The newest and highest safety abbreviation: GRC! Some acronym for Governance, risk and Compliance or Governance, risk and controls; But what is it really talk towards?
Related to a lack of scientific research, GRC professionals as a result of the investigation, the following generally accepted definition: "GRC is an integrated, comprehensive approach to the Organization's governance, risk and compliance to ensure that the organisation is ethically correct and risk appetite, in accordance with its internal policies and external regulations strategy by harmonising processes, technology and people in such a way as to improve the efficiency and effectiveness."
GRC reasonably agreed with this definition, the multiple charts have been produced, strategy, people, processes and technology, with a view to achieving interconnectivity with intermingled and ' dotted-line ' relating to ethical behavior and to improve the efficiency and effectiveness.
It really have to be complicated?
Governance and compliance with regulatory standards and from the point of view is in a number of security features, guidelines for, which include but are not limited to:
CObIT, FFIEC, HIPAA, PCI DSS, GLBA, ISO27002 (formerly ISO17799, BS7799), MA 201 CMR17, NIST, SOX, MICS
The organization is likely to be one or two of these standards, so what is the best approach complies with the applicable to locate one of the most? "the report of the Committee on legal and/or industrial needs and Making the proper checks, you can most likely overlap. [2] [3] other standards.
This is a perfect example of logical access controls four very different standards dealing with the overlap:
CObIT DS5.3: procedures for the revision of the existing and (internal and external) support transactions for all users of the system are complied with.
FFIEC Information Security, b. Network Security, objective 8: Specifies that, where appropriate, the authenticated users and devices are restricted in their ability to system resources and start.
PCI 7.1: access to resources, and cross-border card information only to persons whose work requires the use of a request for access.
HIPAA security rule, technical protection measures 164.312 (d): implement procedures to ensure that any natural or legal person, to seek to secure electronic health records is one of the most claimed.
How to include a combination of the risk of knowing about the company, revenues of? or the reputation of the risk associated with how to adequately protect it? Full understanding (whether or not they are the people, processes, or technologies) the risks associated with the identification of and qualifications is critical to use before you try to provide governance and compliance, and controls.
Finally, the implementation of the programme shall be adopted in accordance with the functional GRC-the first step is to run the RISK of business Impact Analysis, determines which GOVERNS the industry or organization and the appropriate application of CONTROLS TO be applied to meet the necessary requirements.
About CAPACITOR DISCHARGE IGNITION IT Solutions
CAPACITOR DISCHARGE IGNITION IT Solutions provides information technology, outsourcing, in consultation with the project-based services and the client in order to optimise the staff in computer infrastructure, reduce cost, improve service levels, IT and free up capital strategic investment.
0 comments:
Post a Comment