Arno Kapteyn, Managing Consultant IT Governance
The classic IT Security Organization is often seen as the “digital border guards”. Busy with deciding what the firewall setting should be. How to “harden” the server configuration. Checking the latest virus and hack-attack methods and working on defenses. Integrating this Security function with the IT- Governance, IT- Risk and IT - Compliance functions into one GR(S)C – function will lead to direct cost reductions but also to an indirect cost reduction because the (control) requirements from each of these functions individually can be integrated into one Risk (and Control) approach for the IT Domain. Streamlining the effort will in many cases lead to a reduction of the effort required from the IT-operational organization to implement and assure controls and other risk reduction measures.
What does this integration mean for the organization, tasks, skills, processes for the new GRSC function as compared to the current situation? What may you expect during the transition path?
Arno Kapteyn is Managing Consultant IT Governance. He is a leading expert in the field of IT Governance, Risk and Compliance (GRC) and how to integrate them with IT Security and IT Service Management. His field of expertise is the design and implementation of IT Organizations according to the available open and industry standards.