Integrating Enterprise GRC and IT-GRC Programs on a Single Framework
- LANGUAGE: English DATE: Friday, November 19, 2010 TIME: 16:00 CET, 10am EST
This webinar will highlight how organizations can manage risk better across their IT and business processes, thus enabling them to determine potential impact considering both IT and business controls.
Today, most organizations manage their IT-GRC programs separately from their enterprise GRC efforts, focusing primarily on the business view of risks (operational and strategic) and compliance. As a result of uncoordinated overall GRC initiatives, they face issues like increased cost, inappropriate management of key IT risks and business controls, inefficient security management tools and lack of effective critical decision making which could escalate the risk to the organization causing significant business impact.
Successful integration of the IT GRC processes with Enterprise GRC programs with a common framework such as Cobit, COSO, ISO 27002 etc. will eliminate silos, standardize processes and improve collaboration. It will also help the organization to remove the silos within GRC by incorporating continuous monitoring of IT risk and compliance metrics into business process risk management thereby providing immediate value with reduced complexities and lower costs inherent in the overall GRC management.
Join this webinar to discuss:
- Extending Enterprise GRC solutions to incorporate IT GRC programs
- Correlation between Enterprise Risk and IT Risk
- Successful application of GRC principles to IT processes through an integrated framework
- Benefits of IT solution to integrate and automate GRC and IT GRC processes to achieve harmonization and efficiency
- Continuous monitoring of both IT and business controls to protect business value and manage risk
Martin Kuppinger, Principal Analyst at KuppingerCole, will first give you an overview on strategies to integrate enterprise GRC and IT GRC and the achievable benefits from such an integration, followed by Jonathan Curtis of MetricStream, who will talk about his practical experiences i.e. in integrating and automating GRC and IT GRC processes.
As users, devices and application workloads move outside the corporate network, the traditional model of enforcing security at the network perimeter is no longer effective. A Zero Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless of where they are working. But the path to achieving Zero Trust is unclear for many organizations.