Information Security in Context: The CISO as a Transformational Role in Risk Management
Information Security at the Center of Risk Chaos Inevitable Failure: Managing Information Risk in...
Read MoreSelect Page
by The GRC Pundit | Sep 29, 2016 | The GRC Pundit Blog | 0 |
Information Security at the Center of Risk Chaos Inevitable Failure: Managing Information Risk in...
Read Moreby The GRC Pundit | Sep 7, 2016 | The GRC Pundit Blog | 0 |
Organizations are complex. Exponential growth and change in technology, vulnerabilities,...
Read Moreby The GRC Pundit | Oct 6, 2015 | The GRC Pundit Blog | 1 |
If you have been following my research over the course of the past 15 years you will know that I have often been frustrated when IT GRC has been understood to be confined to IT security management. In fact, you can find some of my Forrester reports (2001 to 2007) that often challenge the captivity of IT GRC by security.
IT Governance, IT Risk Management, and IT Compliance are broader than security. Yes, security is one of the most critical risks in IT departments and to the business. I am not minimizing IT security; it needs to be addressed. However, this gives no right for IT security management solutions that do IT security governance, IT security risk management, and IT security compliance to hold IT GRC hostage.
Consider . . .