Bringing GRC Federation into IT Security

Share  
1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11
Previous Next

Click through for steps organizations can take to establish an integrated GRC and security approach using a "federated" model, as identified by Yo Delmar, vice president, MetricStream.

What is federated GRC?

GRC, by definition, involves bringing together governance, risk and compliance disciplines from across an increasingly complex, extended enterprise with deep interlocks to customer and supplier eco-systems. While it’s not realistic to expect organizations to converge on a common set of GRC processes across this complex landscape, there is huge value in taking a federated approach to GRC that leverages the common risk elements from each business unit, IT and security teams, and management of third parties.

Building a federated GRC capability involves understanding the information architecture and processes that are critical to improving business performance, lowering risk exposure, and ensuring compliance with policies and regulations across the entire organization and its vendor communities. It’s important to engage stakeholders from different business units and collaboratively define what needs to be common, versus what can, or must remain federated, but rationalized through a roll-up in the context of the organization as a whole – its strategic objectives, its legal obligations and its risk appetite.

The degree of federation that makes sense will be very tightly tied to the operating model, and will reflect the reporting requirements and decision-making authority that resides within each unit. For example, a highly distributed organization with very distinct businesses may require a broader degree of federation than a global organization that is highly regulated, and therefore requires greater consistency and predictability across the business. Federation requires an understanding of your organization, its natural structure, and its objectives in order to strike the right balance.

Yo Delmar, vice president, MetricStream, has identified steps organizations can take to establish an integrated GRC and security approach using a "federated" model.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Security51-190x128 Tips for Avoiding Phishing Email Traps

During this time of year, people make more online transactions than usual, so it's essential to be extra careful when sending financial and/or personal information. ...  More >>

Holiday16-290x195 The Top 12 Scams of the Holidays 2014

The holidays are upon us -- children are making their lists, families are pulling out the holiday decorations and hanging their stockings with care and, unfortunately, cyber criminals are trying to steal your presents. ...  More >>

Holiday15-290x195 Shopping Simplified: 15 Tech Gifts for $50 and Under

We've compiled this lineup of 15 high-tech items to simplify shopping this season. Some are just fun to use and a few of these devices are things that just about everyone should own. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Thanks for your registration, follow us on our social networks to keep up-to-date