GRC

Mon
19
Sep

Business value creation is a function of regulatory compliance

Business value creation is a function of regulatory compliance
Europen Union  and United States of America, both have been front runners in enhancing and enforcing privacy regulations across different industries. The focus has been to ensure that firstly there is sufficient notice to and adequate consent from customers[1] before personal data is processed. Secondly, personal data is processed with adequate security measures, and finally that personal data is disposed off securely once the purpose for which the personal data was acquired, has been fulfilled.
The incentives for regulation compliance has been increasing gradually across globe. With GDPR put forth formally, any organization with EU interest has a regulatory risk of higher of 4% of global revenue and 20 million euros. This takes data regulatory risk straight in to the board room.
 

Conflict between Business and Regulations

Thu
18
Feb

Integrated Governance Risk and Compliance - Choosing the Right Solution

Integrated Governance Risk and Compliance - Choosing the Right Solution

As everyone knows effective Governance is the key factor of every organizations’ success; whether its small scale industry or mammoth sized corporates. The modern day organizations are facing really complex and ambiguous situations on their day to day Governance process. The problems evolving over a period should be addressed in dynamic way than conventional way. So, the organizations should be ready to face the challenges extended on Governance domain.

I believe, identifying the risk factors will drive the way to success. Compliance and governance will go hand in hand to comply with various regulations enforced by governmental bodies, regulators, internal policies or industry mandates. Compliance is not a onetime activity, the organizations should make it repetitive so they can continue with the regulation at lower cost and ensure mandatory compliance liability.

Mon
15
Feb

Infosec 2016 technical roadmap - Make a choice – Based on your business constraints and technological realities !!!

Infosec 2016 technical roadmap - Make a choice – Based on your business constraints and technological realities

When we go for security solution design, it is important that we understand the business problem, need or opportunity. Our approach and methodologies should be based on that. Also we need to optimize architecture across customer needs, business constraints, and technological realities. For that we need to follow the industry trends and standards, both from a business and technical standpoint.

As a Security team, we need to closely watch the technology developments to ensure that our organization is effectively positioned to respond to any of the security threats. We need to develop technical roadmaps for future implementations across the enterprise to ensure the soundness of the solution. We also need to maintain a forward looking perspective on emerging technology developments and their relevance to both business and technology strategies.

Fri
29
Jan

Internal Financial Controls Assessment: An overview from IT GRC perspective

Internal Financial Controls Assessment: An overview from IT GRC perspective

Worldwide there has been a growing realization among various government and regulatory authorities to have regulations that ensure strong internal controls are implemented in organizations to protect the interests of various stakeholders, particularly the shareholders.  For instance, in India the new Companies Act, 2013 lays very strong emphasis on Internal Financial Controls (IFC) and holds the board to be directly responsible for overseeing its implementation and enforcement in the organization.

Thu
15
Oct

Tackling the Challenges of Managing Third Party Risk Assessments

Tackling the Challenges of Managing Third Party Risk Assessments

Performing information security risk assessments for third parties has become recognized part of the annual compliance and risk management plan in many companies, particularly in highly-regulated industries. While conducting risk assessments is a day-to-day activity, there are several problem areas that can limit the effectiveness and meeting overall program targets.

What are some of the challenges companies face in developing or managing a third party risk management program?

1. We have thousands of third parties in our company. How do we prioritize vendor risk assessments to address the highest risks first?

Fri
22
May

GRC Part 1: Informed Decision Making

Governance, Risk and Compliance can be a challenging area for CIOs and CISOs to navigate. With the board of directors and C-suite as key stakeholders, the ability to deliver results through the complex GRC environment is now more critical than ever.
What has your GRC done for you lately?
Let's look at an example of a typical month for the CIO and CISO. Due to publicity of recent data breaches in the industry, you are scheduled to deliver an Information Security update at the next Audit Committee meeting.
1. The annual IT security risk assessment is complete and the results have been presented. The external risk consultants worked with internal teams to identify risks and weaknesses. You have captured the high points for the Audit Committee presentation.
2. You plan to make sure the enterprise risk register is up-to-date with findings, remembering to check in with the SOX and PCI teams. What is the status of PCI 3.0 readiness?

Pages

Subscribe to RSS - GRC