To select the best IT GRC tools/solution for you, you need a checklist of all Use Cases for your organization. Prioritization of that followed by weighing the implementation ease can help you choose the best IT GRC solution. Here are few Use Cases to help.
Some IT GRC Use Cases:
Information Security
- Threat & Vulnerability mgm
- Establishing ISMS
- Configuration of Compliance to Security Baseline
- Security Intelligence
- Integration: CMDB,VA,SIEM,DLP etc.
- Content: MITRE,NIST,CIS etc.
Risk
- Implementing Risk Frameworks- ISO,NIST,COBIT,FAIR
- Integrated Risk mgm-Security, IT Operation, BCM
- Standardizing Risk Calculations & Analysis
- Vendor/3rd Party Risk Assessments
- Risk Analytics
- Content-SIG,CAIQ
Compliance
- Policy mgm-Defining,Acceptance,Training etc.
- Regulations-PCI,FDIC,NERC,HIPAA
- Linking Policies to Control Objectives
- Harmonized Controls
- Control Monitoring & Testing
- IT Audits
- Content-UCF
Incident Handling
- Issue mgm & remediation
- Incident mgm
- Remediation Workflow
- Notifications & Escalations
- Integration with Security Incidents & Help Desk
Reference-
1. Extracts have been taken from IT GRC Session Decision Summit, 2015 by Ravi Mishra
Comments