SEARCH RESULTS
 
Showing 1-10 of 63 records
 
Expand article

Perspective on GRC

2008-07-23 16:09:49 by Alex in RiskAnalys.is
 
...GRC is just threat / vulnerability pairing when you consider external regulatory compliance pressures as the Threat Community. If you think of it this way, you might be able to understand why Im not keen on the value of GRC many current solutions. As Shrdlu (or was it rybolov?) once said - GRC is (usually*) just a report . Turns out, its just...
 
Tags: grc, it- grc, threat, threat community, comments dwayne, current solutions, report, yesterdays post, addition
 
 
 
 
Expand article

IT-GRC: Who is and who is not

2008-06-30 16:30:11 by Marc Othersen in Security & Risk Management
 
...GRC vendors: I am constantly bombarded by vendors touting "I have an IT-GRC solution for you to look at!" Since I cover the IT-GRC space, I naturally am interested. In many cases, my interest quickly turns to disdain after the vendor product demo. Why Simply, most IT-GRC "vendors" are not IT-GRC vendors. An IT-GRC vendor, by our definition,...
 
Tags: it-grc, it-grc vendors, it-grc space, it-grc market space, it-grc vendor, it-grc solution, vendors, vendor product demo, product
 
 
 
 
Expand article

Evolution of IT Security to Risk; driving IT GRC acceptance?

2008-04-24 21:32:00 by Ryan Shopp in practical risk management
 
...GRC market was posted earlier this month I believe the title of one of the sections itself summarizes one of the biggest benefits of GRC, "GRC is About Organization Collaboration." He is 100% correct from my perspective - independent of the people, technology and process - GRC solutions are about using software automation to help enterprises...
 
Tags: risk, chief risk officer, grc, security, strategic risk centric, risk officer, internal risk consultants, operational security tasks, grc solutions
 
 
 
 
Expand article

IT GRC is the next evolution for the Enterprise Security Organization

2008-03-17 15:35:00 by Ryan Shopp in practical risk management
 
...GRC guru, Michael Rasmussen; What is IT GRC snip Interestingly enough, I was at an event last week of a dozen senior IT executives and we discussed this concept of IT-GRC. These were all Fortune 500 firms. Going around the room each was spending on average 5-6% of their IT budget this year on IT-GRC . A few were lower than this in the 2-3%...
 
Tags: grc, it-grc strategy, it-grc, it-grc space continue, grc guru, fortune, save fortune, security organizations money, significantly
 
 
 
 
Expand article

What is GRC vs. IT GRC - How does it help IT Security mature to the next level?

2008-02-04 13:27:00 by Ryan Shopp in practical risk management
 
...GRC spending approached $30B last year . The technology portion (e.g., software, hardware & integration services) of that spending is around a third of it (approximately $10B GRC is a very broadly defined space - very broad! To gain a better understanding and appreciation for that, here is a newly released map that identifies various areas...
 
Tags: grc, total grc, grc ecosystem, current, current maturity, security management investments, configuration policy management, securityworks play, security investments
 
 
 
 
Expand article

2008 - The Year of IT Risk Management, Part 2 - Rise of IT GRC

2008-01-11 12:43:00 by Ryan Shopp in practical risk management
 
...GRC) continues to get louder and louder. Just caught this article over on TechTarget " Security Management 2008 - What's in Store. " About halfway through Mike highlights the GRC space snip Hopefully, security professionals will finally come to grips with the discipline that is preparing for an audit, which will result in an opportunity for...
 
Tags: grc, grc space, risk, risk management, grc products, security professionals, mike, mike highlights, frustrations security team
 
 
 
 
Expand article

Nice GRC write-up and how it relates to log management initiatives

2008-03-24 13:34:00 by Ryan Shopp in practical risk management
 
...GRC: Replacing a piecemeal response to compliance " for SC Magazine defining GRC and how it fits together with other areas of security and prevention management. The article, as expected, has a major slant toward Log Management, but it is a very good summary that also highlights other key capabilities / areas important to GRC Even though...
 
Tags: grc, grc products, software products, software, products, security, log management, log, security vendors
 
 
 
 
Expand article

Rich Mogull does his best Stiennon imitation, says GRC is dead

The Article has images
2008-05-14 22:12:24 by HASH0x8b54f78 in StillSecure, After All These Years
...GRC is dead . In fact Rich says it was stillborn and never really alive. There are many things that Rich says in his article as well as Gunnar Peterson's article that he references, that I agree completely with. However, overall I think Rich's fatal mistake is one of Titanic proportions. He is mistaking the tip of the iceberg for the entire...
 
Tags: rich, rich mogull, security, security practices, industry, security industry, compliance, security practitioner, compliance workload
 
 
 
 
Expand article

Gartner IT GRC Predictions

2008-02-13 17:30:00 by Ryan Shopp in practical risk management
 
...GRC They do an artful job laying out the customer desired capabilities and scoping the size of the market opportunity A couple key points to soak in IT GRCM products provide functions that address needs expressed by 75% of the Gartner client base Gartner estimates that software license revenue for vendors...was $73million for 2007, and we...
 
Tags: gartner, risk, risk management, grc, gartner client base, previous posts, compliance management, compliance management space, reinforces previous posts