Designing a GRC Framework

What is the essence of information security governance, risk & compliance? How do you meet your governance, risk and compliance requirements and prevent a data breach? The key is to understand the spirit of risk management and create a customised information security management system (ISMS) for your business. This presentation details a practical, step-by-step guide for designing and implementing a cost-effective ISMS to minimise your risk of a breach and meet your Association’s legislative (Data Protection Act), regulatory (Payment Card Industry), or industry standard (ISO-27001) compliance requirements to include: · Practical ISMS documentation structure · Scope, objectives & risk strategy examples · Risk treatment plan, asset register & classification guide examples · Policy frameworks · Control objectives, evidence & policy examples · Audit & testing documentation examples