Persistent cyber threats, the growing array of regulations and rapidly changing technology have heightened the need for cybersecurity to be integrated into governance, risk and compliance (GRC) frameworks.
GRC programs include the processes and technologies that enable organizations to meet business goals, address risk, and comply with government and industry regulations. Incorporating cybersecurity into organization-wide GRC programs means aligning technology decisions with business objectives while meeting regulatory requirements and defining cyber risks.
Organizations need to move away from security and compliance being compartmentalized and move towards coordination and alignment between the two. By aligning cyber risk with GRC the aim is to limit liability from legal and compliance, ensure a governance mode fit for audit and comply with regulating bodies like the SEC — that’s the important thing, Jason Rader, CISO with Insight Enterprises, tells CSO.
What’s driving cyber risk’s integration into GRC?
Cloud adoption, hybrid workforces, the emergence of generative AI, building agile security functions and the need to secure organization-wide digital…
