IT GRC Forum

FacebookJoin our Linkedin Group!Follow us on Twitter!Subscribe to our Feeds!
Click on the slide!

EMV and Mobile Payment in 2015

Live Webcast!             Join our expert roundtable as we give some top security guidelines for EMV

Click on the slide!

Don't Be Another Headline

On-Demand               Learn how to implement data security best practices and view now!

Click on the slide!

Are You Securing Hadoop?

On-Demand               Learn about Securing Hadoop by adopting a Data-Centric Approach.

Click on the slide!

Building a Secure, Compliant Cloud.

On-Demand               Play and now learn the key concepts and best practices to build your…

Frontpage Slideshow (version 2.0.0) - Copyright © 2006-2008 by JoomlaWorks

www.itgrcforum.comHow to Select the Right GRC Solution for Your Organization

Recorded: May 17 | 2012    View

Governance, risk management and compliance (GRC) processes are extensive; they are how an organization is directed and managed to achieve goals, considering risks to achievement, and complying with applicable laws and regulations.

Issues around information have become central to organizational strategies. For example, using a document centric approach is prone to issues; Issues in consolidation and reporting – both errors and time it takes; Issues in accountability in audit trails – to validate that things were not changed to get someone or the organization out of trouble, or paint a rosier picture of the organization; Issues in efficiency as document centric approaches take more resources to manage.

GRC software is needed in organizations and investment in these areas has been increasing, seeing an annual growth of 20 percent* throughout 2011. According to research by Michael Rasmussen (Corporate Integrity), the GRC software space is vast with over 400 GRC software provider that span 28 primary categories (with numerous sub-categories) of GRC related software. Nine of these categories encompass components of an enterprise GRC platform (though no vendor does all nine components), 19 of the categories are focused in specific business functions/processes of GRC.  Of the 400 vendors, it is under 50 that market and present themselves in the enterprise GRC domain.

Implementing a solution can be a lengthy and costly exercise, so it is imperative to choose carefully from the large number of options in the market. The issue is sifting through all the vendors with their offerings to find the one that best fits your organization. Buyers should have a clear understanding of their organizations functionality requirements, and a strategy in place for selecting the right partner. Join this webcast, and learn how to choose the right GRC solution for your organization as our experts discuss:
  • How to understand your organizations functionality needs.
  • Guidance for selecting the right partner including examples of good RFP questions.
  • How to sift through the different solutions and make weighted assessments against solution criteria.
  • Core maintenance and ongoing feeding requirements.




Brandon DunlapBrandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.

Chris McCleanChris McClean contributes to Forrester's offerings for the Security & Risk professional, leading the company's coverage of governance, risk, and compliance (GRC). He is also a thought leader on the related issues of corporate social responsibility (CSR) and sustainability. He is a frequent speaker on these subjects at vendor events as well as conferences run by industry organizations such as the Risk Management Association. He has also been interviewed by top media outlets such as CFO Magazine, Compliance Week, CRO Magazine, and Treasury & Risk Magazine. Chris serves Forrester clients with research on GRC and CSR strategy, organization, best practices, and technologies, and he is a frequent speaker on these subjects at industry and vendor events. Before coming to Forrester, his background was in marketing for security and risk management vendors, representing a broad range of market segments, such as compliance management, vulnerability management, digital forensics, and security information management.

Ben TomhaveBen Tomhave is the Principal Consultant at LockPath. Ben ( MS, CISSP) helps global enterprises, SMBs and service partners unlock the real promise of integrated governance, risk and compliance in his current role as Principal Consultant for LockPath, a market-changing GRC software company. A distinguished author and experienced speaker, he currently serves on the OWASP NoVA chapter board, the Society of Information Risk Analysts board, and as the co-vice-chair of the ABA InfoSec Committee. He is also a member of ISSA and the IEEE Computer Society, and earned a MS in Engineering Management from The George Washington University with an InfoSec Management concentration.

Jean-Marie ZiranoJean-Marie Zirano defines and manages MEGA's product strategy. Jean-Marie started his career as a MIS consultant with Andersen Consulting, working for retail, manufacturing and utilities companies. Jean-Marie then joined CGI (now IBM), Platinum Technology and Computer Associates in product line management positions. At MEGA since 2000, Jean-Marie helped boost the company's international growth. As VP – Business Development, he extended the reach of MEGA worldwide. Appointed VP – Product Management, he strengthened and extended MEGA's solutions from enterprise architecture to enterprise-wide GRC initiatives. In his current VP – Product Strategy role, Jean-Marie works closely with global companies willing to improve operational excellence, to provide them with holistic solutions covering enterprise architecture, risk management, governance and compliance programs.

Related Items

icon Aligning GRC Technology with your GRC Program

icon Enterprise Architecture (EA) as an enabler for GRC

icon Building a Better Vulnerability Profile

icon Leveraging GRC for PCI DSS Compliance

icon Enabling ISO/IEC 31000 Adoption with the LockPath Keylight Platform 




Steve Durbin Steve Durbin Steve Durbin is Vice President of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, Cyber security, BYOD, Big data, Cloud security and Social media across both the corporate and personal environments. He is a regular speaker and chair at global events and is o...
Ed Ferrara Ed Ferrara Ed Ferrara is Principal Analyst for Security and Risk at Forrester Research. He contributes to Forrester's offerings for the Security & Risk Professional, leading the company's coverage of security metrics, security program effectiveness, security awareness, and enterprise security information architecture. Ed's re...
mdiamond Mark Diamond Mark Diamond is the President and CEO, Contoural, Inc. He is one of the industry thought leaders in email archiving, litigation readiness, compliance, data protection and ILM strategies and practices. As CEO of Contoural, his company helps numerous Fortune 500 companies develop and execute email and document reten...

More. . .