|
We look at three GRC products and the distinct ways these tools can help organizations navigate the complicated regulatory game.
A decade ago, regulated industries were the rare exception; today, the industry that isn't regulated is the exception. In fact, most firms have multiple sets of regulatory requirements they need to address.
As the regulatory burden increases, businesses are finding themselves in an increasingly complex ecosystem of governance--we audit our contractors and clients to ensure their compliance to our security requirements, and the firms we service audit us.
As we implement security controls related to compliance, as well as controls contractually required of us by our clients, we put into production an ever more complicated laundry list of security controls to manage. Making risk decisions in this hive of controls, regulation and contractual obligations is nigh onto impossible.
IT governance, ...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
risk and compliance (GRC) tools promise to help us meet these challenges. They promise to help us make smarter risk decisions, manage our compliance efforts and govern everything about our security program, from security awareness to technical controls.
GRC is the latest information security buzzword, but marketing hype is doing a disservice to this array of products that address an organization's policy governance, risk management and compliance needs. Most deliver only part of the picture they promise, and every tool in this market has its own focus, areas of maturity and strategies for solving the same business challenges.
To help you figure out what approaches might be right for your organization, Information Security took a close look at three GRC products that are very different in focus, coverage and technology: Archer Technologies' SmartSuite Framework 4.1, Symantec's Control Compliance Suite 8.60 and Modulo's Risk Manager 5.0
|
 |
|
