Light Dark
April 18, 2017 By Rick M Robinson 2 min read
Risk Management
CISO

The scope and sophistication of cybercrime continues to grow, with the Dark Web marketplace evolving to provide an ecosystem and even a language designed for the needs of organized crime and other bad actors.

In the face of this challenge, enterprises are still too reactive in their cybersecurity practices. This remains the case even though almost everyone understands that policies shaping governance, risk and compliance (GRC) can and should provide a solid framework for a more proactive approach to security.

Navigating Through Risks and Regulations

According to Infosec Island, enterprises must have a strong “appetite for risk,” because it is the inevitable flip side of opportunity. However, organizational leaders face real frustrations in finding an effective approach to GRC.

Governmental regulations, which set the overall legal and administrative framework, tend to operate within siloed industry verticals, rather than extending in a consistent way across industries. This complicates the challenge for any enterprise that is not itself confined to one vertical.

Organizational leaders also create their own complications by pushing audit demands and other requirements onto IT teams with no regard to workload. They are placing increased responsibility on people who already have very full plates.

The Art of GRC Tool Selection

Fortunately for these overworked teams, there is light at the end of the tunnel. The security community and marketplace are providing a growing range of GRC tools that organizations can use to help keep up with their governance, risk and compliance requirements. The challenge for security professionals is to evaluate the available products and present action-ready options to the C-suite. No one else can perform this crucial role, since most organizational leaders lack the specialized training needed to judge these tools.

The first item on the checklist of GRC tool requirements is affordability, which is not a technical dimension in itself, but is essential for any solution that can be adopted. Many organizations cannot afford a full-blown enterprise suite, but most can benefit from some select tools.

Other features to look for include mitigation, remediation and delegation resources to track progress and responsibilities, risk management tools to evaluate the threat of third-party breaches, and policy libraries, mapping and views that assist those working with the tools.

Selecting effective GRC tools and achieving buy-in from the C-suite is not a simple task. But ultimately, the effort will pay dividends and build mutual confidence between organization leaders and security experts. This confidence is crucial to building effective security in a dynamic, quickly evolving security environment.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

 |  |  |  |  |  | 
Rick M Robinson

More from Risk Management
January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

January 24, 2025

How cyberattacks on grocery stores could threaten food security

4 min read - Grocery store shoppers at many chains recently ran into an unwelcome surprise: empty shelves and delayed prescriptions. In early November, Ahold Delhaize USA was the victim of a cyberattack that significantly disrupted operations at more than 2,000 stores, including Hannaford, Food Lion and Stop and Shop. Specific details of the nature of the attack have not yet been publicly released.Because the attack affected many digital systems, some stores were not able to accept credit/debit cards, while others had to shut…

January 23, 2025

Taking the fight to the enemy: Cyber persistence strategy gains momentum

4 min read - The nature of cyber warfare has evolved rapidly over the last decade, forcing the world’s governments and industries to reimagine their cybersecurity strategies. While deterrence and reactive defenses once dominated the conversation, the emergence of cyber persistence — actively hunting down threats before they materialize — has become the new frontier. This shift, spearheaded by the United States and rapidly adopted by its allies, highlights the realization that defense alone is no longer enough to secure cyberspace.The momentum behind this…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature