Mapping GRC Policies, Regulations, Standards and Processes
David Cuthbertson - CEO Square Mile Systems and Charlie Muir - Consulting Services Director - Secrutiny
About this talk
Mapping and understanding GRC (Governance, Risk Management and Compliance) is necessary to ensure cybersecurity policies and processes are maintained effectively, avoiding duplication of effort and clarifying focus for shared IT engineering resources. As well as having sector led regulatory needs, there is often a multitude of management frameworks and standards involved – CoBit, ISO27001, NIST CSF, PCI DSS, CSC, ISO2000, TBM, eTOM, etc. (to name a few). All have their own focus and recommendations, so efficient ways of defining and maintaining business objectives, appropriate internal controls, processes and policies is important to meet GRC business needs. With more regulations being introduced by governments, GRC requirements are becoming increasingly complex so we’ll cover systematic ways of mapping common requirements to save a lot of effort. We are pleased to have support from Charlie Muir, Consulting Services Director at cyber security specialists Secrutiny.