Dealing with a constant barrage of security risks is one of the biggest daily challenges faced by IT leaders, apart from the occasional regulatory compliance landscape.
In this article at eSecurity Planet, Sean Michael Kerner brings some insights from former Deputy CIO at the White House, Alissa Johnson, into smart ways to balance governance, risk, and compliance (GRC).
The Balancing Act of GRC
An ingenious GRC strategy compliments multiple benefits like enhanced decision-making, optimal IT investments, eradicating silos, and reducing fragmentation of departments. Even though there are enough tools available to streamline GRC operations, here are some smart ways to balance the act right:
- Anticipate Compliance Regulations: With the enactment of GDPR, there is a connection between IT security and privacy that has come in the limelight. This has made IT professionals anticipate more privacy compliance. So, you must expect more additional state and national privacy compliance efforts to be forthcoming and remain prepared for it.
- Map Out Existing Controls: Leading IT organizations face multiple privacy and cybersecurity compliance. Mapping existing controls will help in utilizing them in different compliance efforts. So, by following the security policies diligently, no technology investment will be required in terms of GDPR.
- Leverage Tools: Measuring all the variables to see how the organizations are mitigating and eliminating risks is an equally essential GRC tool. By looking at GRC with the right technology, it is possible to find the perfect balance.
- Embrace AI: Challenged by a cybersecurity talent shortage, many organizations make it tough to accomplish all the necessary tasks that need improved security and GRC efforts. By allowing artificial intelligence (AI), bots and machine learning it would be easier to improve cyber-hygiene. In fact, automation technologies may prove beneficial in lowering the risk-based processing.
Click on the following link to read the original article: https://www.esecurityplanet.com/compliance/how-to-improve-governance-risk-and-compliance.html