Governance, Risk, and Compliance (GRC)
Governance, Risk, and Compliance (GRC)
Securing the business, not just the computers.
GRC ensures that IT activities align with business goals (Governance), risks are identified and managed (Risk), and legal/regulatory requirements are met (Compliance).
The Triad
- Governance: The strategy. "What are we doing and why?"
- Risk: The uncertainty. "What could go wrong?"
- Compliance: The rules. "What must we do?"
Section Contents
-
Risk Management Frameworks
Using frameworks like NIST CSF and ISO 27001 to manage organizational risk.
