Explore a conference talk that delves into the challenges of GRC (Governance, Risk, and Compliance) governance and the potential pitfalls of relying solely on industry analysts. Learn why Gartner and Forrester's recommendations may sometimes fall short, and discover a more practical approach to implementing GRC programs. Examine the Gartner Paradox and Forrester's Wave, and understand the importance of focusing on basic business goals and distilled requirements. Follow a step-by-step guide to program roll-out milestones, including tool evaluation, proof of concept, and the roles of security administrators, managers, and risk assessors. Gain insights into scoring and evaluation methods, and understand the benefits of this comprehensive approach to GRC implementation.
Overview
Syllabus
Intro
WHY GARTNER & FORRESTER CAN FAIL YOU
THE GARTNER PARADOX
FORRESTER'S WAVE
IGNORING THE EXPERTS
THE ORIGINAL GOAL
BASIC BUSINESS GOALS
DISTILLED REQUIREMENTS
PROGRAM ROLL OUT MILESTONES
TOOL EVALUATION
PROOF OF CONCEPT
SECURITY ADMINISTRATOR
SECURITY MANAGEMENT
RISK ASSESSOR
SECURITY OPERATIONS
SCORING & EVALUATION
BENEFITS OF THE APPROACH
