If there is one element of a GRC framework upon which all else depends, it is the correct formulation of risk appetite, and the translation of appetite into tolerances, thresholds and limits that the organization must operate within. Without this, it’s simply impossible to manage risks effectively. Risk appetite can be defined as the quantity

EMC has created a new community for the GRC Eco-system – very cool! I wanted to share with the the ‘offical’ communications out of EMC on this – it represents a huge commitment to GRC and I am extremely jazzed to be a part of it  Here’s information on how the RSA Archer Community is

Most of you know I am part of EMC’s Consulting organization and work closely with RSA and the Archer team. This week at RSA Conference in San Francisco, we are launching a very focused set of advisory services around security and risk management – including a new set of advisory services around GRC strategy, development

The last two posts have dealt with Risk Ontology, why we need one and what it contains; and Risk Framework – what it contains, and five key steps to get started. This post is about how to manage that information once it is defined. What’s the best practice process and governance for managing a Risk

Last post, we went into what a Risk Ontology is, why we need one and what it contains. In this post, we look at Five Easy (some may say not so easy…) steps to get started. Remember that core to GRC is adopting a coordinated, coherent approach to risk management across the organization, built on a

At the heart of GRC is adopting a coordinated, coherent approach to risk management across the organization, and core to that objective is developing and adopting a risk ontology. What is Risk Ontology?   In the information sciences, ontology “formally represents knowledge as a set of concepts within a domain, and the relationships between those

Why do we have governance, risk, and compliance? Many write it off as a marketing term, assuming there is no need for it in organizations that already have internal audit, enterprise risk management, and information security. Oh, if it were only that simple… Rather than write an extensive post on the subject, let’s try something a little more interactive

EMC has been sponsoring the annual IDC Digital Universe Study for five years – and we’ve been saying the horrendous growth in information is one of the main Five Forcing Functions driving growth and adoption of GRC. The 2011 Digital universe Study is in – and the numbers will shock you. Here’s a taste: Digital

Many organizations get their first taste of the promise and power of a GRC program when they begin to implement a Privacy Program. Why? Because privacy is an enterprise issue that spans legal, IT, compliance and business operations. Privacy regulations vary by jurisdiction, and at times may be in conflict.  In fact, privacy regulations are

As I work with customers on their journey to a unified GRC program, it often seems an insurmountable task.  But, as they say, every journey begins with the first step. And, often the first step is about sitting back and taking the time to really ask yourself, what is it that we need to accomplish?