2023 IT Examiner School

Understanding GRC Governance, Risk & Compliance

• Governance: Rules processes, and policies that steer an organization and help meet goals. (Set by the Board & Executive Management) • Risk: Day-to-day, technical processes in place to mitigate and monitor risk. • Compliance: Monitoring and audit steps to provide assurance that company is operating at a capacity consistent with standards and regulations.

Common ISP Frameworks

 “Blueprint” for setting a standard of information security requirements which guide the organization on control implementation.  Provide unification and standardization of behaviors and procedures that organization wishes to promote.  Generic enough to be used across various industries  Examples: ISO 27001, NIST CSF, GDPR, etc.