of practitioners in financial services, telecommunications, manufacturing, energy, government, education and health care.

While vendor executives are not eligible, we're inviting you to nominate your most innovative practitioners. Nominees must have made a noteworthy contribution to their organizations or the security community in areas including research, product development and standards.

Download the nomination form at

and email it to

Nomination Deadline: June 25

This was first published in June 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: