Managing risk is the top priority for this group as a result. This is a committee that dissects those C-Suite needs into compliance, IP protection and risk reduction. This committee is led by the CIO (Chief Information Officer), CISO (Chief Information Security Officer), with some influence from the CEO. The GRC committee now gets to take that need for business continuity and translate it in terms of risk. In other words, any interruption to the operations of the business will be detrimental. Typically led by the CEO (Chief Executive Officer), CFO (Chief Financial Officer), and CRO (Chief Risk Officer), this translates to the need for business continuity. It all starts with the C-Suite of course in an effort to focus on growth, risk and people. The exception to that rule is when the security team also takes on the burden of representing GRC. This picture is pretty reflective across the board, regardless of an organization’s size. In order to get to those answers, we needed to start at the beginning, put our research hats on with our analyst community, and hear from the leaders in the middle of it all 1. While plenty has been written on this topic, I highlight these two because it got me thinking about the nature of how these two groups operate – their motivations, priorities, pains, and above all, what separates them for essentially achieving a common goal. Bridging the gap between business goals and security requirements by Alex Armson (GRC World Forums).Bridging the GRC and Security Divide by Charaka Goonatilake (Infosecurity Magazine).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |