If there is one element of a GRC framework upon which all else depends, it is the correct formulation of risk appetite, and the translation of appetite into tolerances, thresholds and limits that the organization must operate within. Without this, it’s simply impossible to manage risks effectively. Risk appetite can be defined as the quantity

Most of you know I am part of EMC’s Consulting organization and work closely with RSA and the Archer team. This week at RSA Conference in San Francisco, we are launching a very focused set of advisory services around security and risk management – including a new set of advisory services around GRC strategy, development

Last post, we went into what a Risk Ontology is, why we need one and what it contains. In this post, we look at Five Easy (some may say not so easy…) steps to get started. Remember that core to GRC is adopting a coordinated, coherent approach to risk management across the organization, built on a

 My new role at EMC is to teach people to be Virtual Data Center (VDC) and Cloud Architects. For me this is a great privilege and an incredible learning experience – and a chance to build trust in the cloud one architect at a time.    During the process of developing the cloud architect curriculum, the

When we started developing the Cloud Architect IT-as-a-Service course, we weren’t too sure ourselves. So we started researching it by talking to our customers, partners, and of course our own technologists. One of our most knowledgeable technologists quipped “ITaaS is a marketing term.” But then he followed up with the definition: “how do you turn