Goodpods logo
Goodpods

Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
BrakeSec Education Podcast - 2021-034-Khalilah Scott, good GRC tool practices - part1

2021-034-Khalilah Scott, good GRC tool practices - part1

Explicit content warning

09/29/21 • 43 min

BrakeSec Education Podcast

GRC tools (Governance Risk and Compliance)

@ki_twyce_

@TechSecChix

INfosec unplugged

Security Happy Hour

Eric’s cyberpoppa show

Cyber Insight show - cohost

Blumira is hiring

https://www.blumira.com/careers/

https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html

https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html

https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/

Why do we need a GRC tool?

https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register

What are our business goals? (to make money... :D )

Are we mature enough to be measuring ourselves?

How can we use this to be more efficient?

https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/

  • Centralized Controls. ...
  • Support for Future Standards. ...
  • Automation
  • Integrations (my add... helpdesk integrations, 3rd party)
  • Scalability. ...
  • Customizable Reporting. ...
  • Flexibility. ...
  • Task Delegation

GRC tool use in other areas

IT - makes more informed budget decisions, determines directions in business goals, asset mgmt

Finance - Make better financial decisions, profitability

Infosec- vuln mgmt,

Compliance

HR - determine hiring requirements

Legal - ensures ethical management of the organization, reduces breach,

How do you implement GRC?

https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation

  1. Step 0: everyone’s input and use cases
  2. Determine the total value gained by using a centralized GRC platform
    1. Missing data
    2. Duplicate processes
    3. Duplicate data
    4. Manual steps that can be removed or automated
    5. Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting
  3. Identify operational gaps to prioritize the areas you need to improve.
  4. Get your team on board with an effectively communicated plan.
  5. Build a strong foundation to support your GRC program
  6. Deploy a standardized GRC implementation across the board.
  7. Let the GRC framework evolve and grow after it's implemented.
plus icon
bookmark

GRC tools (Governance Risk and Compliance)

@ki_twyce_

@TechSecChix

INfosec unplugged

Security Happy Hour

Eric’s cyberpoppa show

Cyber Insight show - cohost

Blumira is hiring

https://www.blumira.com/careers/

https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html

https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html

https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/

Why do we need a GRC tool?

https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register

What are our business goals? (to make money... :D )

Are we mature enough to be measuring ourselves?

How can we use this to be more efficient?

https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/

  • Centralized Controls. ...
  • Support for Future Standards. ...
  • Automation
  • Integrations (my add... helpdesk integrations, 3rd party)
  • Scalability. ...
  • Customizable Reporting. ...
  • Flexibility. ...
  • Task Delegation

GRC tool use in other areas

IT - makes more informed budget decisions, determines directions in business goals, asset mgmt

Finance - Make better financial decisions, profitability

Infosec- vuln mgmt,

Compliance

HR - determine hiring requirements

Legal - ensures ethical management of the organization, reduces breach,

How do you implement GRC?

https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation

  1. Step 0: everyone’s input and use cases
  2. Determine the total value gained by using a centralized GRC platform
    1. Missing data
    2. Duplicate processes
    3. Duplicate data
    4. Manual steps that can be removed or automated
    5. Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting
  3. Identify operational gaps to prioritize the areas you need to improve.
  4. Get your team on board with an effectively communicated plan.
  5. Build a strong foundation to support your GRC program
  6. Deploy a standardized GRC implementation across the board.
  7. Let the GRC framework evolve and grow after it's implemented.

Previous Episode

undefined - 2021-033-Kim_Crawley, 8 steps to better security-Part2

2021-033-Kim_Crawley, 8 steps to better security-Part2

8 Steps to Better Security: A Simple Cyber Resilience Guide to Business is done all final editing and will be published by @WileyTech on October 5th.

Pre-orders are available now via Amazon, Barnes & Noble, and other retailers.

Sponsored Link: https://amzn.to/3k3pDAN

Amazon teaser: “Harden your business against internal and external cybersecurity threats with a single accessible resource.

In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps.

Written to be accessible to non-technical businesspeople as well as security professionals, and with insights from other security industry leaders, this important book will walk you through how to:

  • Foster a strong security culture that extends from the custodial team to the C-suite
  • Build an effective security team, regardless of the size or nature of your business
  • Comply with regulatory requirements, including general data privacy rules and industry-specific legislation
  • Test your cybersecurity, including third-party penetration testing and internal red team specialists

Perfect for CISOs, security leaders, non-technical businesspeople, and managers at any level, 8 Steps to Better Security is also a must-have resource for companies of all sizes, and in all industries.

Next Episode

undefined - 2021-035-GRC selection discussion, TechSecChix, and the 'job description problem'

2021-035-GRC selection discussion, TechSecChix, and the 'job description problem'

GRC tools (Governance Risk and Compliance)

@ki_twyce_

@TechSecChix

INfosec unplugged

Security Happy Hour

Eric’s cyberpoppa show

Cyber Insight show - cohost

Blumira is hiring

https://www.blumira.com/careers/

https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html

https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html

https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/

Why do we need a GRC tool?

https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register

What are our business goals? (to make money... :D )

Are we mature enough to be measuring ourselves?

How can we use this to be more efficient?

https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/

  • Centralized Controls. ...
  • Support for Future Standards. ...
  • Automation
  • Integrations (my add... helpdesk integrations, 3rd party)
  • Scalability. ...
  • Customizable Reporting. ...
  • Flexibility. ...
  • Task Delegation

GRC tool use in other areas

IT - makes more informed budget decisions, determines directions in business goals, asset mgmt

Finance - Make better financial decisions, profitability

Infosec- vuln mgmt,

Compliance

HR - determine hiring requirements

Legal - ensures ethical management of the organization, reduces breach,

How do you implement GRC?

https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation

  1. Step 0: everyone’s input and use cases
  2. Determine the total value gained by using a centralized GRC platform
    1. Missing data
    2. Duplicate processes
    3. Duplicate data
    4. Manual steps that can be removed or automated
    5. Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting
  3. Identify operational gaps to prioritize the areas you need to improve.
  4. Get your team on board with an effectively communicated plan.
  5. Build a strong foundation to support your GRC program
  6. Deploy a standardized GRC implementation across the board.
  7. Let the GRC framework evolve and grow after it's implemented.

If you like this episode you’ll love
Security Weekly Podcast Network (Audio)

Security Weekly Podcast Network (Audio)

Notnerd Podcast: Tech Better

Notnerd Podcast: Tech Better

Hardware Addicts

Hardware Addicts

Smashing Security

Smashing Security

Tech Life

Tech Life

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/brakesec-education-podcast-15362/2021-034-khalilah-scott-good-grc-tool-practices-part1-16831412"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to 2021-034-khalilah scott, good grc tool practices - part1 on goodpods" style="width: 225px" /> </a>

Copy