|
Our goal was to create tests that address the promise of GRC while not favoring any particular technical strategy for getting there. We wanted to test the heart of GRC, the products' ability to:
- Author, distribute and map policy and controls to the governing regulation, as well as to keep track of exceptions to those policies/regulations (compliance)
- Assess the proper technical and non-technical operation of controls, and to mitigate/remediate areas where controls are lacking or not operating properly (governance)
- Assist in quantification, analysis and mitigation of risk within the firm (risk)
Purchasing a GRC product is difficult, so we designed a ...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
flexible testing approach tied to real-world deployment scenarios to account for the range of corporate requirements, the expansive nature of the products and their varying levels of maturity. To do this, we foremost wanted to create a set of hypothetical scenarios that simulate how most organizations would typically use and deploy GRC products. We drew on real-life experiences and pain points to create regulatory, oversight and technical challenges, such as any organi- zation might face, and how the products might solve these challenges in a typical deployment context. Specifically, our goal was to test the "promises" of GRC (see "'Promising' Products," below).
[IMAGE]
|
 |
|
