Vector
Vector

Choose your topics

Blogs
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

GRC
Blogs
The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
Blogs
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Blogs
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Blogs
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Blogs
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
Blogs
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Blogs
The Simple Way to Combat Phishing

SureCloud Cybersecurity Practice Director Luke Potter shares his tip to stay ahead of attackers phishing for your downfall.

Penetration Testing
Blogs
See Yourself in Cyber With Janhavi Deshpande

See Yourself in Cyber With Janhavi Deshpande - SureCloud

Cyber Security
Vector (7)
Vector-1
GRC

GRC Practice Director to Present at ISF World Congress 2018

GRC Practice Director to Present at ISF World Congress 2018
Written by

Admin

Published on

20 Oct 2018

GRC Practice Director to Present at ISF World Congress 2018

 
 
 

GRC Practice Director, Alex Hollis, will be presenting at ISF’s Annual World Congress on Sunday, the 28th of October 2018 at 10:15 AM, in Room 5, Verona. His keynote session will center on ‘How To Integrate Business Risk and IT Risk’.

Check out this sneak peek here:

What does GRC mean to you?

Many governance, risk, and compliance (GRC) projects fail because they’re deployed to support a specific compliance need or to meet the requirements of a specific department.

Typically, organizations operate in terms of business GRC (EGRC), and IT GRC. EGRC is concerned with business processes, clients, and products. Its focus is on operational risk, considering the higher-level issues and calculating the effects of particular risks on the overall business, and attributing an ROI figure to those risks.

In contrast, IT GRC is device-led and focused solely on anything with an IP address, such as applications, data, software or hardware. It rarely considers the risk environment outside of its physicality, with risks directly attributed to its assets (e.g. database).

The reality is that organizations require a comprehensive view across the entire business, which includes any external third parties.

Trust IRM for greater visibility

By taking an integrated risk management (IRM) approach and connecting EGRC and IT GRC, you can start to have more joined-up, in-depth conversations about your organization, since you have greater visibility over their relationship. For example, if vulnerabilities in your IT infrastructure were to cause a web server to go down (IT GRC) it can impact your sales team, who wouldn’t be able to access their customer data (EGRC).

For years we have encouraged our customers to take an IRM approach, which integrates EGRC and IT GRC, because of the value you can derive from it, and the greater protection it affords an organization.

GDPR leaves no option but to choose IRM

With GDPR now in effect, it means that from a regulatory standpoint you have no option but to integrate the two; GDPR requires that you identify your information assets, the physical territories in which they sit, and it forces you to identify and consider your supply chain in its entirety.

Business Standards requires integration

Furthermore, business standards, such as the ISO 27000 series, will also require you to integrate your eGRC and IT GRC to demonstrate and maintain compliance.

 

Not attending ISF?

Don’t worry! On the 14th of November, 4 PM UK time, Alex will be presenting this speech on Bright Talk.

Attend the free webinar by registering here

 

Find out more about our IRM products here.

Alex Hollis, GRC Practice Director

With over 16 years’ experience in IT, mobile technology and software development, Alex has spent the last seven years specializing in governance, risk, and compliance (GRC). After just six months in the industry, Alex received a platinum-level excellence award for his work around risk bow-tie modeling, Solvency 2 and Basel 3. Now focusing primarily on operational risk, Alex has analyzed, designed and implemented GRC technology and IRM solutions into 60 companies, including some of the largest and most complex environments. His experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services, and insurance. A keynote speaker at prestigious industry conferences, Alex is also currently writing a book on end-to-end GRC.

About SureCloud

SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. SureCloud connects the dots with integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.