Governance, Risk and Compliance can be a challenging area for CIOs and CISOs to navigate. With the board of directors and C-suite as key stakeholders, the ability to deliver results through the complex GRC environment is now more critical than ever.
What has your GRC done for you lately?
Let's look at an example of a typical month for the CIO and CISO. Due to publicity of recent data breaches in the industry, you are scheduled to deliver an Information Security update at the next Audit Committee meeting.
1. The annual IT security risk assessment is complete and the results have been presented. The external risk consultants worked with internal teams to identify risks and weaknesses. You have captured the high points for the Audit Committee presentation.
2. You plan to make sure the enterprise risk register is up-to-date with findings, remembering to check in with the SOX and PCI teams. What is the status of PCI 3.0 readiness?